none
Rootkits RRS feed

  • Question

  • Rootkits as all modern malware become smart and many of them do not install itself on the hard drive but stay in the computer memory. Of course, they are all die at restart system. But I'm so interested a question how to detect them and how stop them if they try attack again. Ok. I thought about tuning machine for the manually creating full memory dump at <Ctrl+ScrollLock+ScrollLock>. And what you think? When I load dump file into debugger (SoftIce) I was shocked. Actually, this experiment was performed at VMWare but what will be if it was a native machine?

    RKR as other antirootkit tools can detect only that malware what placed on the drive but major of rootkits stay stealth. For example, SecuRom 7 - 100% rootkit. But it was wrote to be undetectable for antiviruses and antimalware. Think about it.

    Sunday, July 12, 2009 9:40 AM

All replies

  • Your question is old, in Windows 10, they are new features to enhance protection against Rootkit and they are improvement in hardware design to protect user against Rootkit.
    Thursday, January 10, 2019 7:36 PM