Author Topic: Avast & windows Rootkits ?  (Read 14813 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Avast & windows Rootkits ?
« Reply #15 on: May 19, 2005, 09:25:44 PM »
Hi Waldo,

As hackers have used these rootkits also against windows, and this is getting more into the open, there are popping up rootkit detectors, when this becomes a wider threat to window users. One such a tool is RkDetect, a small script and program written in Visual C++ 7.0 47104 bytes version 5.2.3790.0 CRC-32 38203ESA run sc.exe in Dos import table lib.4 imports kernel32.dll 20 msvcrt.dll 25 ADVAPI32.dll 28 ntdll.dll 2 imports You need ADVAPI32.DLL on your system, it list all hidden processes. Fine Russian program, but again it is a two-edged sword, because you can add hidden services too with this one. API-Spy is also helpfull. But the best evaluation method is interpretation from a CD with uncompromised files to evaluate.

Greetings,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

jrey

  • Guest
Re: avast! & Windows rootkits?
« Reply #16 on: May 25, 2005, 05:38:51 AM »
"Complaining" in the forums may or may not be noticed, but....

As excerpted from http://www.avast.com/eng/technical_support.html:

If you have any suspicious files that are not detected by the latest version of our antivirus programs, you can send them to virus@avast.com. An ideal way to send such files is to compressed them as ZIP with the password 'virus' (so that the attachment is not deleted by some other antivirus on the way).

Offline TedNelly

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1538
  • Trust No-One!
Re: Avast & windows Rootkits ?
« Reply #17 on: May 25, 2005, 06:31:20 AM »



Fascinating informative discussion  have been  enlightened

it is discussions like these that help to keep  all of us more informed 

Thanks
Windows 10 Pro | Intel I7 CPU | 16 Gig 2133 RAM | Avast beta 17.5.2295 | Firefox 54 b9(64-bit) | Cyberfox 52.1 | T-Bird 52.1.1 | SpyWareBlaster 5.5 | MalwareBytes 3.0.0.865 | WinPatrol 35.5.2 | GlassWire 1.2.100 | Cybereason Ransomfree 2.2.7 |  Pulla-dePlug Final!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Avast & windows Rootkits ?
« Reply #18 on: May 25, 2005, 03:48:12 PM »
Hello P3t3rb0nn, my friend,

The anti-rootkit discussion will be taken onwards, I presume. I think it will be an evolving threat in the future. I totally agree that a lot of malware, and programs with virus- or trojanlike activities are wittingly or unwittingly downloaded onto a machine. That means great pity for the uneducated. That is why we have to advice people strongly against clicking on anything they see or that which seems interesting. Idle promises are more likely than not meant to be just that. So an extra line of defense goes according to these lines, imho: be responsible on the net. Know your system in so far as necessary. So use a checksum program, check on unknown program files, keep files from hiding on your system. Use small helpful utilities like FileAlyzer, a Binairy Text Scan program, a hex viewer to look for abnormalities that else won't show. These are things you should use whenever you smell there is something fishy going on on/in your system, a xxx.dll or cpl that does not seem familiar at first hand, a file that is found in another  path than normally routine, etc. etc. There will be new handy dandy tools coming up for this purpose, and screening your OS from an uncompromised OS can be helpful too.

greetings,

POLONUS

« Last Edit: May 25, 2005, 04:05:02 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Avast & windows Rootkits ?
« Reply #19 on: May 25, 2005, 05:36:27 PM »
"Complaining" in the forums may or may not be noticed, but....

As excerpted from http://www.avast.com/eng/technical_support.html:

If you have any suspicious files that are not detected by the latest version of our antivirus programs, you can send them to virus@avast.com. An ideal way to send such files is to compressed them as ZIP with the password 'virus' (so that the attachment is not deleted by some other antivirus on the way).

Sorry, colour me Confused ???

Do you have a problem or complaint that you would like to raise?

I can't see the relevance of the content of your post and the thread Subject/Topic ' Avast & windows Rootkits ?'

So if there is something you would like to ask, raise it in a New Topic/thread (or use the search function to see if the topic is being or has been covered and raise it there), it should be in the relevant Forum for that topic. Click the New Topic button to create a new topic in the relevant forum.

« Last Edit: May 25, 2005, 05:39:08 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Umath

  • Guest
Re: Avast & windows Rootkits ?
« Reply #20 on: May 25, 2005, 06:14:48 PM »
I think J_Rey is saying that it is more assuring to send "rootkits" to Avast Team as possible viruses rather than "complaining" in the forums if you think rootkits are malware.

However, as the name Hacker defender implies, for example, rootkits are neutral in a sense that they simply hide files, which caused the discussion between "educated" people (excuse me for my sarcastic remark but I think education is much wider than security issues although I respect knowledge of people in this forum including plonus).  Then again, it is true that their "feature" is used by crackers and some of them seem to contain malware.  So, I wonder why Waldo didn't send them (Vanquisch, He4hook and FU) to Avast team as well as to E-trust before/at the same time posting here.  For rootkits discussion is interesting but at least some of them are more than suspicious and threats at the moment rather than in the future.

Just my 2 coppers.  ;)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Avast & windows Rootkits ?
« Reply #21 on: May 25, 2005, 08:22:41 PM »
Hi Umath,

Tell the whole story, and not part of it. Yes,  rootkit are malicious applications which help an attacker to disguise trojans & other kind of malware. The nasty bit is "it is a cloak of invisibility". After the activation stage any files designated by the attacker will vanish, this applies to the rootkit itself and additionaly installed files (backdoors). Now comes the intersting part: an AV/AT scanner will be unable to detect the invisible files from this compromised machine. It can hide registry entries, autostart entries, some even cloak open ports. See the full story here: http://home.arcor.de/scheinsicherheit/rootkits.htm.
To explain more about the level where this takes place:  API Hooking. See a tool like api spy. I like to hear Waldo's comment what he sees as a defence to these rootkits. I think the AV scanner must trap the malicious applications before activation.
How are these malicious applications put onto a system?

Greetings,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

jrey

  • Guest
Re: avast! & Windows rootkits ?
« Reply #22 on: May 26, 2005, 02:31:53 AM »
[snip]

Sorry, colour me Confused ???

Do you have a problem or complaint that you would like to raise?

I can't see the relevance of the content of your post and the thread Subject/Topic ' Avast & windows Rootkits ?'

So if there is something you would like to ask, raise it in a New Topic/thread (or use the search function to see if the topic is being or has been covered and raise it there), it should be in the relevant Forum for that topic. Click the New Topic button to create a new topic in the relevant forum.


Doh!  I forgot to quote a previous post http://forum.avast.com/index.php?topic=2428.msg17528#msg17528 ....  Umath got it right, though.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Avast & windows Rootkits ?
« Reply #23 on: May 26, 2005, 01:13:05 PM »
Ahhhh, I see ;D 8)
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

inconnu

  • Guest
Re: Avast & windows Rootkits ?
« Reply #24 on: May 26, 2005, 01:56:20 PM »
Sysinternals has a free RootkitRevealer available.  However, the results may require somewhat expert interpretation (in other words, it may reveal perfectly normal things which you do not want to delete).

I agree, these things are bad news.

Several threads, including this one and this one, over at broadbandreports may be worth looking at.  They do not make for pleasant reading.