Trend Micro Rootkit Buster 2.2.1014 beta

Trend Micro Rootkit Buster 2.2.1014 beta (April 10, 2008.)

http://www.trendmicro.com/download/rbuster.asp

From readme.txt

 

Thx for the heads-up!

 

I ran :
Trend Micro RootkitBuster
Module version: 2.2.0.1014
----------------------------------------------------
--== Dump Hidden MBR and Hidden File on C:\ ==--
No hidden files found.
--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.
--== Dump Hidden Process ==--
No hidden processes found.
--== Dump Hidden Driver ==--
No hidden drivers found.

So I'm also immune for invisible rootkits.
I really wonder how they hide themselves.

Are they still invisible with these folder options :
1. "Show hidden files and folders is MARKED and
2. "Hide protected operating system files" is UNMARKED

 

Immune? Hope so, but I wouldn't count on it.

If it's a type of rootkit that hides in the ADS, then most certainly they are. (And it would seem a lot of the newer rootkits use this MO.)
Whether files are hidden or not in "folder options" will not make any difference to the visibility of them.
The detectors find them (if we're lucky) by enumerating the values of high level then low level scans. (Don't ask me exactly what this means.) I gather that the rootkit will cloak itself from one type of scan but not the other. By themselves, the scans are meaningless; when the results are compared, a discrepancy can be observed (if we're lucky) that may point to the presence of a rootkit.
Some more reading, Panda.

 

Tarq,
Thanks for the info.
Will restoring a clean image remove all rootkits in the system partition ?

 

Sorry Erik, no idea.
One would think so...

 

Hey, Vista compatible! right on....

many of the anti-rootkit programs by the major vendors were non-vista for quite a while...