hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Klister Problem...
GovernmentSecurity.org > System Security > Windows Systems
XeLoRy
Oct 10 2004, 05:32 PM
Well, i have a rootkit on a box but i can't remove it.

I ve used rkdetector and it found 1 rootkit (hxdef)

but when i use klister to list hidden process to locate the hxdef one, it crash my pc ! (violent reboot)

i ve just run the w2k_load kmodule.sys in a shell as it said in the readme and then i ve run klister.exe from the same shell and then CRASH !

what's wrong ? dry.gif

edit: i have that result with rkdetector.exe (0.62)


CODE
-Searching again for Hidden Services..
-Gathering Service list Information... ( Found: 0 Hidden Services)
-Searching for wrong Service Paths.... ( Found: 0 wrong Services )
-Searching for Rootkit Modules........ ( Found: 0 Suspicious modules )
-Trying to detect hxdef with TCP data..( Found: 1 running rootkits)
----------------------------------------------------------------------------
*ROOTKIT HACKER DEFENDER v1.0.0 IS INSTALLED IN YOUR HOST.
----------------------------------------------------------------------------
-Searching for hxdef hooks............ ( Found: 1 running rootkits)
----------------------------------------------------------------------------
*ROOTKIT HACKER DEFENDER >= v0.82 FOUND. Path not available
----------------------------------------------------------------------------
-Searching for other rootkits......... ( Found: 0 running rootkits)



no path sad.gif and no servicename listed, please help !
da_cash
Oct 10 2004, 10:05 PM
just one tip ... taken from hxdef readme..


CODE
Q: I'm using DameWare and i can see all your services and all that should be
hidden. Is this the bug?

A: Nope. DameWare and others who use remote sessions (and or netbios) can see
hidden services because this feature is not implemented yet. It's a big
difference between the bug and not implemented. See todo list on the web for
things that are not implemented yet.



hope now you know how to remove it ...

dunno what os you are using but klister won't work on xp systems..

cheers
Dr.Death
Oct 11 2004, 05:11 AM
rename the taskmgr.exe to _root_taksmgr.exe

and you will be able to see hidden processes in your system.

smile.gif
da_cash
Oct 11 2004, 06:04 AM
dr.death don't try to misguide him ..He already said he got hxdef installed and not NT Rootkit .. For more info about that rootkit visit to www.rootkit.com...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.