KernelMode rootkits: Part 3, kernel filters

KernelMode rootkits: Part 3, kernel filters   This is the third part of this series about Kernel Mode rootkits, I wanted to write on it and demonstrate how some rootkits (Ex: Keyloggers) do to intercept keystrokes by using kernel filters.   To understand the basics of kernelmode, drivers, please refer to the first part.   […]

filesystem filter

IRP hook

KernelMode rootkits: Part 2, IRP hooks 4

KernelMode rootkits: Part 2, IRP hooks   This is the second part of this series about Kernel Mode rootkits, I wanted to write on it and demonstrate how some rootkits (Ex: TDL4) do to hijack disk access by using IRP hooks.   To understand the basics of kernelmode, drivers, please refer to the first part. […]


KernelMode rootkits: Part 1, SSDT hooks 1

KernelMode rootkits: Part 1, SSDT hooks   This is the first part of this series about Kernel Mode rootkits, I wanted to write on it and demonstrate how some rootkits (Ex: Necurs) do to hide their presence and protect themselves from removal by using SSDT hooks.   I’ll first introduce what is KernelMode (against UserLand), […]

Src: Microsoft

stats1

New RogueKiller statistics are here!

New RogueKiller statistics are here!   And they are way more sexy than before…   RogueKiller’s statistics are a way to display the data sent by the software to our webserver database.   The statistics are displayed in real time (you have to refresh the page though), so there’s no need to have human action […]


Dear AVs, why don’t you like me? 9

Dear AVs, why don’t you like me?   How you destroy small developers   Starting with RogueKiller V9, we have a lot of issues with some Antivirus vendors, flagging our software at every release. Not because it’s a malware, but because of their heuristics engine. And overall, because they really SUCK at whitelisting legit products. […]

Capture

Capture

Necurs removal with RogueKiller

Necurs removal with RogueKiller   How to remove Necurs rootkit with RogueKiller     Little Analysis   Necurs is a rootkit, having a kernel driver and a protected service. The kernel driver has a self-protection feature against service key removal. It also filters which kernel driver can load to avoid antirootkits enter kernelmode and try […]


RogueKiller 9 on the tracks! 4

RogueKiller 9 on the tracks!   We are currently developing the version 9 of RogueKiller, by rewriting everything (engine) from scratch. It will take several months yet, but will be a great and exciting new thing!   What will change?   Almost everything, except the UI. Basically, we are building what will be called the […]

sdk1

Adobe reader installe McAfee

PUP Removal 10

PUP Removal   How to remove PUP     What is a PUP?   A PUP (for Potentially Unwanted Program) is a usually a program you didn’t install by yourself, or you did install by error. It often comes in bundled installers, where several additional programs are installed when you originally wanted to install only […]