• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Focus On: Vista
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns

    Tools

DarkSpy Anti-Rootkit
by CardMagic & wowocock
Platforms: Windows 2000, Windows NT, Windows XP
Categories: Rootkits
Version: V1.0 Test Version
URL: http://lu0s1.3322.org/Utilitys/DarkSpy_En.rar
DarkSpy Anti-Rootkit V1.0.2 Test Version(Freeware)

DarkSpy Introduction:

DarkSpy is a new rootkit detection tool from China.

It's coded by two guys : CardMagic & wowocock,and support

some new features that can make the detection more effective.

DarkSpy is consisted of five parts:

1.Process:

Detect hidden process(even hide with FUTo...)

Force kill process(even Icesword)

2.Kernel Module:

Detect hidden kernel module(even hide with FUTo...)

3.File:

Detect hidden files

Force copy file

Force delete file

4.Registry function is not provided in test version.

5.Port:

Detect hidden ports

(Notice: DarkSpy don't allow any kernel debugger to run!)

Environment supported by test version:

32bit Windows 2000(SP4 and later)

32bit Windows XP

32bit WIndows 2003

Single CPU without hyperthread

Try it at your own risk....:)

If you find any bugs,please contact me via my email: sunmy1 (at) sina (dot) com [email concealed]

Thanks!

    Tools

Expand all | Post comment