Rootkit Revealer question, starting random processes?

Discussion in 'other software & services' started by Matt_Smi, May 9, 2005.

Thread Status:
Not open for further replies.
  1. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    I downloaded rootkit revealer 1.4 and I noticed something weird and I am not sure if it is normal or not. I noticed that whenever you open the program one random additional process is started along with the rootkitrevealer.exe, for example RA.exe or GJUCU.exe, the process goes away as soon as the program is closed. I hope this is normal, had anyone else noticed this?
     
  2. dog

    dog Guest

    Hi Matt, ;)

    Yes this is normal. ;) It's a self-protection feature because if RootkitRevealer used the same process every time it ran, Rootkits could easily target it and stop the process, so it creates random process names to do the scan and prevent detection by any running Rootkit ... CWShredder does a similar thing, if a CWS variant tries to interfere, it will ask you to restart CWShredder and will use a random process name on it's next startup to prevent detection. ;)

    HTH,

    Steve
     
  3. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi Steve,

    Just a quick correction: a rootkit like Hacker Defender will not terminate a rootkit scanner. It actually gives the scanner "permission" to see hidden processes/files/directories. Hence, the scan results show that nothing is hidden.

    Nick
     
  4. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    Thanks for the explanation dog, makes sense and I figured it was for a reason like that.

    This is pretty scary, a rootkit that pretty much cannot be detected, to my understanding there are only a few that are currently of this variety, but I really need to get process guard so they will be blocked from installing in the first place.
     
  5. dog

    dog Guest

    Quite Right - Thanks Kindly for the Correction Nick. ;)
     
  6. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    I just did a scan a little while ago; I was kind of scared because I have heard of people getting lots of odd results that may or may not be bad and that if I got results like those I would not to be able to analyze them. But I got “no discrepancies found” which makes me feel good, but then again with the rootkits that are out today you never know.
     
  7. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    is rookit revealer a must have like a firewall, antivirus, antispyware and antitrojan is a must haveo_O

    and if its a yes can u give me a link to the program pls. :)
     
  8. anti-spy

    anti-spy Guest

    Yes it is essential if you don't want to be taken advantage of those unscrupulous people who use would use such garbageware like rootkits to take advantage of others.

    Here's where you can download RootkitRevealer http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml and I wouldn't download it from anywhere other than the Sysinternals website.
     
Loading...
Thread Status:
Not open for further replies.