DarkSpy Anti-Rootkit
by CardMagic & wowocock
Platforms: Windows 2000, Windows NT, Windows XP
Categories: Rootkits
Version: V1.0 Test Version
DarkSpy Anti-Rootkit V1.0.2 Test Version(Freeware)

DarkSpy Introduction:

DarkSpy is a new rootkit detection tool from China.

It's coded by two guys : CardMagic & wowocock,and support

some new features that can make the detection more effective.

DarkSpy is consisted of five parts:


Detect hidden process(even hide with FUTo...)

Force kill process(even Icesword)

2.Kernel Module:

Detect hidden kernel module(even hide with FUTo...)


Detect hidden files

Force copy file

Force delete file

4.Registry function is not provided in test version.


Detect hidden ports

(Notice: DarkSpy don't allow any kernel debugger to run!)

Environment supported by test version:

32bit Windows 2000(SP4 and later)

32bit Windows XP

32bit WIndows 2003

Single CPU without hyperthread

Try it at your own risk....:)

If you find any bugs,please contact me via my email: sunmy1 (at) sina (dot) com [email concealed]


Comments Mode:


Privacy Statement
Copyright 2010, SecurityFocus