Monday, February 2, 2009

McAfee Rootkit Detective Beta

Features [COPIED AND PASTED SHAMELESSLY FROM THE McAfee WEBSITE]

****** START OF PASTED INFO ******
Features

Following are the features of this program that are designed to proactively detect and clean rootkits from the system. This program is not dependent on any signatures and can proactively detect most of the existing and upcoming rootkits and allow the user to clean them.

* Designed to proactively detect the system objects like processes, files and registry that are hidden to the user.
* Provides information about all running processes in the system.
* Provides information about various system hooks like SSDT(System Service Descriptor Table) hooks, user/kernel IAT/EAT(Import/Export Address Table) hooks.
* Allows the user to clean/remove the malicious objects from the system by renaming/deleting the hidden files/registry.
* Allows the user to terminate the malicious processes.
* Users can submit samples using the submission feature present in the tool.
* Users can also collect the samples manually after renaming them and submit to stinger@avertlabs.com for further analysis.

Rootkit Detective log file contains details of the hidden files. The files once renamed after reboot will have a .REN extension. User can search for the same on the system and can submit these files for further analysis with your comments to stinger@avertlabs.com. Zip the files and password protect with “infected” and mention “Rootkit Detective” in the subject line when you send the mail.

****** END OF PASTED INFO ******


Pros:
* Really fast.
* Really simple One click UI.
* Advanced settings for mid-advanced users.
* Multiple logging capabilities and really comprehensive.
* Easy removal.
* FREE.

Cons:
* Users have to understand the processes and its details or else beginners might remove legitimate processes.

Snapshot of main scan window:



Snapshot of the Settings window:



Snapshot of "View Hidden Processes and Files":




Snapshot of "View Hooked Services":



Snapshot of "View Hidden Registry Keys/Values":



Snapshot of "View All Processes":



We are currently working on www.RootkitAnalytics.com. If you wish to work for our team or if you have any ideas for us to implement, kindly send an email to contact.fingers @ gmail.com.

- EF

No comments: