rootkit and nod32

Discussion in 'NOD32 version 2 Forum' started by ashishtx, Oct 19, 2005.

Thread Status:
Not open for further replies.
  1. ashishtx

    ashishtx Registered Member

    Joined:
    Oct 7, 2005
    Posts:
    389
    Location:
    Houston,Texas
    what is nod32 policy for rootkit malware?
     
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I saw in their updates they are detecting a lot of rootkits. :)
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi ashishtx, welcome to Wilders.

    Nod32 does detect rootkits, we have seen a couple detected, here's one

    Cheers :D
     
  4. ashishtx

    ashishtx Registered Member

    Joined:
    Oct 7, 2005
    Posts:
    389
    Location:
    Houston,Texas
    thank you
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    My pleasure.

    Cheers :D
     
  6. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    Hello!

    If your computer is infected with rootkits and this rootkits are hidden from Windows API, NOD32 will not detect this rootkits, even if rootkit is detected with signatures. Rootkits can hide processes, files (backdoors,...) & folders, registry keys & values, services, TCP/UDP Sockets, Systray Icons...


    Only AV that detects rootkits is KAV 2006 (beta).

    You can use on demand scanners like F-Secure Blacklight (Beta) or RootkitRevealer (free).

    Regards,

    izi
     
  7. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    A safe mode scan should detect them I think. They would not be loaded. Also NOD should pick them up before they arae installed. Most AV's will have difficulty with installed root kits, but NOD and KAV handle them the best as far as I know apart from dedicated root kit scanners as you mentioned.
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The drive was slaved of a clean system with a fully up-to-date Nod32.

    Cheers :D
     
  9. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    No, NOD32 will not detect rootkits even in safe mode if rootkit is hidden from Windows API.

    If rootkits is detected with signatures or AH. You can find on web a lot samples (rootkits) that NOD32 doesn't detect. You can buy undetected rootkits on web.
     
    Last edited: Oct 22, 2005
  10. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    Rootkits was obviously not hidden from Windows API. Lucky you. :p
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    More like, lucky my client ;) :D

    Cheers :D
     
  12. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    165
    As far as I know, thats the only time you can catch a rootkit with AV(antivirus) if its the kind that goes stealth after it successfully installs. Some of the posts here give me the impression that they can be detected by antivirus software once they've hidden themselves. Correct me if I'm wrong, but once they manage to successfully hide, they can't be detect by AV. Thats where something like Rootkit Revealer, Black Light or UnHackMe is used.
     
    Last edited: Oct 23, 2005
  13. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    Yes you are wrong. KAV 6.0 (still beta) detect hidden rootkits. Look here: http://www.viruslist.com/en/analysis?pubid=168740859.
     
  14. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    165

    I'm sure the guys putting rootkits together will figure out a way to not be detected again... in time.
     
  15. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Fsecure 2006 includes backlight so should detect some
     
Thread Status:
Not open for further replies.