UnHackMe?

I've read a little bit about this program and am interested in what users of it have to say. Is it effective? Is it one of or the best anti-rootkit products out there? How is it on system resources, does it run continually with a system tray icon always visible, or os it something you set for automatic or run manual scans with? And last, is it worth the money?

 

Unhackme is a good rootkit detector. I find it to be better than Blacklight, but about the same detection rate as Rootkit Revealer (free). I would say Unhackme is well worth having on your computer. A manual scan with Unhackme takes about 1 second. Try the free version out to see if you like it.

 

'Unhackme is very good'

There are other prgrams that i think are worth downloading such as Rootkit revealer> www.sysinternals.com, Rootkit Detector> www.rkdetector.com.

Hope this helps T

'

 

Tom772, In the link you posted to RKDetector it says that RKDetector 2.0 will be out this summer, so has it been released yet, or is it still yet to be released? Thx.

 

As far as i know not yet, but the older version is still very good at detecting rootkits. T

 

From what I understand the difference between UnHackMe and Rootkit Revealer is that Rootkit Revealer doesn't remove it just detects, where as UnHackMe does both. Is that correct?

I'm also a little fuzzy as to whether or not UnHackMe runs in real-time, with an ever present sys tray icon using sytem resources or whether it runs only on reboot or is strictly an on demand type scanner.

 

I installed UnHackMe a couple of hours ago. No problems encountered, and it is active all the time with a sys tray icon.

Jerry

 

How is it on system resources like memory and CPU? Did it find anything? And what's the sys tray icon look like? Hehe I've always wondered about that

 

The icon looks like the head of a bald man with a long nose and sunglasses.?? Kinda ugly to me.

Mem usage is 3,756 K, which is less than the total of SnoopFree with the UI exe using 3,172 and the SnoopFree Svc exe using 1,604. I am not sure what I am talking about here, but those are the figures I get from Windows Task Manager.
Seems as if it does not use many resources.

No, it didn't find anything. GOOD.

Hope this helps. I'm off to bed.

Have a good night.
Jerry

 

Hackerdefender website claims almost all it's flavors are not detected by Unhackme,blacklite, rootkitR ect. You need to get to Brilliant to be undetected by IceSword.

The site NEVER mentions RKdetector.

controler

 

Any word on IceSword, controler, and when it's planned to be translated from Chinese to English? Also, have you used it....and is it freeware, annual or one-time payment, etc.?

I'd also like to hear a little more about UnHackMe, from anyone who is using it currently.....

 

I sure have not heard if it will be translated into English as of yet.
In it's current form it sure won't work for me.
As far as I know it is free for now. I guess if the source code is avaliable, maybe someone else could create and English version?


controler

 

I downloaded the evaluation copy of UnhackMe v. 2.5 yesterday. It scans in no more than a second. What exactly is it scanning to be so fast? There was no analysis period where it scanned my whole hard drive. Just wondering how effective it can be if it is only scanning maybe one Windows System folder.

 

I doubt Greatis will say exactly what it is doing, but my guess is that it is doing a quick scan/comparison of key system "tell points" that would indicate there is a rootkit/trojan present on the system.

Rich

 

Thanks Rich.

 

The maker of Unhackme already described how it worked awhile ago here:

www.wilderssecurity.com/showthread.php?t=59336&page=2&pp=25/showthread.php?t=59336&page=2&pp=25


"It is not a magic.
UnHackMe uses the fact that the program wants to be fully invisible.
HackerDefender installs the service and driver.
But the service and driver registry keys are listed in the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
Anyone can delete these keys and restart the computer.
It's simple.
HackerDefender hides these keys from reading using regedit or similar programs.
If we make the backup copy of the system registry hive and load a hive to regedit we also see nothing.
But we know that the keys already in the file.
It's very easy to get search the binary file if we know what we want to find.
But the names of the keys are unknown.
Our remedy:
1) We get the list of the visible keys from current registry.
2) We get the list of all keys from registry file.
UnHackMe saves the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
as the hive file in binary format.
UnHackMe reads the registry binary file and gets teh list of all keys.
It compares two lists and displays the invisible keys.
It's almost that we need.
In addition UnHackMe allows you to get the full information from teh hidden registry keys.
It reads this information from binary file.
ImagePath value displays the path to the driver/service execution file.
UnHackMe can stop teh service and delete the hidden keys from registry."

 

For those inclined to play with it, IceSword 1.12, untranslated, is now available (from the usual suspects).

 

The web page for IceSword can be translated via Bable Fish at:
http://babelfish.altavista.com/

-- Tom

 

An English version of IceSword 1.12 is now available as well (from the usual sources).

 

Hi,

Just for information: Rkdetector (the old version) does not detect the current version of HackerDefender (15-08], which is detected by UnHackme.

If the rootkit detector of Andreas Tarasco is not available yet, it's perhaps to increase it against the paid versions of HxDef.
Then wait and see.
In any case, HackerDefender needs administrator privileges to run and install its service.
So the best prevention is to log and surf under a limited account.

Regards

 

Or RKdetector + RKR + Blacklight + Antihook/PG (Well, the pay version of PG anyways.).

 

I thought I read over on THAT site. They are working more on userlevel (ring3) ways of using rootkits more now. Maybe even some proof of concept.

I like the new IceSword 1.12 shws way more thnings then rootkitrevealer does but just as rootkit revealer, it finds but doesn't offer any removal.

controler

 

How complicated is UnHackMe to use?

I was assuming that it was fairly simply, but after watching their "demo", it seems that more user interaction is required than I would have thought! I figured that it would run silently, catch what it needed to catch, and either delete or alert me to delete what it had found. But the demo seemed as though the user would have to be looking for and investigating difference sources to find what the user was looking for.

So what can others who have used this share with me about it (regarding ease of use and simplicity, as well as effectiveness, etc.)?

 

i had unhackme installed for a couple of weeks - during that time it just sat there silently in the tray doing it's own thing.

i occasionally ran a manual scan with it which took one second and said things were ok.

i uninstalled it because of a system glitch that was probably nothing to do with it but i just wanted to rule it out.

i think it is mainly a rootkit and kernel level detector didn't really get the chance to test it on anything to see what kind of trojan range it could detect.

 

Thanks for the reply and that info, toploader. So I guess the "demo" must have related to what happened when a manual scan turned up a result. Also, it seems like it was written in German(?)....but I'm guessing that there is an English version as well?