Rootkit Unhooker

Discussion in 'other anti-malware software' started by Z0mBiE, Dec 11, 2006.

Thread Status:
Not open for further replies.
  1. EASTER.2010

    EASTER.2010 Guest

    Re: RkUnhooker RC3 released

    Programs on the order and sophistication as RKUnhooker DESERVE some monetary compensation IMO courtesy the authors. If you examine ALL others including past/current commercial ones, the difference is obvious and formidable so far as i am concerned.

    Piecing together this type of detection/kitcode removal formula then implimenting it to be effective cannot be an easy task by any stretch, especially when you are not affiliated with a big CO. chocked full of resources to back up your efforts.

    A lot of thought and effort is gone into this as many others but this one carries a special note of generosity IMO. They did not have to release it free so far as they have given what it''s highly capable of without taxing a system or worse. Big hats off and more power to RKUnhooker now and then some. :thumb:
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Re: RkUnhooker RC3 released

    Agreed ;)
    But I can´t see the market for a payware antirootkit :blink: I think that people will put their money on AS/sandboxes/HIPS before an antirootkit :blink:
     
  3. TECHWG

    TECHWG Guest

    Re: RkUnhooker RC3 released

    I would just like to add that any GOOD hips software programmer can knock up a replica of Rk unhooker within a period of maybe 2 weeks. i dont feel its worth paying for as the other person said when we have HIPS and can see something trying to get in. If enough people asked the developer of ProSecurity to impliment some type of protection of this nature, i bet he would be able to do it when he had the time set for it. People who program HIPS know all about these thigns but just dont because its more work taking their attention away from fixing bugs and implimendingt other features.

    With the RK un hooker, an unseasoned computer user may unhook something important that a security program has hooked for example. I love the features of RK un hooker but i would not pay for it though.
     
  4. EASTER.2010

    EASTER.2010 Guest

    Re: RkUnhooker RC3 released

    Well no one will get an argument from me when it comes to sandboxing, ShadowSurfer especially winning my own confidence. I have throwed most everything at it with a vengence only to be able to completely dump the session as though it never existed. Only possibility of penetrating it is if someone specifically spent enough time to knock out the program or one of it;s chief dependencies.

    On RKUnhooker, one need to really look at the "quick" advantages of what it's capabilities really are that are unique. It saves a user enormous down-time just in the CODE HOOKS RESTORE column alone, not to mention it's "wipe" ability to eliminate the offending files/code that are designed to persist or morph leaving a user to run after it all around the pc system circuit, that is AFTER it is located at all.

    I will again lean in favor in the direction that these type utilities are useful and in the case of RKUnhooker, quite engenious and formidable. The author is well within his hopeful expectation to receive a little something from such time & efforts for devising a detector on this order given what is able to easily circumvent most AV's & Bot Detectors circulating lately.

    I hardly believe the author/developer(s) are expecting some great windfall but be realistic please, a little compensation is a worthy encouragement to keep developers like these strongly interested in pleasing the public when it comes to complete pc safety, of that i can find no question to their motive except to showcase a talent much needed given what it is and yet to come with malware's fierceness to overtake anything & everything designed to hold them at bay.

    Any additional thoughts to this? Thanks
     
  5. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Re: RkUnhooker RC3 released

    That is probably false. The work is related but not quite the same. You are falling into the trap of assuming that because one has competence in one area of computers it translates to a different area.

    But then again, I suppose it goes both ways, those people who spend time researching rootkits and ways to defeat it, probably won't be able to code
    a stable HIPS assuming they wanted to.

    But I would bet that some who is good at writing anti-rootkits would probably have a better chance to create a good secure HIPS, rather than the other way around.
     
  6. TECHWG

    TECHWG Guest

    Re: RkUnhooker RC3 released

    I think that people who make HIPS software need to know all about the kernel and hooking things in order to make it work. I personally know a developer who said to me that the functionality of Helios was easy to impliment, and what is rkunhooker? Its basically a better version and stable version of helios that works. So i do believe a "good" HIPS programmer can add this feature if they dedicate a couple weeks to it. This, naturally is my opinion, as i am not a programmer . . I gave up on programming with Qbasic back with windows 3.1 - apart from html
     
  7. MP_ART

    MP_ART Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    25
    Location:
    Krsk
    Re: RkUnhooker RC3 released

    Please, leave all of your HIPS. It is full offtopic.
    Rku is NOT related to helios in any piece of code. Functionality and stability of Rku is incomparable better.
     
