I occasionally boot my linux systems from a Knoppix CD and run chkrootkit over my hard drive to look for rootkits. Is there a similar product for windows systems?
Printable View
I occasionally boot my linux systems from a Knoppix CD and run chkrootkit over my hard drive to look for rootkits. Is there a similar product for windows systems?
I would think good AntiVirus software would the same thing. Maybe PestPatrol (http://www.pestpatrol.com/) would be good, but I've never used it.
hi
yes there are many softwares which will help u to do the thing u want
u can use norton, McAffee, etc. to do such jobs
i use it too
akshaya
Sorry if I impose linux upon you, buy unless you are a heavy windows gamer, It is the best choice to run for anything. You don't have to worry about rootkits unless you have a server or something important on your PC. Or a newbe hacker happens to find you randomly. (Which is extremely rare, even more rare if you use any linux with a firewall)
A clever Windows rootkit obviously won't show up on antivirus, as it will hide its presence, and there won't be a signature for it anyway.
There is really nothing you can do against rootkits in the general case, except don't get your box rooted in the first place.
Rootkits are not viruses or worms, hence generally have a very small distribution, so it's unlikely that AV companies are aware of most of them.
Someone can only apply a rootkit if they already obtain root (i.e. Administrator) access. Therefore your best defence is to not allow them to do so.
Slarty
The following is a good article for the defence against rootkits, infact the hole page is pretty informative.
Quote:
An ingenious hacker will be smart enough to hide his track forever. He will use all available means to outwit his victim and often has a big chance of reaching that goal. However system administrators are not defenseless against malicious attacks. There are many known techniques and procedures to detect any suspected installation within systems. At a first glance a rootkit seems to be a powerful tool and undoubtedly it is. Luckily, rootkits are a double-edged sword with their design. As I already mentioned, a kernel-based rootkit monitors calls for objects (files, directories, registers or processes) the names of which begin with a string
Quote:
Luckily many crackers are careless and portions of their rootkit can be detected. The trojaned files above often have configuration files that list which programs to hide and which to display. Often they forget to hide the configuration files themselves. Since /dev is the default location for many of these configuration files, looking in there for anything that is a normal file is often a good idea.
The above is a sample, the full article is here:Quote:
A rootkit, however, cannot affect processes that have _root_ in their names. In other words, when a system administrator, is analyzing the system log using Regedit.exe, he cannot see hidden entries, but just by changing its name to _root_regedit.exe, it will be enough for him to see all of them as well as hidden keys and registry entries. This is true for all programs – for example, Task Manager
http://www.windowsecurity.com/articl...vironment.html
Just because someone is using linux, they don't have to worry about rootkits? Care to explain that one away? Just because there is nothing important(?) on your computer you should just let it go? Have you noticed what happens when someones box has become infected and infects someone else an so on and so forth? If you don't give a crap about the safety/security of your computer, should you be allowed to connect to the net?Quote:
You don't have to worry about rootkits unless you have a server or something important on your PC.
Back on topic
jonathans_daddy, you might want to look here
http://www.rootkit.com/
Jinxy: broken link.
That is total TOSH.Quote:
A rootkit, however, cannot affect processes that have _root_ in their names. In other words, when a system administrator, is analyzing the system log using Regedit.exe, he cannot see hidden entries, but just by changing its name to _root_regedit.exe, it will be enough for him to see all of them as well as hidden keys and registry entries. This is true for all programs – for example, Task Manager
A rootkit can affect all processes on the system regardless fo their name. Perhaps there is a specific one which does not, but that is not generally true.
Basically a rootkit is a specialised kind of backdoor which is very sneaky. Even if you have discovered and eliminated a single rootkit, there is no reason why there need not be others that you haven't spotted.
If an attacker gains root, YOU MUST REFORMAT. There is ABSOLUTELY NO WAY to guarantee that your system is no longer compromised, you must reformat it.
So if you detect a rootkit, first pull the ethernet cable, then check your backups. And follow the instructions on countless other posts on disaster recovery.
Slarty
Sorry dont no what happend there.
http://www.windowsecurity.com/articl...vironment.html
Jinxy, there's a br tag showing up in the link.
This needs to go to Oops! A Bug for mnstrlgrl to fix.
Thanks MsM.
I just had to nip off to google to find out what a br tag was :D
The question that was asked.. IS there a LIVE CD that will have the tools LIKE a Knoppix Live CD to scann a Windows box for MALWARE..Quote:
I occasionally boot my linux systems from a Knoppix CD and run chkrootkit over my hard drive to look for rootkits. Is there a similar product for windows systems?
Yes and no.. I understand some use Knoppix in a similar way on windaz..(haven't followed up on this), With "for windows" stuff, mainly pay for, boot cd's like Hirens Boot CD.. or like I am attempting to do build a XP Live cd aka BartPE and place the tools you neeed on there
Cheers
Errr, sorry bout' that one. I don't know what I was thinking when I put it.Quote:
You don't have to worry about rootkits unless you have a server or something important on your PC.