rootkit detection

Discussion in 'other anti-malware software' started by majorpain, Oct 13, 2016.

  1. majorpain

    majorpain Registered Member

    Joined:
    Jul 22, 2016
    Posts:
    40
    Location:
    tennessee
    are there any quote unquote best rootkit scanners anymore or are all the good ones all intergrated? what would be a goot kit to use to detect possably hardware specific rootkits or rootkits
     
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,552
    Location:
    New York City
  3. plat1098

    plat1098 Guest

    Last edited by a moderator: Oct 13, 2016
  4. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    here is a way to check your Rootkit for UEFI Firmware from Intel.

    http://www.intelsecurity.com/advanced-threat-research/ht_uefi_rootkit.html_7142015.html

    also Kaspersky and a bunch of other security companies make software rootkit scanners.

    If I remember right there has been a bunch POC's on hardware rootkits including network card, router software ect. From the past many tin=mes there is a POC, it becomes a reality at some point later.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
  6. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,970
    Anti-rootkit:
    Best Free Rootkit Scanner and Remover
    How to Remove a Rootkit from a Windows System
    Kaspersky TDSSKiller
    GMER
    GMER MBR rootkit detector
    aswMBR
    Malwarebytes Anti-Rootkit
    Sophos Anti-Rootkit
    VBA32 AntiRootkit
    Kernel Detective
    SpyDllRemover
    Trend Micro RootkitBuster
    Bitdefender Rootkit Remover
    SanityCheck
    McAfee Rootkit Remover
    RootRepeal
    Rootkit Unhooker
    NoVirusThanks Ring3 API Hook Scanner
    catchme
    Oshi Unhooker
    ESET Hidden File System Reader
    AntiSpy
    Getting rid of MBR Rootkit's (bootkit)
    NoVirusThanks Anti-Rootkit
    wincheck
    Packed Driver Detector
    ListParts
    PC Hunter
    PowerTool
    List of Anti-Rootkits
    15 AntiRootkits to Detect and Remove Malware that Uses Rootkit Technology
    13 top best free rootkit removal (anti-rootkit) programs

    http://www.techsupportalert.com/content/free-windows-desktop-software-security-list-scanners.htm
    ------------
    Best Free Rootkit Scanner and Remover
    http://www.techsupportalert.com/best-free-rootkit-scanner-remover.htm
     
  7. plat1098

    plat1098 Guest

    I found anon's post very helpful. I'm afraid rootkits may be coming back in "style,"
     
  8. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    "detect possably hardware specific rootkits"

    I guess I misunderstood what you were looking for. I thought you meant a rootkit or malware that can infect a video card, bios, network card ect.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    No not really. On Windows 64 bit, rootkits are not that advanced anymore because they can't modify the OS kernel. And on top of that, drivers need to be signed before Windows will allow them to load. This doesn't mean that rootkit drivers are not dangerous at all, they can still manipulate the system on Win 64 bit. That's why it's best to only load drivers from tools that are 100% trusted.
     
  10. plat1098

    plat1098 Guest

    Rasheed187: " found this article, I'm not sure what to think:"

    http://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/

    I read this article which you yourself posted. Don't you think its contents sort of justify the concern here? I have the Management Engine:cautious: and it's benign now but can it be subverted? Maybe it'll be time to make a decision
    soon. Food for thought, right?

    Edit: Theoretically, it looks like ME could be turned into a kind of driver-less rootkit. What do you think?
     
    Last edited by a moderator: Oct 15, 2016
  11. guest

    guest Guest

    additionally on Win10 the kernel-driver has to be cross-signed from Microsoft (if Secure Boot is enabled). Another hurdle.
     
  12. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,342
    Location:
    Europe, UE citizen
    So better uninstall intel-management-engine ? Anyway I never was sure that it is effective and an advantage to keep it.
     
  13. plat1098

    plat1098 Guest

    I set up a poll in this forum. I just don't know.
     
  14. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    if you go to the web site of the author of that article on ME jackwallen.com it redirects you to http://monkeypantz.net/.

    I wonder how many business's actually know about AMT and ME.

    in the beginning of the article it think he says it can't be disabled
    then further down he shows how to disable AMT and ME.
    have any of you gone into the BIOS and disabled it?
     
  15. plat1098

    plat1098 Guest

    Monkey who? Wow, maybe just ditch this whole Intel thing. The thing is, many business machines have a variety of Intel software, I think It has that "I am necessary because I'm Intel" cache.

    No, personally I haven't gone into the BIOS. This is another obstacle: safely getting rid of something that interfaces directly with the innards of your computer.
     
  16. guest

    guest Guest

    Even if it's disabled in the BIOS, it cannot be disabled according to the article (and AMT is able to remotely control your PC):
    But Intel said there is no backdoor, so we can sleep well ;)
     
  17. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    it seems AMT is for small-medium and enterprise users. also said the computer can be configured at the OEM. so I would then have to ask the question, do OEM"s like Dell preconfigure all computers for ATM use or even resellers like Best Buy?


    looks like the method they use to create a signed cert for each machine is secure.
     
    Last edited: Oct 16, 2016
  18. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
  19. plat1098

    plat1098 Guest

    http://blog.ensilo.com/intrusive-applications-6-security-to-watch-out-for-in-hooking

    So, nothing is "sacred." If Intel wasn't so messy with its uninstall... Besides, this is such a massive industry, any potential whistle blower would be a target of violence and retribution. So, these matters are assiduously suppressed. It's all about the cash. Same as for the malware people.

    Thanks, Fabian Wosar, for above link.
     
  20. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    plat1098

    and I wonder how many have been patched since July or even if they care. glad I don't use any of those security products.

    but of course they are selling something too.

    https://www.ensilo.com/
     
  21. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I went ensilo.com. Looking at the some of the statements they make such as:
    and
    It seems that they are overstating the possibility of getting infected in order to get customers. I may be wrong, but I highly doubt there are "more than 250,000 known uniqe kinds of ransomware."
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I was talking about software based rootkits, not about hardware-rootkits which is another subject. On Windows 32 bit, the kernel based rootkits were a much bigger problem, because they could modify key parts of the Windows OS. This is not possible anymore on Windows 64 because of PatchGuard.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.