We will be collecting and analyzing rootkits pretty soon with the preexisting toolkits such as these and compare the tools on various stages:
- Preparation & Detection/Monitoring
- Containment/Isolation
- Eradication/Quarantine
- Recovery/Patching
We will look at the various characteristics such as time taken and the overall cleaning process too.
To start with, Panda Anti-rootkit starts with a one click screen where the users can scan rootkits:
Once the users have chosen whether to allow auto-update or not, and the option to go to an in-depth scan[which is most likely recommended, since simple scans on any case might be fast, but what is fast might not be what is efficient at all times.], the software takes you to a Reboot system screen which allows the user to restart their system to make the changes [It is recommended to reboot the system before the scan]:
Once the system reboots, the scanning process automatically starts with the following 6 layers of scan,
- Running Processes
- Windows Registry
- User and kernel hooks
- Services and Drivers
- Files and ADS
- Evaluating Incidents
Second snapshot, that shows progress in the scanning process:
When the process has come to an end a report gets listed as seen in the following image:
If you wish to participate or if you have questions, email us at contact.fingers @ gmail.com.
-EF
No comments:
Post a Comment