Trend Micro Rootkit Buster 2.2.1014 beta

Discussion in 'other anti-malware software' started by Chubb, Apr 30, 2008.

Thread Status:
Not open for further replies.
  1. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    Trend Micro Rootkit Buster 2.2.1014 beta (April 10, 2008.)

    http://www.trendmicro.com/download/rbuster.asp

    From readme.txt

     
  2. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Thx for the heads-up!
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I ran :
    Trend Micro RootkitBuster
    Module version: 2.2.0.1014
    ----------------------------------------------------
    --== Dump Hidden MBR and Hidden File on C:\ ==--
    No hidden files found.
    --== Dump Hidden Registry Value on HKLM ==--
    No hidden registry entries found.
    --== Dump Hidden Process ==--
    No hidden processes found.
    --== Dump Hidden Driver ==--
    No hidden drivers found.

    So I'm also immune for invisible rootkits. :)
    I really wonder how they hide themselves.

    Are they still invisible with these folder options :
    1. "Show hidden files and folders is MARKED and
    2. "Hide protected operating system files" is UNMARKED
     
    Last edited: May 1, 2008
  4. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Immune? Hope so, but I wouldn't count on it.
    If it's a type of rootkit that hides in the ADS, then most certainly they are. (And it would seem a lot of the newer rootkits use this MO.)
    Whether files are hidden or not in "folder options" will not make any difference to the visibility of them.
    The detectors find them (if we're lucky) by enumerating the values of high level then low level scans. (Don't ask me exactly what this means.) I gather that the rootkit will cloak itself from one type of scan but not the other. By themselves, the scans are meaningless; when the results are compared, a discrepancy can be observed (if we're lucky) that may point to the presence of a rootkit.
    Some more reading, Panda.
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Tarq,
    Thanks for the info.
    Will restoring a clean image remove all rootkits in the system partition ?
     
  6. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Sorry Erik, no idea.
    One would think so...
     
  7. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA
    Hey, Vista compatible! right on....

    many of the anti-rootkit programs by the major vendors were non-vista for quite a while...
     
Loading...
Thread Status:
Not open for further replies.