UnHackMe?

Discussion in 'other anti-trojan software' started by hubbahubba, Aug 27, 2005.

Thread Status:
Not open for further replies.
  1. hubbahubba

    hubbahubba Guest

    I've read a little bit about this program and am interested in what users of it have to say. Is it effective? Is it one of or the best anti-rootkit products out there? How is it on system resources, does it run continually with a system tray icon always visible, or os it something you set for automatic or run manual scans with? And last, is it worth the money?
     
  2. Unhackme is a good rootkit detector. I find it to be better than Blacklight, but about the same detection rate as Rootkit Revealer (free). I would say Unhackme is well worth having on your computer. A manual scan with Unhackme takes about 1 second. Try the free version out to see if you like it.
     
  3. Tom772

    Tom772 Guest

    'Unhackme is very good'

    There are other prgrams that i think are worth downloading such as Rootkit revealer> www.sysinternals.com, Rootkit Detector> www.rkdetector.com.

    Hope this helps T

    '
     
  4. txt200

    txt200 Guest


    Tom772, In the link you posted to RKDetector it says that RKDetector 2.0 will be out this summer, so has it been released yet, or is it still yet to be released? Thx.
     
  5. Tom772

    Tom772 Guest

    As far as i know not yet, but the older version is still very good at detecting rootkits. T
     
  6. hubbahubba

    hubbahubba Guest

    From what I understand the difference between UnHackMe and Rootkit Revealer is that Rootkit Revealer doesn't remove it just detects, where as UnHackMe does both. Is that correct?

    I'm also a little fuzzy as to whether or not UnHackMe runs in real-time, with an ever present sys tray icon using sytem resources or whether it runs only on reboot or is strictly an on demand type scanner.
     
  7. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I installed UnHackMe a couple of hours ago. No problems encountered, and it is active all the time with a sys tray icon.

    Jerry
     
  8. hubbahubba

    hubbahubba Guest

    How is it on system resources like memory and CPU? Did it find anything? And what's the sys tray icon look like? Hehe I've always wondered about that
     
  9. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    The icon looks like the head of a bald man with a long nose and sunglasses.?? Kinda ugly to me.

    Mem usage is 3,756 K, which is less than the total of SnoopFree with the UI exe using 3,172 and the SnoopFree Svc exe using 1,604. I am not sure what I am talking about here, but those are the figures I get from Windows Task Manager.
    Seems as if it does not use many resources.

    No, it didn't find anything. GOOD.

    Hope this helps. I'm off to bed.

    Have a good night.
    Jerry
     
  10. controler

    controler Guest

    Hackerdefender website claims almost all it's flavors are not detected by Unhackme,blacklite, rootkitR ect. You need to get to Brilliant to be undetected by IceSword.

    The site NEVER mentions RKdetector.

    controler
     
  11. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Any word on IceSword, controler, and when it's planned to be translated from Chinese to English? Also, have you used it....and is it freeware, annual or one-time payment, etc.?

    I'd also like to hear a little more about UnHackMe, from anyone who is using it currently.....
     
  12. controler

    controler Guest

    I sure have not heard if it will be translated into English as of yet.
    In it's current form it sure won't work for me.
    As far as I know it is free for now. I guess if the source code is avaliable, maybe someone else could create and English version?


    controler
     
  13. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    I downloaded the evaluation copy of UnhackMe v. 2.5 yesterday. It scans in no more than a second. What exactly is it scanning to be so fast? There was no analysis period where it scanned my whole hard drive. Just wondering how effective it can be if it is only scanning maybe one Windows System folder.
     
  14. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    I doubt Greatis will say exactly what it is doing, but my guess is that it is doing a quick scan/comparison of key system "tell points" that would indicate there is a rootkit/trojan present on the system.

    Rich
     
  15. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Thanks Rich.
     
  16. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    The maker of Unhackme already described how it worked awhile ago here:

    www.wilderssecurity.com/showthread.php?t=59336&page=2&pp=25/showthread.php?t=59336&page=2&pp=25


    "It is not a magic.
    UnHackMe uses the fact that the program wants to be fully invisible.
    HackerDefender installs the service and driver.
    But the service and driver registry keys are listed in the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
    Anyone can delete these keys and restart the computer.
    It's simple.
    HackerDefender hides these keys from reading using regedit or similar programs.
    If we make the backup copy of the system registry hive and load a hive to regedit we also see nothing.
    But we know that the keys already in the file.
    It's very easy to get search the binary file if we know what we want to find.
    But the names of the keys are unknown.
    Our remedy:
    1) We get the list of the visible keys from current registry.
    2) We get the list of all keys from registry file.
    UnHackMe saves the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
    as the hive file in binary format.
    UnHackMe reads the registry binary file and gets teh list of all keys.
    It compares two lists and displays the invisible keys.
    It's almost that we need.
    In addition UnHackMe allows you to get the full information from teh hidden registry keys.
    It reads this information from binary file.
    ImagePath value displays the path to the driver/service execution file.
    UnHackMe can stop teh service and delete the hidden keys from registry."
     
    Last edited by a moderator: Sep 9, 2005
  17. passing thru

    passing thru Guest

    For those inclined to play with it, IceSword 1.12, untranslated, is now available (from the usual suspects).
     
  18. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,089
  19. passing thru

    passing thru Guest

    An English version of IceSword 1.12 is now available as well (from the usual sources).
     
  20. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    Just for information: Rkdetector (the old version) does not detect the current version of HackerDefender (15-08], which is detected by UnHackme.

    If the rootkit detector of Andreas Tarasco is not available yet, it's perhaps to increase it against the paid versions of HxDef.
    Then wait and see.
    In any case, HackerDefender needs administrator privileges to run and install its service.
    So the best prevention is to log and surf under a limited account.

    Regards
     
    Last edited by a moderator: Sep 9, 2005
  21. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Or RKdetector + RKR + Blacklight + Antihook/PG (Well, the pay version of PG anyways.).
     
  22. controler

    controler Guest

    I thought I read over on THAT site. They are working more on userlevel (ring3) ways of using rootkits more now. Maybe even some proof of concept.

    I like the new IceSword 1.12 shws way more thnings then rootkitrevealer does but just as rootkit revealer, it finds but doesn't offer any removal.

    controler
     
  23. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    How complicated is UnHackMe to use?

    I was assuming that it was fairly simply, but after watching their "demo", it seems that more user interaction is required than I would have thought! I figured that it would run silently, catch what it needed to catch, and either delete or alert me to delete what it had found. But the demo seemed as though the user would have to be looking for and investigating difference sources to find what the user was looking for.

    So what can others who have used this share with me about it (regarding ease of use and simplicity, as well as effectiveness, etc.)?
     
  24. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    i had unhackme installed for a couple of weeks - during that time it just sat there silently in the tray doing it's own thing.

    i occasionally ran a manual scan with it which took one second and said things were ok.

    i uninstalled it because of a system glitch that was probably nothing to do with it but i just wanted to rule it out.

    i think it is mainly a rootkit and kernel level detector didn't really get the chance to test it on anything to see what kind of trojan range it could detect.
     
  25. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Thanks for the reply and that info, toploader. So I guess the "demo" must have related to what happened when a manual scan turned up a result. Also, it seems like it was written in German(?)....but I'm guessing that there is an English version as well?
     
Thread Status:
Not open for further replies.