Rootkit Unhooker

Discussion in 'other anti-malware software' started by Z0mBiE, Dec 11, 2006.

Thread Status:
Not open for further replies.
  1. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    @fcukdat

    What a surprise!

    From our sources we discovered that wincom32.sys is the predecessor of Rustock.A series. Unfortunatelly we have removed it from the our zoo, because we have found nothing interesting at first look. Now everything is changing, can you help us again and give a copy of wincom32 dropper of driver itself?

    Thank you very much.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    125,612
    Location:
    Texas
    Please take personal message posts to email. Thanks.
     
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    fcukdat :
    I couldn't agree more, RkU assists me in exposing what is hidden and is unrivalled in ARKs, thanks team RkU.

    EP_X0FF :
    Excellent, look forward to the release.
     
  4. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    Mni41.sys is the PE386 rootkit, based on Rustock.B, we can said that because it contains tcp/ip stack machine unique to all rustocks and packer similar to Rustock.B but more weak. So we have another variant of rustock. But we can't call it C, because it is very weak in self-defense abilities. So we can guess that this is simple prototype of B variant. Also very interesting that it is trying to remove competitors - ntio256.sys and runtime2.sys
     
  5. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,511
    I just ran the latest version of RKUnhooker and noticed an entry in the SSDT table that I'm not sure what to make of. The entry indicates an unknown module, but it does not tell me what or where this module is. Anything to be worried about?

    Thanks, Al
     

    Attached Files:

    • RKU.JPG
      RKU.JPG
      File size:
      173.2 KB
      Views:
      17
    Last edited: Aug 31, 2007
  6. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    Many security software installed.

    This is one of their hooks.
     
  7. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Nice Screens fcuk post more.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    I have a problem with RootKitUnhooker

    Every time I launch RKU, I get this message and after that it seems to load OK. I am just wondering why I get this message. Using version 3.7.300.506 build date 29.08.2007.
     

    Attached Files:

  9. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Hi aigle, maybe a previous version...did you uninstall and reboot.
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    yes before installing this version, I uninstalled older version and rebooted.
     
  11. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Just when I wanted to download the latest RkU for a tools CD, I found this:
    RkU Home
    LOL o_O :rolleyes:
    Does anyone have a link to the latest RkU?
     
    Last edited: Sep 23, 2007
  12. ejvindh

    ejvindh Registered Member

    Joined:
    May 18, 2005
    Posts:
    3
  13. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Delete all rkhdrv in driver directory and in services\ (registry).

    LoL, the revenge of kaspersky, looooooooooooooooool, :D :D :D :D :D :D :D :D
    So they seem to have humor.

    Damn, I would really know which are these foes of evil fantasy aka EP and RkU Crew.
    Probably this is really kaspersky or supporter of kaspersky, now the proclaimed war of EP was fought against him and his company.
     
  14. Nubiatech

    Nubiatech Registered Member

    Joined:
    Aug 19, 2007
    Posts:
    50
    Location:
    IL, USA
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.