Zeus removal with RogueKiller 7

Zeus removal with RogueKiller   How to remove Zeus variants (Citadel) with RogueKiller     EDIT October,4th 2014   If the only process detected is your Antivirus, please ignore the detection.   We are working on this issue, which is not really a bug, but a problem of signature scanner definition VS Antivirus definition.   […]

rk1

Userland rootkits: Part 1, IAT hooks 23

Userland rootkits: Part 1, IAT hooks   This is the first part of this series about Userland rootkits, I wanted to write on it and demonstrate how some rootkits do to hide files by using IAT hooks.   This post is about a classic trick, known for decades. Malware specialists may know this already, so […]

iattable

Capture

RogueKiller V10 is here! 2

RogueKiller V10 is here   …With a brand new UI and a Premium version (beta)   No worries, user experience is still the same (fortunately, or unfortunately, it’s up to you :)) Here’s what it looks like:       What’s new?   New UI, based on Qt Framework. All the forms have been redesigned, […]


Poweliks removal with RogueKiller 58

Poweliks removal with RogueKiller   How to remove Poweliks with RogueKiller   EDIT 11/21/2014:   This new variant disallows file downloads on Internet Explorer. To re-enable them (and download RogueKiller), you need to go in “Tools”, “Internet Settings”, then in the “Security” tab.   Click on “Reset all areas to the default level” et validate. […]

RogueKillerCMD can read the full content

filesystem filter

KernelMode rootkits: Part 3, kernel filters 15

KernelMode rootkits: Part 3, kernel filters   This is the third part of this series about Kernel Mode rootkits, I wanted to write on it and demonstrate how some rootkits (Ex: Keyloggers) do to intercept keystrokes by using kernel filters.   To understand the basics of kernelmode, drivers, please refer to the first part.   […]


KernelMode rootkits: Part 2, IRP hooks 6

KernelMode rootkits: Part 2, IRP hooks   This is the second part of this series about Kernel Mode rootkits, I wanted to write on it and demonstrate how some rootkits (Ex: TDL4) do to hijack disk access by using IRP hooks.   To understand the basics of kernelmode, drivers, please refer to the first part. […]

IRP hook

Src: Microsoft

KernelMode rootkits: Part 1, SSDT hooks 4

KernelMode rootkits: Part 1, SSDT hooks   This is the first part of this series about Kernel Mode rootkits, I wanted to write on it and demonstrate how some rootkits (Ex: Necurs) do to hide their presence and protect themselves from removal by using SSDT hooks.   I’ll first introduce what is KernelMode (against UserLand), […]