Rootkit Unhooker

Discussion in 'other anti-malware software' started by Z0mBiE, Dec 11, 2006.

Thread Status:
Not open for further replies.
  1. Z0mBiE

    Z0mBiE Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    21
    Hi everyone.

    As you see from thread title RkU has been updated again. I have tried it specially with SSM it the same time and can say - they are fully compatible (except annoying message about "detected parasite").

    My hobby - rootkits. I collecting them for many years. And I want to say that RkUnhooker is only one antirootkit program that was able to successfully identify and help to remove ALL of them.

    Download it from here http://rku.xell.ru ;)
     
    Last edited: Dec 11, 2006
  2. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Re: RkUnhooker RC3 released

    once I tested ssm and I got the parasite results too, I will check the new version. Rootkit hunting is a very time consuming hobby ;-) The best thing in Rku3.x is the option of remove all hooks that´s a big advantage to gmer.

    Beside PrevX does the same it parasites Rku too.
     
  3. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Re: RkUnhooker RC3 released

    You will still get the parasite warning with SSM, but no need to uninstall. Working fine.
     
  4. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
  5. Z0mBiE

    Z0mBiE Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    21
    Re: RkUnhooker RC3 released

    Probably that was after Hidden processes scan. It is RkU service.
     
  6. MP_ART

    MP_ART Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    25
    Location:
    Krsk
    Re: RkUnhooker RC3 released

    This is normal RkU behavior. However, we will work around this, to prevent false alarms
     
  7. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Re: RkUnhooker RC3 released

    Good hint, I think so. Winpooch like to panic.
     
  8. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Re: RkUnhooker RC3 released

    !!Detected Execution On Virtual Machine!!

    RkU show this message, any reason why. RkU allowed on vm?

    Edit : RkU Terminates on CHDetector Tab
     
  9. SirMalware

    SirMalware Registered Member

    Joined:
    Jun 6, 2006
    Posts:
    133
    Re: What program do you all consider to be the best anti-rootkit?

    RC3 will not run inside VMware. :(
     
  10. controler

    controler Guest

    Re: RkUnhooker RC3 released

    By Design.
     
  11. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    Re: RkUnhooker RC3 released

    I'm seeying this virtual machine alerts on a normal xp machine ...
    Guess it's either a bug or a very bad news for me ;)
    However i somehow prefer to thing it's a bug.
     
  12. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Re: RkUnhooker RC3 released

    No Problem.

    The Gmer protection has damnly enhanced..
     
  13. MP_ART

    MP_ART Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    25
    Location:
    Krsk
    Re: RkUnhooker RC3 released

    RkU allowed on VM. It is only information message.

    Please put your screenshots with error msg box here.
     
  14. MP_ART

    MP_ART Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    25
    Location:
    Krsk
    Re: RkUnhooker RC3 released

    Show your machine/software configuration pls
     
  15. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Re: RkUnhooker RC3 released

    Ah, is allowed then, :)

    Mmm, nothing showing MP_ART, I first thought you did not allow VM but everything works until CHDetector is pressed then RkU just quitso_O
    Will have another look:)
     
  16. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    Re: RkUnhooker RC3 released

    Hi, Meriadoc.

    Probably it is a bug. Rootkit Unhooker is allowed to be runned on any type of software virtual machines. Currently detection of VM is trivial it can give you false positive if total performance of your computer is affected and slow.
     
    Last edited: Dec 13, 2006
  17. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    Re: RkUnhooker RC3 released

    Yes. But that is for keeping total level of system stability. Running two such different tools in the same time can lead to instability and blue screens. It is only a question - why run them together? Do scan with GMER, close it, do scan with RKU, close it. I see no problem here :shifty:
     
  18. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Re: RkUnhooker RC3 released

    Hi EP_XOFF I downloaded RKU and tried to run a scan and when it saw that gmer was in the system it shut down. I don't understand your last post. It seems you are saying it will run.
     
  19. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    Re: RkUnhooker RC3 released

    To run RKU you need remove GMER driver from memory. Closing application is not enough - that was my fault in previous post. To unload GMER driver you can use cmd command net stop gmer. Or simple reboot.
     
  20. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Re: RkUnhooker RC3 released

    I tried net stop gmer but I had to go into Windows System 32 Drivers and delete gmer.sys driver. I am impressed with RKU. Don't get me wrong. I don't know which is better but I like RKU a lot better.
     
  21. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Re: RkUnhooker RC3 released

    This is not enough, even if you delete all components, rku registers the gmer trace in memory.. at least in my case, i renamed the whole gmer stuff and nearly moved any object (registry, file...), but the gmer trace still remained.

    Rku has still problems to remove adstreams, sometimes the vista metafiles still remain and some strange $treams too.

    What the H3ll is that? Occured during Rk3U Scan:

    http://i10.tinypic.com/29uwtq0.png
     
    Last edited: Dec 13, 2006
  22. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Re: RkUnhooker RC3 released

    What was that screen shot from?
     
  23. MP_ART

    MP_ART Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    25
    Location:
    Krsk
    Re: RkUnhooker RC3 released

    Did you tried chkdsk before? Maybe, it is a simple filesystem errors.
     
  24. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Re: RkUnhooker RC3 released

    Screen is from filemon, yes maybe it´s a file system error, I will try chkdsk.
     
  25. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    Re: RkUnhooker RC3 released

    Very likely that this is FS error. With RootkitRevealer the same results?
     
Loading...
Similar Threads
  1. majorpain
    Replies:
    21
    Views:
    1,471
Thread Status:
Not open for further replies.