Re: Download freeware RKR scanning software (detect Sony rootkit & others)
pamelafiischer_at_yahoo.com
Date: 11/20/05
- Next message: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Previous message: Imhotep: "Software writers spot open source in Sony BMG CDs"
- In reply to: Trax: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Next in thread: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Reply: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Reply: nemo_outis: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Reply: karl levinson, mvp: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Reply: Trax: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 20 Nov 2005 13:57:00 -0800
Trax wrote:
> |>Boot into a clean CD, run "dir /s /b /ah" and "dir /s /b /a-h" on the
> |>same drive, and save the results.
> I did the deed and it found:
> F:\UnZip\RKtest\Edir_a_h.txt as being more recent - I'm clean.
Hi Trax,
I too attempt this intriguing method of finding hidden rootkits; but I
am stuck at the point of obtaining a separate Windows XP clean bootable
CDROM (as my pc came with the operating system on it and no Windows
CD).
I asked in a separate thread where best to obtain a simple clean
Windows XP boot CDROM.
One suggestion for your tests above, if I may, are to use:
dir /s/ah/l/on/b c:\ > all_hidden_files_before.tdir /s/a-h/l/on/b c:\ >
not_hidden_files_before.txt
Instead of:
dir /s /b /ah > all_hidden_files_before.txt
dir /s /b /a-h > not_hidden_files_before.txt
The additional lower-casing (l) and name-ordering (on) options should,
I would guess, make the difference utility faster and more accurate (or
is my logic off?).
Still, my main question was answered which I repeat for the others who
follow us:
Q1: Where do mere mortals obtain root kit scanning procedures?
A: Those of us who are not experts can still obtain rootkit detection
procedures at
a. Rootkit Revealer
http://www.sysinternals.com/utilities/rootkitrevealer.html
b. GhostBuster Rootkit Detector http://research.microsoft.com/rootkit
c. RKdetect Rootkit Detecter
http://www.security.nnov.ru/files/rkdetect.zip
My remaining questions are off topic so I will post them separately:
Q2 Where do mortals obtain the smallest reliable Windows XP bootable
CDROM?
Q3: Where do I find a lookup table for each of these 8-4-4-4-12 CLSID
class ids?
Note it's not at
http://www.microsoft.com/technet/prodtechnol/host/proddocs/appint/asdefclassid.mspx
or, if it is, I missed the lookup table explaining what each classid on
my system is.
Thank you all for your expert advice which will help other mere
mortals,
Pamela
- Next message: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Previous message: Imhotep: "Software writers spot open source in Sony BMG CDs"
- In reply to: Trax: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Next in thread: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Reply: pamelafiischer_at_yahoo.com: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Reply: nemo_outis: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Reply: karl levinson, mvp: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Reply: Trax: "Re: Download freeware RKR scanning software (detect Sony rootkit & others)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
