Re: Download freeware RKR scanning software (detect Sony rootkit & others)

From: karl levinson, mvp (levinson_k_at_despammed.com)
Date: 11/21/05 

Date: Mon, 21 Nov 2005 06:25:57 -0500

<pamelafiischer@yahoo.com> wrote in message
news:1132553756.294758.105590@f14g2000cwb.googlegroups.com...

> Given that the only reason we need to boot to a separate operating
> system is to run DOS "dir dir /s/ah/l/on/b" commands, an alternative to
> the Microsoft suggested method of booting to a Windows XP cdrom might
> be to boot to a Linux CDROM & then running the closest Linux "ls -alsF"
> equivalent to the DOS "dir /s/ah/l/on/b" command.
>
> Do the experts on this list know of anyone successful in searching for
> rootkit cloaked files using any of these boot-to-something methods?

Strider Ghostbuster is educational but is research only, for now. Do not
mistake it for an official Microsoft recommendation to customers. The
process is extremely painful to execute, and after all that work, there are
flaws. One of the biggest flaws is that the DIR command does not display
files hidden by ADS streams. There are other ways a root kit could hide
from that process even after a reboot to an alternate OS. I would not point
to its web page for anything but education.

Relevant Pages