Discussion in 'malware problems & news' started by enthios, Sep 22, 2008.
Now why do you say that?
AxBan is an ActiveX killbit program by Errata Security. Apart from a XML page (control list) download at start up, what else do you think is happening?
Rootkit Unhooker is an anti rootkit tool, it is not a trojan dropper. RkU is at version 3.8.342.554 and is only downloaded from here(rootkitdotcom).
Axban - - - In addition to it's stated function, it is an ActiveX password stealer.
Rootkit Unhooker - - - Installs several dubious files in the system directory, one of which starts as a service. Try it. Maybe the version that I downloaded was infected. Maybe on your box it will be just peachy keen.
Then there is this:
Secure Connection Failed
www.rootkit.com uses an invalid security certificate.
The certificate is not trusted because it is self signed.
(Error code: sec_error_ca_cert_invalid)
Let the buyer beware!
enthios, that's exactly the same prompt I received, using the Perspectives add-on, with FF 3.0.1:
Yes, rootkitdotcom its been like that ever since I joined. Greg Hoglund (rootkitdotcom) is a renowned author and specialist.
RkU - download from the above site and everything will be peachy yes.
Axban - don't leave it at that plz your support is :
Why you think your version had been infected?
BTW make string analysis.
This thread is nonsense and should be closed without some supporting argument.
enthios if your copy was from the legit source you haven't a problem rku does not install any dubious files. Axban, I cannot find anything googling axban, password stealer, what say you!
oh noooooo we are all doomed by evil RkU: that has been hashed to death b4
You know that RKU is also available as rapidshare downloads linked through Sysinternals Forum by Diablo, who is the creator developer of RKU.
Please list your discoveries via cut & paste or images/screenshots. Also detail how you discovered and what tools you used. In this way your results may be duplicated or verified by other qualified peeps.
You should also state which version of RKU you were using.
Have you received a special edition of RKU, like 4.0** or some such?
It has been said that it calls home in the past, could that be what you're refering to?
Yes you may know I am aware of that older version linked by DiabloNova(EP).
Someone is smoking too much crack these days.
DiabloNova(EP) is in no way a friend of mine but in due respect,I can allmost 100% asure you he is in no way interested in packing malware into an application he has spent a larger portion of his life building.
Im not defending DiabloNova(EP),Im just saying that enthios needs to ease up on the crack pipe an some of this paranoia will leave.
Try puffing the cheebah...it produces far better results with much less paranoia
I think that rebumping a diying thread just to write this personal attacks was totally unneeded
If your are Bipolar, then even the cheebah will generate paranoia.
Separate names with a comma.