Archive for the 'Rootkit Unhooker' Category

Anti Rootkit Software Scanners for Vista

Friday, January 11th, 2008

We are often asked what Anti Rootkit Scanners are available for Windows Vista. There are currently only 7, out of the 20 or so scanners available, that will work with Vista. These scanners will also only work with 32 Bit versions of Vista.

Here is a list of the 7 in alphabetical order. Please click on the scanner name or screenshot to bring you to a more detailed page where you can download the software.

F-Secure Blacklight

blacklight-frontend

 

GMER

gmer-frontend

 

Icesword

Icesword Frontend

 

Rootkit Hook Analyser

rootkit-hook-analyser-frontend

 

Rootkit Revealer

 

Rootkit Unhooker

Rootkit Unhooker

 

Unhackme

Unhackme

Keep Safe,

Steo - www.antirootkit.com

Posted in News, Vista, Debate, Rootkit Scanners, GMER, Analysis, Rootkit Unhooker, Unhackme, Rootkit Revealer, Rootkit Hook Analyser, Icesword, Blacklight | 7 Comments »

New Storm Worm Rootkit Domain happy2008toyou.com appears on the stroke of Midnight

Tuesday, January 1st, 2008

Another Storm Worm domain as popped up on the radar,

happy2008toyou.com

The whois…

Domain name:             HAPPY2008TOYOU.COM
Name Server:             ns.happy2008toyou.com 68.251.106.142
Name Server:             ns10.happy2008toyou.com 89.35.121.187
Name Server:             ns11.happy2008toyou.com 58.9.65.61
Name Server:             ns12.happy2008toyou.com 222.209.139.28
Name Server:             ns13.happy2008toyou.com 82.59.136.43
Name Server:             ns2.happy2008toyou.com 68.36.252.81
Name Server:             ns3.happy2008toyou.com 71.230.66.163
Name Server:             ns4.happy2008toyou.com 68.61.185.117
Name Server:             ns5.happy2008toyou.com 70.232.142.1
Name Server:             ns6.happy2008toyou.com 66.75.86.71
Name Server:             ns7.happy2008toyou.com 85.29.202.180
Name Server:             ns8.happy2008toyou.com 86.139.75.35
Name Server:             ns9.happy2008toyou.com 86.130.251.39
Creation Date:           2007.12.29
Updated Date:            2007.12.29
Expiration Date:         2008.12.29
Status:                  DELEGATED
Registrant ID:           X05O1TC-RU
Registrant Name:         Larry Claus
Registrant Organization: Larry Claus
Registrant Street1:      1874 str.  office 923
Registrant City:         Los-Angeles
Registrant State:        CA
Registrant Postal Code:  320784
Registrant Country:      US
Administrative  Technical Contact
Contact ID:              X05O1TC-RU
Contact Name:            Larry Claus
Contact Organization:    Larry Claus
Contact Street1:         1874 str.  office 923
Contact City:            Los-Angeles
Contact State:           CA
Contact Postal Code:     320784
Contact Country:         US
Contact Phone:           1 320 5216723
Contact E-mail:          larryknower931@yahoo.com

Registrar:               ANO Regional Network Information Center dba RU-CENTER
Last updated on 2008.01.01 03: 36: 27 MSK/MSD

The full list of domains we currently have is:

familypostcards2008.com
freshcards2008.com
happy2008toyou.com
happycards2008.com
happysantacards.com
hellosanta2008.com
hohoho2008.com
newyearcards2008.com
newyearwithlove.com
parentscards.com
postcards-2008.com
Santapcards.com
Santawishes2008.com

The filename downloaded is happy_2008.exe

Most Virus Scanners find it,

Have a happy New Year,

Keep Safe,

regards,

Steo

Posted in News, Microsoft, New Rootkits, E-Cards, Rootkit Scanners, Other Malware, McAfee, wincom32, peacomm, Analysis, Nuwar, Storm Worm, Rootkit Unhooker | 2 Comments »

EP_X0FF and Rootkit Unhooker off to Microsoft

Sunday, December 23rd, 2007

EP_E0FFMicrosoft have just gained one of the best anti rootkit teams on the planet. EP_X0FF and the development team of Rootkit Unhooker have joined Microsoft. They are currently making plans to ship off to Wittenberg in Germany ( where Martin Luther is buried ) where the Rootkit Unhooker team will finish off work on their, up to now,secret project called Secured Eye (SEye),“…in a two words this is project mix of software/hardware related to distributed calculations and virtualization technologies based on Vanderpool / Pacifica extensions. Not a Blue Pill. To be more correct some parts of SEye can be used as a pill for any kind of Blue Pill variations ;)

Old MS LogoMicrosoft now owns Rootkit Unhooker and SEye….”As you can guess all our source code and concept were sold to MS. This was happened in the beginning of November and includes all variants of our test programs, RkU, including last 4.1 version and SEye which is ready on 3/4.”

It is a great thing that EP_X0FF and the team are off to Microsoft. Just like Mark Russinovitch before them, their vision and knowledge alongside money and resources from Microsoft will bode well for us all in the future.

Best of Luck to you all and keep in touch.

You can read EP_X0FF’s blog here…http://www.rootkit.com/blog.php?user=EP_X0FF

Keep Safe

Steo

 

Posted in News, Microsoft, Debate, Rootkit Scanners, Rootkit Unhooker, EP_X0FF | 8 Comments »