Results 1 to 6 of 6

Thread: Is there a bootable /live CD rootkit detector?

Hybrid View

  1. #1
    wlhaught Guest

    Default Is there a bootable /live CD rootkit detector?

    I am wondering if there is such a thing as a rootkit detector that works outside of the computer's OS, such as a bootable CD running its own OS such as FreeDOS or Linux. I am aware that one in development uses virtualization, requiring hardware I don't have and probably more processing power than I'd want to give up if I did.

    What I am thinking is that it probably would be much easier than trying to find a rootkit using a compromised system, wouldn't it? Could such a tool be devised that is nearly 100% perfect and usable by the average computer user? Would it really be able to hide registry keys and files if the system isn't running? I am assuming that the scanner knows (or should know) about alternative data steams, boot sectors of partitions the master boot record/partition table itself, and virtualization technologies.

    I would think that a simple way of handling virtualization is to have it ask if virtualization is used and how it is set up. That way it one can for example tell it that virtualization was not set up by the administrator (often the end user these days) and it can at least report that an unknown or unsuppported virtualization seems to be in use and that the administrator should be wary.

    Perhaps some anti-virus vendors do this. I think they all should. The only problem is that burning ISO images may be beyond the average user I suppose. Personally, I find the graphical tools often included with Dell computers such as Roxio simple enough.

    Sometime, if I ever have the time, I may go through looking up vendors one-by-one.

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Is there a bootable /live CD rootkit detector?

    See here and this does include the iso imaging needed (it is included).

    Infra recorder is the iso burner I use (which is seldom)..freeware and does the job okay.

    Also see BartPE.

    Oldsod.

    Message Edited by Oldsod on 04-25-2009 12:00 AM
    Best regards.
    oldsod

  3. #3
    wlhaught Guest

    Default Re: Is there a bootable /live CD rootkit detector?

    I was thinking more in line of rootkit detection which is by nature more difficult. To use BartPE for my purposes would be difficult and the ISO to burn would have to be built on a clean system. I suppose one can back up data, write zeros to the drive, repartition, reinstall Windows, then run an executable that builds the ISO with BartPE and rootkit detection software.

    I see no mention of rootkits in the description for Avira AntiVir Rescue System anywhere.


    I do run a bloated Make-A-Fee security suite with the real-time scanner on, for what it is worth. I also do most of my browsing from a limited account in XP. I nearly forgot about ZoneAlarm, which was a mere firewall years ago. Now that they have a product with a name like ZONEALARM
    Internet Security Suite I'll have to look into it more. Unfortunately, the subscription for my existing product was renewed a few months ago.

    But thanks for responding anyway.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Is there a bootable /live CD rootkit detector?


    <blockquote><hr>wlhaught wrote:
    I was thinking more in line of rootkit detection which is by nature more difficult. To use BartPE for my purposes would be difficult and the ISO to burn would have to be built on a clean system. I suppose one can back up data, write zeros to the drive, repartition, reinstall Windows, then run an executable that builds the ISO with BartPE and rootkit detection software.

    I see no mention of rootkits in the description for Avira AntiVir Rescue System anywhere.


    I do run a bloated Make-A-Fee security suite with the real-time scanner on, for what it is worth. I also do most of my browsing from a limited account in XP. I nearly forgot about ZoneAlarm, which was a mere firewall years ago. Now that they have a product with a name like ZONEALARM
    Internet Security Suite I'll have to look into it more. Unfortunately, the subscription for my existing product was renewed a few months ago.

    But thanks for responding anyway.
    <hr></blockquote>


    Avira has a rootkit detection included in their antivirus scanner and this is included the rescue disk scanner.
    Probably the easiest to use is the Ava5T with the boottime scanner..and this also includes a rootkit scanner.

    I skipped using suites many years ago and use the ZA Pro along side the Avira. That is basically my 'suite'.

    Oldsod.
    Best regards.
    oldsod

  5. #5

    Default Re: Is there a bootable /live CD rootkit detector?

    The following link is to a site where 13 different bootable rescue disks are described and compared. Surely one of them will be to your liking. Root Kits are frequently assumed when there is mention of "Malware" so the fact that they are not explicitly named in a disks description does not necessarily mean they will not be cleaned .You might consider testing a rescue disk on a system known to be infected with a root kit and see how it does before assuming it won't work..http://www.raymond.cc/blog/archives/...t-rescue-disk/

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Is there a bootable /live CD rootkit detector?


    <blockquote><hr>ledoc wrote:


    The following link is to a site where 13 different bootable rescue disks are described and compared. Surely one of them will be to your liking. Root Kits are frequently assumed when there is mention of "Malware" so the fact that they are not explicitly named in a disks description does not necessarily mean they will not be cleaned .
    You might consider testing a rescue disk on a system known to be infected with a root kit and see how it does
    before assuming it won't work..


    http://www.raymond.cc/blog/archives/...t-rescue-disk/
    <hr></blockquote>


    HI Doc!
    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •