Rootkit and DLL Unloader

Discussion in 'other software & services' started by markymoo, Jun 17, 2008.

Thread Status:
Not open for further replies.
  1. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    Rootkit Unhookers and DLL Unloaders

    This is a useful program i found so far though not new. I needed to look at running processes and see all the dll's loaded with each process. It can be used to look for and remove rootkit,suspicious,spam dll or junk dll's that is still left after a uninstall. There is programs already such as Process Explorer, Unlocker, Online Armor but they dont list the programs,dll's in a list like this one does to see at a glance. Alot of dll's can attach to explorer.exe which aren''t all needed. Any dll's names you not sure about you can type into Google and find out more. If you know of any other programs that display the dll's in a list that can be unloaded then mention them here too.

    I have hosted this clean file so not to be tampered with as the original link is an infamous rootkit site and there is another version that is not clean.

    http://artco.adsl24.co.uk/markymoo/rku.rar

    Other good program

    SEEM ( System Eyes & Ears Monitoring )
    http://66.196.80.202/babelfish/tran....about.free.fr/index.php&fr=avbbf-uk&.intl=uk
     
    Last edited: Jun 18, 2008
  2. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Re: Rootkit Unhookers and DLL Unloaders

    Is there a DownLoad Lonk to the latest Seem? I looked but so far nothing.

    EASTER

    Thanks
     
  3. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    The download links seem to be lost in the English translation but you can get english versions of Seem here, try the 4.5 it's in english too.

    http://seem.about.free.fr/?004/Telechargement

    To unload a dll in Seem you have to click Processes, click on the relevent file and right click and select module and see the dlls which you can unload.

    There are quite a number of rootkit scanners that find the rootkit and unhook the dll but don't view, unload all dll's, one that does is IceSword. http://pjf.blogcn.com/index.shtml

    Edit: I wrongly mentioned GMER before when it doesn't do, so scrap that.

    Here is a great program i discovered AVZ Antiviral Toolkit and powered by Kaspersky that unloads dll's as one of it's many features and deserves more attention and a thread of it's own. https://www.wilderssecurity.com/showthread.php?t=212607
     
    Last edited: Jun 18, 2008
  4. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
  5. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    Meriadoc

    Thanks very much great list and great thread and Seem seem's :D to be on that list. Not visited there in long time.

    The other version of Rootkit Unloader comes with 2 rootkits apparently that's why i didn't mention rootkit.com or that thread as didn't want to associate to get the wrong version or with rootkit.com for that matter, it can be altered and any new dl's be infected hence the hosting. The file is tiny no probs.

    Rootkit's Unloader has been very useful. Typical AV can not remove the spyware and needs a reboot, by taking note of the file infection dll which is typically hooked under explorer.exe it can be easily found and unloaded with Rootkit's Unloader, no multiple menus to go through and no reboot is necessary and the dll can be deleted from the Windows folder. A good AV worth it salt should be able to delete without reboot.
     
    Last edited: Jun 23, 2008
Thread Status:
Not open for further replies.