A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #338  by GamingMasteR
 Fri Mar 19, 2010 4:24 pm
Hello petec,

It's not private, it's just the beta of the new version and it needs alot of work to be complete ...
 #366  by petec
 Sat Mar 20, 2010 10:42 am
Ahh righto, hope it goes well then.

And Thanks for releasing your program to everyone ;)
 #664  by gjf
 Mon Apr 12, 2010 7:31 am
I know it is just a PoC, but:
Code: Select all
    * FLISTER http://www.invisiblethings.org/tools/flister.zip
And additionally:
Code: Select all
    * Mandiant Memoryze http://fred.mandiant.com/MemoryzeSetup.msi
    * Filter Monitor http://ntcore.com/files/FilterMon.zip
 #686  by a_d_13
 Tue Apr 13, 2010 5:44 pm
Thank you for the information - I have updated the original post and mirrored the copy of DwShark.

Thanks,
--AD
 #1193  by fdwojo
 Mon May 31, 2010 5:34 am
By the way, I'm curious about the list....

I notice that COMBOFIX is not listed. I use it many times to get rid of Rootkits. Is it not here because you feel it is not an Anti-Rootkit or because the author doesn't want it mentioned or listed here? It's home page (I believe) is at BleepingComputer.com.

For all the rest of the options, thanks for compiling the list. It's always helpful to have other tools available when you have to get rid of malware, especially rootkits.

And by the way, does anyone know of any reviews of the various anti-rootkits listed here? Does anybody have any recommendations of one over another with regard to getting rid of certain infections? Either because the tool in question is harder for rootkits to block, or are more updated/aware of the various threats, or perhaps are quicker or easier to use?
 #1194  by gjf
 Mon May 31, 2010 7:36 am
fdwojo, FYI Combofix is not a separate ARK, it consists of several tools and scripts combined in one. You can easily unzip it and find what is inside.

That's I think it should not be recognized as ARK.

As for reviews - you can find some of them in Google. But please put into mind that's the most often it's just a PR and sometimes the samples, testing procedure, versions of ARKs etc were taken in that very way to make somebody be a champion :)
 #1229  by Babibee
 Thu Jun 03, 2010 1:54 am
Hi,

VBA32 antirootkit can be downloaded here (I was not able to get from the FTP link provided)

hxxp://www.anti-virus.by/en/vba32arkit.shtml

BTW, the given links for Deep System Explorer and HookShark seem to be dead by now. Does anyone know any alternative?

Thanks for this posts anyway.
 #1230  by EP_X0FF
 Thu Jun 03, 2010 3:44 am
VBA direct link corrected.

Diamond CS site seems to be gone to hell.

I've both mentioned ARK's in my collection, so I will upload them somewhere for mirroring.