Re: Download freeware RKR scanning software (detect Sony rootkit & others)

From: nemo_outis (abc_at_xyz.com)
Date: 11/21/05 

Date: 21 Nov 2005 05:45:46 GMT

pamelafiischer@yahoo.com wrote in news:1132546005.159617.267900
@g43g2000cwa.googlegroups.com:

> nemo_outis wrote:
>> Using Bart's PE is one choice.
>> Apply nLite or xplite first to reduce Windows to a smaller size.
>> I've got some very small versions of Windows XP.
>> Some people start with the embedded version of windows
>> rather than the consumer or corporate versions.
>
> I'm not at all sure what an "embedded" version of Windows is.

Embedded Windows Xp is a variant of Windows designed to be small and
efficient to be "shoehorned" in devices of limited capacities. It has
very little by way of user interface and really can be stripped down.
The appeal is that the kit is designed to allow one to add in or leave
out functionality on a much finer level of granuarity than for mainstream
versions of XP - it thus has considerable appeal to those hobbyists
trying to make bootable versions of Windows for USB sticks, versions that
will run in solid-state memory for a car, etc.

 
> And, when you say to apply nLite or XPlite to reduce Windows, I really
> don't know what that means. For example, do I "apply nLite" to the i386
> directory (which I don't seem to have) or do I apply nLite on my
> working installed Windows XP for which all I have is a recovery CDROM,
> and not an original Windows XP bootable CDROM? I do appreciate the
> advice but please realize I am a mere mortal and not a Windows XP
> expert such as you guys are.

Sorry, these things are really tools for tinkerers and geeks. If you
just want to get something done and don't want to become expert enough to
"roll your own" then you have to look for some "packaged" version already
out there (usually cobbled together by one of the aforementioned geeks
and hobbyists).

 
> Meanwhile, I've been downloading (it's at 76% so far after failing
> twice) for hours the 150 MB helpful link you kindly pointed me to on
> Megaupload.com. I have no intent on "stealing" Windows XP - all I want
> is a bootable Windows XP CD so I can located cloaked files as per
> instructions in method 3 below.
>
> ROOTKIT DETECTION METHOD 1 (RKR) failed me due to cryptic output:
> - http://www.sysinternals.com/utilities/rootkitrevealer.html
>
> ROOTKIT DETECTION METHOD 2 (RKD) failed due to unknown privilage
> issues:
> - http://www.security.nnov.ru/files/rkdetect.zip
>
> ROOTKIT DETECTION METHOD 3 (STRIDER) requires a boot WinXP CD/DVD:
> - http://research.microsoft.com/rootkit
>
> All I really want to do is determine if a rootkit is cloaking files &
> keys.
> I can't be the only person wanting to know what is cloaked on my
> system.
> Do others see the same set of problems I am running into (or is it just
> me)?

Sorry, what I gave you is the bootable CD of an *installable* stripped
Windows XP. You would still have to "blend" it with suitable utilities,
etc. and make it into a self-bootable *executable* CD. That is
surprisingly hard to do with Windows XP unless you pull some crafty
tricks since the OS typically wants to *write back* to its boot medium
(which is impossible with a CD, of course). Bart (of BartPE fame) has
solved the problem but in terms of a "kit for geeks" not a "ready to
use" CD. Others (Hiren, or Winternals, for instance) have assembled
bootable CDs with many utilities, but I disremember whether they had much
by way of root-kit uprooters in their collection of utilities.

Regards,

Relevant Pages

  • Re: Unattended Installs
    ... I am concerned with anything nLite may add into the ... drivers for RAID cards and Security patches/Service Packs. ... for Windows XP or Windows 2003 in their corporate environment?) ...
    (microsoft.public.windowsxp.general)
  • Re: in place reinstall.
    ... Universal Windows Slipstreaming and Bootable CD Guide ... A service pack is a product-specific collection of updates that fix ... This guide will describe the easiest way possible to slipstream (also ... nLite created by one of our members nuhi. ...
    (microsoft.public.windowsxp.perform_maintain)
  • ntsvcfg schliesst sich sofort wieder
    ... will mein neues mit der aktuellen nLite version abgespecktes Windows xp ... echo Checking available permissions:, ...
    (de.comp.security.firewall)
  • Re: repairing without the cd?
    ... Universal Windows Slipstreaming and Bootable CD Guide ... A service pack is a product-specific collection of updates that fix ... This guide will describe the easiest way possible to slipstream (also ... nLite created by one of our members nuhi. ...
    (microsoft.public.windowsxp.basics)
  • =?ISO-8859-15?Q?Re=3A_Systemsicherung_bei_HP_nx9420=2C_?= =?ISO-8859-15?Q?2=2E_Parti
    ... Daraus macht die nLiteOs dann eine ganz normale bootable Windows Installations CD. ... Gibt andere Tools welche dies können. ... Mit NLite den Inhalt der auf der Extrapartition ist, ...
    (de.comp.sys.notebooks)