- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
I usually don't worry so much about viruses and worms anymore because it seems to me that this threat is mostly under control nowadays. However, I always feel a bit uncomfortable when I think about rootkits. Viruses try to spread and often enough they damage their hosts, which makes them easier to detect. But rootkits just hide. It lies in their nature that you simply don't know of them.
I just played a little with McAfee Rootkit Detective and it indeed found a couple of hidden registry entries and hooked services on my system. The hooked services belong to my Sunbelt Personal Firewall. I wasn't able to track down the application that created the hidden registry keys, so I just deleted them all. Since this is a test system it is quite probable that they belong to spyware that was installed with one of the tools I tested.
Note that this was just a virtual machine and I created a snapshot before I deleted registry keys. If you intend to mess with the registry on one of your computers, I highly recommend creating a backup of the registry database before you do this even though McAfee Detective has an undo function. I like it that one can delete suspicious registry entries with McAfee Detective. This is an advantage over Sysinternals RootkitRevealer which I usually use when I am on the hunt for rootkits.
Subscribe to 4sysops newsletter!
I don't like the window size of Rootkit Detective though, it is quite small and one can't resize it. So you always have to scroll to read the full path of a registry entry. Another downside of the tool is that it doesn't support Vista. This is quite strange considering that it was just released recently.
What is your favorite rootkit hunting tool?