Re: New utility by Sysinternals -- RootkitRevealer

From: Vanguard (use_ReplyTo_at_domain.invalid)
Date: 02/23/05 

Date: Wed, 23 Feb 2005 02:10:24 -0600

"Bigbruva" <Richardh@dontusethis.ws> wrote in message
news:e7O18lWGFHA.1740@TK2MSFTNGP09.phx.gbl...
> This is a great looking tool that I can see will be very useful in
> discovering these kits but it is a shame it offers no removal
> routines.
> I guess that will be in a future "pay for" version ;-)

Since the utility runs under the same OS that has been infected, and
since rootkits can hide themselves by running as kernel-mode processes,
no application will effectively remove them. You need to boot to use a
clean OS, like using a bootable CD-ROM, to clean the *inactive* OS of
the rootkit. However, you might end up having to do a Repair or just
saving your data and doing a fresh install of the OS again. You could
end up wasting a lot more time trying to save your OS rather than just
reinstalling it and your applications and setup. But the tool provides
a heads up that you have a problem, but it isn't something for the
casual user. 

-- 
____________________________________________________________
Post your replies to the newsgroup.  Share with others.
E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
____________________________________________________________

Relevant Pages