Suspicious driver files

Hello,
I tried to post to Spy's thread on rootkits in another forum, but evidently forgot to his "submit." Hoping this post is in the rigth forum now.
At any rate, I've become interested in rootkits and have installled TaskInfo2003. It's an excellent program. At
http://scheinsicherheit.funpic.de/rootkits.htm
You can see the gui and where to look to see if you have any rootkits in the driver folder. On my machine I found 3 suspicious files:
BANTExt.sys (96 bytes)
dump_atapi.sys (0 bytes)
dump_WMILIB.sys (0 bytes)
Out of all the many driver files shown by TaskInfo, these are the only ones which have no version and no description listed(only exception is proc guard, which is of course trusted). They are also the only 0-byte files(again, with the exception of proc guard). So, I'm not sure about this. Are these files okay, or are they possible rootkits?
Can anyone shed some light on this?
By the way, check out rootkit.com to get an idea how insidious rootkits are!

 

Hi,

Those files cannot possibly be rootkit drivers, the smallest possible rootkit driver file would be around 3k (if it hooks very little)

Keep in mind a rootkit driver could quite easily be called the following, with the file info, description

msidedrv.sys | Microsoft Corporation 2003 | IDE Disk driver

 

Gavin,
Thanks very much. This now raises the obvious question: just how do you detect rootkits? I have full versions of TDS-3 and Proc Guard installed, run TDS full sys scan usually every day(with all boxes ticked). But after browsing a few rootkit/vuln sites, I've come to realise just how malicious these rootkits are. I found something called rootkit hunter, but it doesn't seem to be supported on XP. I also am trying RegdatXP and followed the suggestion of another poster here a few days ago on how to use it. It didn't find anything. Nothing to worry about? Any suggestions?
Thanks.

 

Hi bluekey23

Have you tried Vice yet? Located on the same rootkit website.
Curious to see what it turns up on your machine. I also posted in Spy1's other thread but none responded. And here I thought I was getting on the latest bandwagon , rootkits LOL
surly if all rootkits do is HOOK, there must be software out there that watches all hooks for whtever reason. Maybe even some antikeylogging programs will do some of it. I know of one that is based on the same principals as hackers use in their keylogging programs. Me thinks that any monitoring software would have to be kernel mode and not user?

 

Controler,
Thanks. I just got Vice and will try it. And yes, I'm a little surprised that this topic hasn't generated much interest here(yet anyway). I'm not a hacker, but rather always trying to learn new things about how to protect my machine.