Tools
DarkSpy Anti-Rootkit
by CardMagic & wowocock
Platforms: Windows 2000, Windows NT, Windows XP
Categories: Rootkits
Version: V1.0 Test Version
URL: http://lu0s1.3322.org/Utilitys/DarkSpy_En.rar
DarkSpy Anti-Rootkit V1.0.2 Test Version(Freeware)

DarkSpy Introduction:

DarkSpy is a new rootkit detection tool from China.

It's coded by two guys : CardMagic & wowocock,and support

some new features that can make the detection more effective.

DarkSpy is consisted of five parts:

1.Process:

Detect hidden process(even hide with FUTo...)

Force kill process(even Icesword)

2.Kernel Module:

Detect hidden kernel module(even hide with FUTo...)

3.File:

Detect hidden files

Force copy file

Force delete file

4.Registry function is not provided in test version.

5.Port:

Detect hidden ports

(Notice: DarkSpy don't allow any kernel debugger to run!)

Environment supported by test version:

32bit Windows 2000(SP4 and later)

32bit Windows XP

32bit WIndows 2003

Single CPU without hyperthread

Try it at your own risk....:)

If you find any bugs,please contact me via my email: sunmy1 (at) sina (dot) com [email concealed]

Thanks!

    Tools
 
Comments Mode:


 

Privacy Statement
Copyright 2010, SecurityFocus