简介Avira AntiRootkit Tool

显示全部楼层 · 发表于 2009-4-12 22:20:15

好长，有点晕了。只觉得这个东东可以检测出隐藏得更深的“木马”，可以作为辅助工具使用，且不是错的好工具。谢谢分享。

显示全部楼层 · 发表于 2009-4-12 22:37:51

对需要安装的ARK工具向来无爱啊。。。

显示全部楼层 · 发表于 2009-4-12 23:18:42

dl123100 用了inlinehook：

恢复那3个inlinehook 即可正常对文件进行签名验证。

服务项：

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VIASCSl]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Tag"=dword:00000021
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,72,00,65,00,6a,00,7a,00,6c,\
00,70,00,76,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="VIA SCSI MiniPort"
"Group"="SCSI miniport"
"Version"=dword:0000000c

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VIASCSl\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VIASCSl\Enum]
"0"="Root\\LEGACY_VIASCSL\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

显示全部楼层 · 发表于 2009-4-13 00:27:34

这个工具和红伞中的rootkits search应该是一个东东吧

显示全部楼层 · 发表于 2009-4-13 09:57:04

不是很明白！

显示全部楼层 · 发表于 2009-4-13 13:58:10

看来真是一个不错的工具，支持~~~

显示全部楼层 · 发表于 2009-4-13 14:34:58

太长了，大概其看了看！

显示全部楼层 · 发表于 2009-4-22 20:28:56

很好很好感谢分享

显示全部楼层 · 发表于 2009-4-25 10:33:58

看起来这个软件不错,看起来很长

显示全部楼层 · 发表于 2009-4-25 10:38:06

V9自带了

简介Avira AntiRootkit Tool

回复 1楼 backway 的帖子