Wednesday, February 11, 2009

Panda Anti-Rootkit

Panda Security Anti-Rootkit Suite.

We will be collecting and analyzing rootkits pretty soon with the preexisting toolkits such as these and compare the tools on various stages:

  • Preparation & Detection/Monitoring

  • Containment/Isolation

  • Eradication/Quarantine

  • Recovery/Patching



We will look at the various characteristics such as time taken and the overall cleaning process too.

To start with, Panda Anti-rootkit starts with a one click screen where the users can scan rootkits:



Once the users have chosen whether to allow auto-update or not, and the option to go to an in-depth scan[which is most likely recommended, since simple scans on any case might be fast, but what is fast might not be what is efficient at all times.], the software takes you to a Reboot system screen which allows the user to restart their system to make the changes [It is recommended to reboot the system before the scan]:



Once the system reboots, the scanning process automatically starts with the following 6 layers of scan,

  • Running Processes

  • Windows Registry

  • User and kernel hooks

  • Services and Drivers

  • Files and ADS

  • Evaluating Incidents




Second snapshot, that shows progress in the scanning process:



When the process has come to an end a report gets listed as seen in the following image:



If you wish to participate or if you have questions, email us at contact.fingers @ gmail.com.

-EF

No comments: