At 09:15 AM 3/30/2005, Bernie Cosell wrote: > ><http://www.computerworld.com/printthis/2005/0,4814,99843,00.html> > >Scary stuff... Note that you need to be running with admin privileges >for a rootkit to mess with the kernel image and DLLs (there are >surprisingly few privilege-escalation attacks on XP -- i think that's in >part because *so* many people just run as admin that there's hardly any >need for the extra complexity). > >As for the nature of the warning, they're mostly right: rootkits have >been a plague in Unix-land for a long time and the same applies there: if >you've been rootkitted, to first order your only recourse is to format >and reinstall from scratch.
http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml RootkitRevealer - Updated: March 24, 2005 - v1.32 RootkitRevealer is an advanced patent-pending root kit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at <http://www.rootkit.com>www.rootkit.com , including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). The reason that there is no longer a command-line version is that malware authors have started targeting RootkitRevealer's scan by using its executable name. We've therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service. This type of execution is not conducive to a command-line interface. Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version's behavior. --- -- ---------------------------------------- WIN-HOME Archives: http://PEACH.EASE.LSOFT.COM/archives/WIN-HOME.html Contact the List Owner about problems: [EMAIL PROTECTED] Unofficial Win-Home List Members Profiles Page http://winhome.wavijo.com/