  8. Z0mBiE

    Z0mBiE Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    21
    Re: RkUnhooker RC3 released

    @TECHWG

    Good HIPS programmers from SSM still can't solve their love to BSOD's and malware like behaviour. It is always easy to say that something is very easy to create, but when they trying to do that - they creating something like Helios. Helios and RkUnhooker are incomparable. What can Helios? Scream about 512 Mb or RAM? It is really needed to antirootkit? What else it can? Nothing. Absolutely useless program. Your programmer probably not knows about things that he speaking. If it will be so easy then we will have today hundred antirootkits programs. Good antirootkit programs, not like Helios.

    I do not believe that HIPS programmers can create something like this. Remember - installing hooks on everything and detecting rootkits absolutely different things. I believe that they can create something like Helios. Just with hooks on SSDT. HIPS programmers really loves this table, because that is only one thing that they can do - hook SSDT entries. As for me (I'm network administrator) HIPS are totally useless stuff.
     
    Last edited: Dec 24, 2006
  9. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    Re: RkUnhooker RC3 released

    They can't. Even big AV companies can't create something really interesting and workable. Only ctrl+c and ctrl+v of old ideas posted on public technical forums. Even High skilled programmer can't create good antirootkit in two weeks, it is impossible or he/she - zombie =) So, such words for me - nonsense.
     
  10. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Re: RkUnhooker RC3 released

    Yes, that is why it is related. But one presumes that the system is already clean when the HIPS is installed, while another needs to defeat an existing rootkit. Quite different.

    Let's not be coy, I think we all know who you are talking about. I can believe that of Helios since it is much closer to HIPS.
     
  11. TECHWG

    TECHWG Guest

    Re: RkUnhooker RC3 released

    Ok lol . I have to stop reading this thread because you two russains are causing me to laugh insessantly. Ok so big companies cant make something workable and highly skilled programmer cant make something in 2 weeks thats similar to rkunhooker Ok yea sure ok yup :D
    anyway i will now switch topic because i have better things to be doing other than sitting here and talking at 2 bank walls.

    EDIT i never saw your post as we posted 1 minute from each other,

    But i never said that rk un Hooker was the same code as helios did i ? i said that its a version of it. meaning different but same job . Can you creators understand me ?
     
  12. TECHWG

    TECHWG Guest

    Re: RkUnhooker RC3 released

    I know three programmers. onw programms in c++ one in c and one in asm. coy? i simply said i know a developer who told me its not that hard to make something like that. I suggested this also to the developer of PS a while ago after seeing helios but i dont know if he will make it or not since its not a high priority for PS at this time.
     
  13. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Re: RkUnhooker RC3 released

    Right. HIPS doesn't seem to be a big deal, it seems every programmer out there is writing one these days. Everyone seems to be using the same ideas from the same sources. That is not to say it is easy to right a stable, solid one of course.

    I think *some* of them (the really good ones) could possibly create a good anti-rootkit, but not without a lot of work. I don't think our rootkit unhooker friends are the only 'geniuses' out there as they seem to want us to believe, but I would accept that because they are focused on only one specific area, their expertise in that area would probably exceed others in another different but somewhat related area.
     
  14. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Re: RkUnhooker RC3 released


    As funny as believing that prosecurity created by one man is better than anything the big companies are creating? :D
     
  15. TECHWG

    TECHWG Guest

    Re: RkUnhooker RC3 released

    I never said ProSecurity was better than things by big companies. I tell you i like Prosecurity and i would choose it because i know the developer and i trust him and he wants to make it the best possible. he spends time in doing so. Most small programmers have jobs but Jie quit his job to work on PS to make a contribution to the security of other people. I aplaud that and support him 100% If norton want to make a HIPS then fine but i wont use it. But this topic is about RK un Hooker lets try and keep it on topic if we can.
     
  16. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Re: RkUnhooker RC3 released

    Wow, you know *three* , lol.... Who are the other two? :D

    Did I guess right?
     
  17. TECHWG

    TECHWG Guest

    Re: RkUnhooker RC3 released

    a) i dont need to give you my address book for anything
    b) We should be keeping on topic mostly
    c) No you were not right, however i have AS I SAID spoken to him about maybe adding such feature after i saw helios, but now its not important i believe as the developer is bolstering ProSecurity and adding more features that go with HIPS. antiroot kit is specific and is aditional and as such is not a primary concern.

