Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Sysinternals Suite


Comprev
 Share

Recommended Posts

Sysinternals has an excellent arsenal of security software.

I downloaded it, used RootkitRevealer, and it found a whole bunch. (For some reason, even though I have Win 7, when I use it, I click the link to view a message, and it takes me to an old Windows XP view. It might be even older.

However, I would recommend it, especially to people who are interested in malware, or people who want extra protection.

They should have an antivirus, but that would cause a great deal of confusion, due to the fact that there is a rogue called Sysinternals Antivirus.

Here, let us talk about our experiences with Sysinternals and their products, and how you can use them best.

Sysinternals Suite

Comprev

Link to post
Share on other sites

I downloaded it, used RootkitRevealer, and it found a whole bunch.

RootkitRevealer's output lists Registry and file system API discrepancies, RootkitRevealer compares the results of a system scan at the highest level with that at the lowest level. The highest level is the Windows API and the lowest level is the raw contents of a file system volume or Registry hive.

Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software,sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. SSDT (System Service Descriptor Table) is a table that stores addresses of functions that are used by Windows, Both Legitimate programs and rootkits can hook into and alter this table. For that reason you should always have these results checked by an Expert before taking any action on any of the items the scans find.

Also be aware if you are using a CD Emulator (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD, etc) that they use rootkit-like techniques to hide from other applications and may be detected as well.

Sysinternals Suite is a great toolkit but it was designed mostly for IT Professionals

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.