Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UnHackMe by Greatis Software


  • Please log in to reply
1 reply to this topic

#1 TimYH

TimYH

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NY / NJ
  • Local time:09:05 PM

Posted 23 July 2010 - 09:43 AM

I remember a few years ago when my computer caught a nasty virus I somehow stumbled upon this program to remove the rootkit. It worked like a charm actually but whenever I go back the website and look at it, I always feel like that it is very suspect looking and am unsure of it. I keep a downloaded copy on my external just in case, but I rarely ever bring it out to clean computers. I spoke with a family friend of mine who runs his own PC Warehouse and regularly deals with Malware, Virus, and Rootkit removal (actually he taught me most of the methods I have been using to clean computers myself) and he never heard of the program. And when I showed it to him, he was more or less unimpressed actually.

Has anyone else used it or had experience with it? General thoughts about Greatis products (which I have never heard of besides UnHackme).
I like to think I know a bit about computers, I apologize if my advice is not sound or clear. I try my best to give good answers.

Line of Defense
aVast! | Comodo | Malwarebytes

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:05 PM

Posted 24 July 2010 - 12:29 PM

Greatis is a reputable site and UnHackMe can be effective if you know how to use it.

If you're unsure how to use a particular Anti-rootkit (ARK) tool or interpret the log it generates, then you should not be using it. Some ARK tools are intended for advanced users or to be used under the guidance of an expert who can interpret the log results. Arks are powerful tools and using them incorrectly could lead to disastrous problems with your operating system. Most of the more effective ARK tools should only be used under the guidance of an expert who knows how to investigate its log for malicious entries before taking any removal action.

Why? Not all hidden components detected by anti-rootkit (ARK) scanners and security tools are malicious. It is normal for a Firewall, anti-virus and anti-malware software, CD Emulators, virtual machines, sandboxes and Host based Intrusion Prevention Systems (HIPS) to exhibit rootkit-like behavior or hook into the OS kernal/SSDT (System Service Descriptor Table) in order to protect your system. SSDT is a table that stores addresses of functions that are used by Windows. Whenever a function is called, Windows looks in this table to find the address for it. Both legitimate programs and rootkits can hook into and alter this table.

API Kernel hooks are not always bad since some system monitoring software and security tools use them as well. If no hooks are active on a system it means that all system services are handled by ntoskrnl.exe which is a base component of Windows operating systems and the process used in the boot-up cycle of a computer. ARK scanners do not differentiate between what is good and what is bad...they only report what is found. Therefore, even on a clean system some hidden essential components may be detected when performing a scan to check for the presence of rootkits. As such, you should not be alarmed if you see any hidden entries created by legitimate programs after performing a scan.

In most cases further investigation is required after the initial ARK scan by someone trained in rootkit detection or with advanced knowledge of the operating system. Report logs need to be analyzed and detected components identified in order to determined if they are benign, system critical or malevolent before attempted removal. Using an ARK scanner without knowing how to tell the difference between legitimate and malicious entries can be dangerous if a critical component is incorrectly removed.

There are many free anti-rootkit tools but some of them require a certain level of expertise and investigative ability to use. These are a few of the easier ARKS for novice users:-- Note: Malwarebytes Anti-Malware uses a proprietary low level driver (similar to some ARK detectors) to locate hidden files and special techniques which enable it to detect a wide spectrum of threats including active rootkits. SUPERAntiSpyware Free offers technology to deal with rootkit infections as well.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users