    Hope i covered your question
     
  18. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: RkUnhooker RC3 released

    I'm positive it can be achieved and if not We can trim the RkUnhooker RC3 released tree of all unwanted off-topic ornaments :ninja:

    Edit
    The tree trimming has started and one ornament was removed.

    The discussion is "RkUnhooker RC3 released"....nothing more, nothing less.

    Thanks
     
    Last edited: Dec 24, 2006
  19. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    Re: RkUnhooker RC3 released

    I see some kind of irony here. If it is so easy - go forward. So best answer from you will be bring your high skilled programmer here where I can examine him. Or I'm not so skilled for this? I don't think so.

    You miss the point. Only one unites Helios and RkUnhooker - they are antirootkits. That is all. Anything else is absolutely different and I can't do comparison.

    Of course no, lol, just show me other antirootkit that can be compared with our. GMER? This make me laugh. For GMER should be released additional special program that will analyse everything from giant GMER log. What else? Trend Micro Antirootkit? The simple testing with malware and test rootkits shows that it is not better than for example Sophos ARK and Sophos ARK is not better than Avira ARK, I can continue this list to BlackLight.

    -----
    We have come here not to make you all believe in our "geniously". We do not need this. The best way is simple test our program and all others mainstream rootkit detectors (from BitDefender, AVG, TrendMicro, F-Secure) with rootkits. Who will detect more and can remove more? Not they are. We are. Any further discussions about this - wasting time on LOLs.

    And I see a GIANT offtopic about HIPS and they beauty located in this thread. Lets make some thing pretty clear.

    HIPS - prevention systems. They are installing on clean computers and preventing (if they can =) ) malware attacks. Preventors.

    Antirootkits - real-time detection systems designed to detect active rootkits in the running system. Detectors.

    I see no links between these two categories. Well, maybe only one - they all win-programs. So any kind of HIPS discussions here - full offtopic.

    In technical implementation they are absolutely different. And it is very funny for me to hear that HIPS programmer can create antirootkit in few weeks. It is nonsense. There are big difference between hooking SSDT/monitoring and in reversing windows core and components. Words about geniuses HIPS coders really irritates me. Bring him here and I will look how he experienced in such things.
     
  20. TECHWG

    TECHWG Guest

    Re: RkUnhooker RC3 released

    Do you not read? I dont have to prove anything to you. Get over it and talk about your best product in the world and leave past comments alone. THANKYOU

    there is another thread that is showing a possible false alarm. Go and do some thing HERE
     
  21. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Re: RkUnhooker RC3 released

    No false alarm there,just an accurate report of an inline hook and *suspected rootkit activity* combined with endusers lack of knowledge of how this tool reports data.

    Do you not have a level of knowledge inorder to differentiate between a falsepositive and a positive detection also ?

    (ref screeenshot)This earliar post from Unhackme topic might assist your learning curve if you did'nt see it:)

    https://www.wilderssecurity.com/showpost.php?p=907906&postcount=20
     

    Attached Files:

    • rku.jpg
      rku.jpg
      File size:
      12.5 KB
      Views:
      627
  22. TECHWG

    TECHWG Guest

    Re: RkUnhooker RC3 released

    yes true, but also maybe (rare) once in a million times you may catch a perfect freeware product doing things it should not be doing
     
  23. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Re: RkUnhooker RC3 released

    Hello,
    Techwg, I think you're mixing some things.

    Good coding is not about the language used in writing it.
    It's about a fair share of mathematics - so your algorithms work well.
    It's about making it work with other components that's the tricky part.
    I think I could write a rootkit detector, but with my knowledge of relevant issues, it would be a crappy product. One of the reasons why, in this context, "Russian" programmers are good - and I'm working with many - is their very high level of mathematics. Good programming = good math.

    Anyone can make a program that runs within 512MB of RAM and has 40,000 lines of code. The beauty is to make a program that has 200 lines of code and runs on 64K of RAM. Simplicity is the key.

    Mrk
     
  24. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    Re: RkUnhooker RC3 released

    It is impossible to filter all firewalls/antiviruses/antispywares and others anti stuff. So it is not a false alarm. It is INLINE hook in kernel mode. That is all.

    BTW nice PM. Get it back =)
     
  25. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: RkUnhooker RC3 released

    SystemJunkie - so we don't take this thread further off-topic concerning RkUnhooker RC3, I've moved your GMER log results post and others into the other anti-malware software forum, along with re-titling it. You can find your new thread here: GMER log results
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.