I'm working on a Compaq Presario (Win98) that's badly infected with trojans; viriis and spyware. I've managed to get this thing resurrected but before I install any new AV software I thought I would check for any rootkits. I tried to run the rootkit revealer from SysInternal's website but it won't even initialize. It's coming up with some error related to a dll error (I think it's becuase it's a Win9.x system) because the error message has the letters NT - sorry I didn't write down the exact error message.
Does anyone know of one that is compatible w/ a Win98 system?
Well, what I mean is that the concept of a root kit doesn't really apply to Win9x. It's still possible to stealthily load dlls and stuff and have stubborn malware, but they aren't hidden in the same manner as a root kit and therefore, the methods of looking for them that "root kit revealer" type programs use is not applicable.
It's usually not that hard to find and remove malware in Win9x. There's a lot less trickery that goes on.
>Well, what I mean is that the concept of a root kit doesn't >really apply to Win9x. It's still possible to stealthily load >dlls and stuff and have stubborn malware, but they aren't >hidden in the same manner as a root kit and therefore, the >methods of looking for them that "root kit revealer" type >programs use is not applicable. > >It's usually not that hard to find and remove malware in >Win9x. There's a lot less trickery that goes on.
Let me ask you Grogan - if a malware manages to load itself into memory - sometimes even a full virus scan will not detect that righ? I've seen trojans "morph" or change its name everytime you do a fresh boot. Does that mean you need a AV software w/ the capability to scan viruses loaded into system RAM? I don't know how that works exactly.
Indeed, antivirus software must scan memory. Sometimes that's when you'll see it find stuff when something got on the machine in whatever circumstances (e.g. missed, new variant and now detected after update, just installed antivirus software etc.) It's possible to pack and encrypt the executables on disk. This is also where heuristics can come into play. (e.g. detecting malicious behaviour similar to known trojans)
>This is also where heuristics can come >into play. (e.g. detecting malicious behaviour similar to >known trojans)
Of all the freebies out there Grogan - which do you think has the most effective heuristic scanner to date? And how about the 'pay-for' ones - do you have a preference there?
I don't know... I don't see heuristics that much. It's usually the signatures that find stuff. I'm more damage control anyways.
Of the free ones, I think Antivir is the most effective antivirus at the moment. It is very good for trojans and similar malware, which is what is commonly encountered nowadays. I don't know about the heuristics, though I have seen it working.
For the paid ones I've seen, I like Nod32 the best. Not necessarily because it is the best, but because it's light weight and reliable and is good protection. I really don't like to use that word "best". To me that means something that doesn't slow down or cause problems on the machine, doesn't get broken and stops the pests being encountered.
And of course I haven't tried them all. In particular, I've still not tried Kaspersky.
#9. "RE: Rootkit Revealer Needed" In response to therube (Reply # 8) Sun Mar-19-06 06:12 PM by _Chewy_
It says the free version doesn't clean anything it finds. IMHO, it's worthless. And I'm in no way encouraged to "upgrade" to the pay-for version not knowing how effective it is.
Atleast the syscleaner from TrendMicro's website is free to download and will actually delete any viruses found. That is definitely more valuable to me than something that just scans and doesn't clean anything.
