>From the man himself. He pretty much says a rootkit can be unbreakable. Once >your at the kernel mode it has that power to be unbreakable if its smart >enough. From what I hear the newer versions of windows and processors will >protect more against just anything accessing kernel mode.
"Is there a sure-fire way to know of a rootkit's presence? In general, not from within a running system. A kernel-mode rootkit can control any aspect of a system's behavior so information returned by any API, including the raw reads of Registry hive and file system data performed by RootkitRevealer, can be compromised. While comparing an on-line scan of a system and an off-line scan from a secure environment such as a boot into an CD-based operating system installation is more reliable, rootkits can target such tools to evade detection by even them. The bottom line is that there will never be a universal rootkit scanner" ________________________________ From: [EMAIL PROTECTED] on behalf of Hayes Elkins Sent: Sat 2/11/2006 10:53 AM To: hardware@hardwaregroup.com Subject: RE: [H] Suggested tools for helping a friend with badvirus infestation Christ, you act like rootkits are unbreakable. http://www.sysinternals.com/Utilities/RootkitRevealer.html "RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender" >From: "Mesdaq, Ali" <[EMAIL PROTECTED]> >Reply-To: The Hardware List <hardware@hardwaregroup.com> >To: "The Hardware List" <hardware@hardwaregroup.com> >Subject: RE: [H] Suggested tools for helping a friend with >badvirus infestation >Date: Fri, 10 Feb 2006 18:02:06 -0800 > >I can guarantee that a infected system is unclean-able by you! Not to >question your intelligence but I think you question the malware authors >intelligence. I have setup honeypots as a matter of fact I operate >several for my company and within 1 minute a system is so infected with >unknown malware you would be astonished. And don't think I am just >checking malware against one or two AV companies. Go to >www.virustotal.com and see all the vendors. I collect malware that is >not recognized by any of all those vendors and I have to reverse >engineer it just to know that it does. > >That whole nothing can stop me attitude I don't buy it and I don't >respect it in this context. If the issue is a system crash or a bug in >configuration that's where the never quite attitude is good. But in a >case where you could possibly not clean out a system and leave a >password stealing Trojan on a system the payoff is not very much when >the alternative is a reformat and 100% safe system. > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Thane >Sherrington (S) >Sent: Friday, February 10, 2006 12:46 PM >To: The Hardware List >Subject: Re: [H] Suggested tools for helping a friend with badvirus >infestation > >At 04:07 PM 10/02/2006, warpmedia wrote: > > >One way is now a hit-or-miss hack job, the other the proper > >solution. It's not a academic exercise, it's a job, there is no > >reason to spend time and still not be certain you've done the job >right. > >I am doing the job right. Just because you can't get the time down >to a reasonable level to clean a system doesn't mean it's >impossible. It just means you haven't figured it out yet. > >T > >
<<winmail.dat>>
