UBCD4Win Forums: RootKitty - Rootkit Finder - UBCD4Win Forums

Jump to content

  • (3 Pages)
  • +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • You cannot reply to this topic

RootKitty - Rootkit Finder A little program that I made

#31 User is offline   kahunadude Icon

  • Newbie
  • Pip
    • Group: Members
    • Posts: 5
    • Joined: 30-March 09

    Posted 30 March 2009 - 07:07 PM

    Guys,
    Are keystroke loggers considered a form of rootkit? If so, would Rootkitty find them?
    Thanks.
    0

    #32 User is offline   pcuser Icon

    • Project Programmer
    • PipPipPipPipPipPipPip
      • Group: Moderator & Development
      • Posts: 4371
      • Joined: 20-November 04
      • Gender:Male
      • Location:Kneebrasskee

      Posted 30 March 2009 - 07:15 PM

      Quote

      Are keystroke loggers considered a form of rootkit? If so, would Rootkitty find them?

      Any file that attempts to stealth itself is considered a rootkit. RootKitty doesn't care what type of file it is, if you scan from within windows and it doesn't show up then scan from UBCD4Win and it does then I would take a closer look at the file.
      If you're afraid of taking any chances then the chances are great that you will never learn anything

      Multiboot Plugins - UBUSB (Ultimate Boot USB) - EzPcFix - RootKitty - Network Configuration Utility - UnIsoFS - A Small Linux Distro - SELogger - HashME - WSock - My Paypal
      0

      #33 User is offline   kahunadude Icon

      • Newbie
      • Pip
        • Group: Members
        • Posts: 5
        • Joined: 30-March 09

        Posted 30 March 2009 - 07:29 PM

        Thanks for the prompt response.
        However, aside from doing the within and without compare, is there any other way to 'observe' or block the 'phone home' functions of a keystroke logger?
        I think my PC has been infected with one of these nasty malware programs.
        I hate to have to try to preserve all my important files, wipe the HDD and restore the 3 recovery disks that came with it.
        Thanks again for your thoughts.
        0

        #34 User is offline   pcuser Icon

        • Project Programmer
        • PipPipPipPipPipPipPip
          • Group: Moderator & Development
          • Posts: 4371
          • Joined: 20-November 04
          • Gender:Male
          • Location:Kneebrasskee

          Posted 30 March 2009 - 07:32 PM

          I suggest doing a few malware scans from UBCD4Win and see what they they detect.
          If you're afraid of taking any chances then the chances are great that you will never learn anything

          Multiboot Plugins - UBUSB (Ultimate Boot USB) - EzPcFix - RootKitty - Network Configuration Utility - UnIsoFS - A Small Linux Distro - SELogger - HashME - WSock - My Paypal
          0

          #35 User is offline   kahunadude Icon

          • Newbie
          • Pip
            • Group: Members
            • Posts: 5
            • Joined: 30-March 09

            Posted 30 March 2009 - 07:53 PM

            Do you have any particular scan programs in mind? If they do find someting, is it removable?
            0

            #36 User is offline   SteelTrepid Icon

            • Administrator
            • PipPipPipPipPipPipPipPip
              • Group: Admin
              • Posts: 6328
              • Joined: 27-April 04
              • Gender:Male
              • Location:Ohio

              Posted 30 March 2009 - 07:59 PM

              Depends on what you have available to you.
              For the tools currently included in UBCD4Win, I would say run Avira, SuperAntiSpyware, AdAware, SpyBot, and EzPCFix (if you know how to use it).
              Need some hardware or software at super low prices? Check out my online store here: Burrows Solutions

              "I play Russian roulette everyday, a man's sport, with a bullet called life"
              "My cause is noble, my power is pure"
              "My new computer came with Windows 7. Windows 7 is much more user-friendly than Windows Vista. I don't like that."
              "Is Wayne Brady gonna have to choke a bitch?"

              Can we smoke in here?
              Cigarettes or crack?
              Don't make me choose.
              0

              #37 User is offline   rdsok Icon

              • rdsok
              • PipPipPipPipPipPipPipPip
                • Group: Admin
                • Posts: 6603
                • Joined: 02-October 05
                • Gender:Male
                • Location:Norman, Ok. USA

                Posted 30 March 2009 - 08:02 PM

                View Postkahunadude, on Mar 30 2009, 07:53 PM, said:

                Do you have any particular scan programs in mind? If they do find someting, is it removable?


                Since a keylogger could be detected by either an antispyware or an antivirus... any or all of them is what you want to use since you won't know which can detect whatever you may ( or may not have )... but until you actually start doing something you won't know... in short its time to quit talking about it and actually start doing some of the suggestions you were given.
                Plan A is always more effective when the device you are working on understands that Plan B involves either a large hammer or screwdriver....
                0

                #38 User is offline   kahunadude Icon

                • Newbie
                • Pip
                  • Group: Members
                  • Posts: 5
                  • Joined: 30-March 09

                  Posted 30 March 2009 - 08:49 PM

                  Thanks to all.
                  I'm off to find the Wizards.
                  0

                  #39 User is offline   Menneset Icon

                  • Newbie
                  • Pip
                    • Group: Members
                    • Posts: 18
                    • Joined: 28-June 10

                    Posted 28 June 2010 - 01:57 PM

                    One minor suggestion should you find yourself working on another update. I ran RootKitty for the first time a short while ago and apparently the Win-Files.txt and PE-Files.txt were identical--which is of course what I want to see. However there was no feedback to that effect when I clicked the Compare button. It appeared as though nothing at all happened and I was momentarily confused.

                    As I said, minor, but perhaps worthy of a tweak in future versions.

                    Thanks for your great work!
                    0

                    #40 User is offline   pcuser Icon

                    • Project Programmer
                    • PipPipPipPipPipPipPip
                      • Group: Moderator & Development
                      • Posts: 4371
                      • Joined: 20-November 04
                      • Gender:Male
                      • Location:Kneebrasskee

                      Posted 28 June 2010 - 02:08 PM

                      That's a good idea. I'll add a "Finished" dialog after if nothing is found.

                      Thanks
                      If you're afraid of taking any chances then the chances are great that you will never learn anything

                      Multiboot Plugins - UBUSB (Ultimate Boot USB) - EzPcFix - RootKitty - Network Configuration Utility - UnIsoFS - A Small Linux Distro - SELogger - HashME - WSock - My Paypal
                      0

                      • (3 Pages)
                      • +
                      • 1
                      • 2
                      • 3
                      • You cannot start a new topic
                      • You cannot reply to this topic

                      1 User(s) are reading this topic
                      0 members, 1 guests, 0 anonymous users