Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Rootkit - If this is a repeat, please delete it

by TONI H Jun 28, 2005 3:45AM PDT

This came into my email via subscription I signed up for and wanted to make sure everybody is aware of this new threat that seems to be gaining steam steadily.

University of Connecticut Latest Hacker Victim

What a nightmare for Storrs. Connecticut's university has uncovered a rogue program -- called a rootkit -- that's been hiding inside one of its servers for two years. And that server is used to store names, social security numbers, and more for students, faculty and staff. Was the data compromised? What did the rootkit do? Our story has details on what we know and whether you should be worried. http://www.eweek.com/article2/0,1895,1831892,00.asp

http://www.sysinternals.com/Utilities/RootkitRevealer.html

RootkitRevealer is an advanced patent-pending root kit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys).

TONI

Discussion is locked

13 Posts
- Collapse + Expand Details
- Collapse -
RootkitRevealer and F-Secure Blacklight
by Donna Buenaventura Jun 28, 2005 5:00AM PDT

Hi Toni,

Thanks for sharing it.

Below are some other references on what is rootkit and what is the risk.

Microsoft recommend to evaluate third-party products such as RootkitRevealer from Sysinternals or Blacklight from F-Secure to ensure more reliable detection of rootkits.

http://www.microsoft.com/technet/security/topics/auditingandmonitoring/securitymonitoring/smpgch04.mspx

What is a rootkit?
How dangerous is a rootkit?
How common is the problem?
What malware uses rootkit techniques?
Shouldn't antivirus detect rootkits before they go into hiding?
What's the forecast for rootkits?

http://www.f-secure.com/blacklight/rootkit.shtml

- Collapse -
Rootkit comment. May scare a few too easily.
by r. proffitt Former Forum moderator Jun 28, 2005 5:27AM PDT

I ran it and found it does a few False Positives due to the reasons stated at their web site. It's a great tool and I appreciate it, but much like HIJACKTHIS, interpeting the results is going to take a person that has some inkling of what is being reported.

Great tool, but not ready for mass consumption?

Bob

- Collapse -
True Bob
by Donna Buenaventura Jun 28, 2005 5:54AM PDT

Rootkitrevealer is not easy to understand by some users. It requires research for each item it will show to user and further analysis.

The F-Secure Blacklight (Beta-Trial expiring on July 1st - hopefully they'll extend again Grin ), is what most users should use. It will simply scan the system for rootkit. Users need not to analyze. If rootkit is found, it can be cleaned using the Blacklight.

- Collapse -
that is
by dyspyzthespyz Jun 28, 2005 6:40AM PDT

a very simple one Donna, and i too agree with you on them hopefully extending it, we can keep our fingers crossed. Wink

- Collapse -
Yes, it's very simple to use. Strider GhostBuster
by Donna Buenaventura Jun 28, 2005 7:09AM PDT
- Collapse -
(NT) (NT) thanks for the link ;-)
by dyspyzthespyz Jun 28, 2005 7:38AM PDT
- Collapse -
Extended to October 1st ;-D
by Donna Buenaventura Jun 30, 2005 5:34AM PDT
- Collapse -
cool, again thanks Donna....
by dyspyzthespyz Jul 1, 2005 5:14AM PDT

and here we were just talking about them hopefully extending it.....i guess now i can stop stalking them now that they have extended it...lol j/k ;D

- Collapse -
But when will MS be ready to release GhostBuster?
by scubbysteve Oct 24, 2005 12:55AM PDT

Blacklight is definitelt better suited for the average user, though RootKitRevealer showed results Blacklight did not, attributable to false positives.
But given Microsofts historical delays with software releases,i.e. patches, OS's, etc. ....how soon can we all look for Strider GhostBuster to be released for public consumption and protection?

- Collapse -
Strider Ghostbuster
by Donna Buenaventura Oct 24, 2005 1:35AM PDT

Not much info from them other that there are 3 versions of Strider GhostBuster. There was a news that it will be bundled with Microsoft AntiSpyware that news is not from Microsoft.
http://www.eweek.com/article2/0,1895,1838294,00.asp
As for release, am not aware when or how it will be release by Microsoft.

- Collapse -
That's too bad!
by scubbysteve Oct 26, 2005 10:49PM PDT

That really is too bad. The next version of Microsoft Anti-Spyware isn't due out till December 2005 when the current version expires. Seems it'll have to be Blacklight for a while then.

- Collapse -
Too bad indeed!
by Rheal Sep 7, 2008 7:10AM PDT

And now... September 2008(!) and I still can't find any place to actually download this "Strider GhostBuster" !

Maybe it's been dumped, or maybe integrated (without telling anyone?) into some other product? I've been searching for the last half hour or so with Google and can't find any mention of the actual software being available.

- Collapse -
Re: Too bad indeed!
by n0bodie Oct 12, 2008 6:47PM PDT

As far as I can tell, strider ghostbuster was never meant to be available to the general public (I can't comment on msdn/bluehat access). You can use RootkitRevealer which is free and I believe uses the same techniques to find rootkits.

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info