A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #943  by EP_X0FF
 Thu Apr 29, 2010 2:57 pm
Thanks for testing :) It was additionally tested for compatibility with Windows 2003 SP2 R2, Windows Vista RTM, Windows Vista SP2, Windows 7 RTM.
It needs some additional work with local.dll (add and translate some messages) and if no huge bugs will be discovered - ready to release.
 #946  by EP_X0FF
 Fri Apr 30, 2010 4:31 am
RkU3.8.388.590.exe (MD5: deeaad9766804927d5f15d7f01ec0704, SHA1: c8afaef4dfe8f1881d04bff0440852c1720abc99)
Russian local.dll (MD5: c8feb0e9bf0530354fbe88af5decf0da)
Translatable local_dll.dll (MD5: 404ae36075e21d2320ff6b3a8603991a)
Res1.res (MD5: 16073854db0a7cbb8794c77b40ef75bc)

Complete changelog inside RkU help file.
Attachments
Rootkit Unhooker 3.8 SR2, 30.04.2010
(614.31 KiB) Downloaded 52 times
Russian local dll
(4.04 KiB) Downloaded 38 times
Translatable resources
(7.17 KiB) Downloaded 37 times
 #949  by gjf
 Fri Apr 30, 2010 7:53 am
EP_X0FF, at first - greetings for a new release! You are doing a really nice job!
But can you perform the same as in betas - to make RkU able to work without pre-installation? Some kind of portable application?
 #951  by EP_X0FF
 Fri Apr 30, 2010 12:10 pm
Hello and thanks to everyone for feedback.

Yes, I'm planning to release rku at rootkit.com as setup bundle and standalone executable.
 #953  by Ronlennon
 Fri Apr 30, 2010 12:57 pm
Hello, Thanks for great release :D

Think i found a bug though.
Running RKU when Panda Internet Security installed makes RKU (newest) crash.

rku_error_log_49571546.txt
================
Exception code : 0xC000001D
Instruction address : 0x7FFA0005

Link to Panda Internet Security 2010:
hxxp://www.pandasecurity.com/homeusers/downloa ... N-IS10-DWN

Needs to register for mail instructions where to download :(
 #954  by gjf
 Fri Apr 30, 2010 1:03 pm
Ronlennon, all ARK software counteracts with antiviruses and other ARK. I believe it is not a bug, because author (as I remember) recommends to shut down all antiviruses and HIPS during scan.

FYI system hangs on if I will try to start RkU with Kaspersky Internet Security 9.0.736.
 #955  by Ronlennon
 Fri Apr 30, 2010 1:19 pm
gjf.

Ok , Thanks for information.
Yes you´re right running Ark tools with security software results in an unpredicted results especially false positives.
I usually uninstall them before for minimize such results.
I just wanted to report this in hope that it may be useful for the author.
RkU3.8.386.589 worked just fine showing of what security measurements where taken by Panda Internet Security.
thinking of if a malware is set up in the same fashion , then RKU may have problem to start.
 #956  by EP_X0FF
 Fri Apr 30, 2010 2:56 pm
Hello,

yes, it is highly recommended to uninstall all security software before trying any antirootkit simple because of tons of false positives they will generate.
This is probably related to rku incompatibly with Kaspersky/Panda self-protection of IPS features. I will look for this in next week and if this is caused by rku bug I will try to fix that.

Thanks.

edit:

thanks to a_d_13, RkU mirrored at this site
http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar

updated link listed also in AntiRootkits topic table.
  • 1
  • 7
  • 8
  • 9
  • 10
  • 11
  • 16