Active Members Fi8sVrs Posted July 2, 2011 Active Members Report Posted July 2, 2011 How to find hidden rootkit in system?Well, most of the antivirus fails when it comes to locating the hidden stuff.I have been in such a situation a few days back where I was sure that my system is infected but, my anti and firewall plus spyware removal tools were giving me a green signal stating that my system is secure and yea according to them my system was not infected with any worm, virus or trojan horsesWhy so, if I was indeed infected?Because, malware developers inject worms into hidden processes, modules and services and your anti bypass them because most of the antis are not designed to look into hidden modules. To overcome this limitation of antis, spyware removal tools you can use a special tool which is designed keeping the same concept in mind. Yea, I am talking about none other than GMER.What’s GMER?It’s a rootkit detector and remover, it scans for:· hidden processes· hidden threads· hidden modules· hidden services· hidden files· hidden Alternate Data Streams· hidden registry keys· Drivers hooking SSDTFor more information and download visit gmer.net.Source Quote
nedo Posted July 2, 2011 Report Posted July 2, 2011 (edited) Programul este foarte util dar trebuie sa ai ceva cunostiinte pentru a il folosi.O chesie pe care trebuie sa o stii atunci cand il lasi sa scaneze este ca toate programele uzuale trebuie inchise, si aici ma refer la : antivirus, firewall, playere video/audio, messenger, skype, browsere, cam tot ce nu tine de sistemul de operare. Este de preferat totusi sa faceti scanarea cu el cu windows pornit normal, deoarece unele rootkituri nu pornesc in safe mode si scanezi dupa ele degeaba, nu o sa fie detectate nici de gmer si nici de vreun antivirus , deoarece datorita modului in care sunt facute rootkiturile nu prea sunt detectate de antivirusi nici macar cand sunt vizibile deoarece par programe legitime.Ca tot veni vorba uitati aici un mic tutorial video pentru eliminarea rootkiturilor cu ajutorul gmer si rootrepeal;apasa Edited July 2, 2011 by nedo 1 Quote