Page 9 of 16
Re: RkUnhooker 3.8 SR2 public beta test
PostPosted:Thu Apr 29, 2010 12:09 pm
by nullptr
Thanks for the new build. Working great in xp sp3 and in VM. :)
Re: RkUnhooker 3.8 SR2 public beta test
PostPosted:Thu Apr 29, 2010 2:57 pm
by EP_X0FF
Thanks for testing :) It was additionally tested for compatibility with Windows 2003 SP2 R2, Windows Vista RTM, Windows Vista SP2, Windows 7 RTM.
It needs some additional work with local.dll (add and translate some messages) and if no huge bugs will be discovered - ready to release.
Re: RkUnhooker 3.8 SR2 public beta test
PostPosted:Fri Apr 30, 2010 4:31 am
by EP_X0FF
RkU3.8.388.590.exe (MD5: deeaad9766804927d5f15d7f01ec0704, SHA1: c8afaef4dfe8f1881d04bff0440852c1720abc99)
Russian local.dll (MD5: c8feb0e9bf0530354fbe88af5decf0da)
Translatable local_dll.dll (MD5: 404ae36075e21d2320ff6b3a8603991a)
Res1.res (MD5: 16073854db0a7cbb8794c77b40ef75bc)
Complete changelog inside RkU help file.
Re: RkUnhooker 3.8 SR2 public beta test
PostPosted:Fri Apr 30, 2010 7:53 am
by gjf
EP_X0FF, at first - greetings for a new release! You are doing a really nice job!
But can you perform the same as in betas - to make RkU able to work without pre-installation? Some kind of portable application?
Re: RkUnhooker 3.8 SR2 public beta test
PostPosted:Fri Apr 30, 2010 8:05 am
by PAUK
Thanks for release!
Re: RkUnhooker 3.8 SR2 public beta test
PostPosted:Fri Apr 30, 2010 12:10 pm
by EP_X0FF
Hello and thanks to everyone for feedback.
Yes, I'm planning to release rku at rootkit.com as setup bundle and standalone executable.
Re: RkUnhooker 3.8 SR2 public beta test
PostPosted:Fri Apr 30, 2010 12:57 pm
by Ronlennon
Hello, Thanks for great release :D
Think i found a bug though.
Running RKU when Panda Internet Security installed makes RKU (newest) crash.
rku_error_log_49571546.txt
================
Exception code : 0xC000001D
Instruction address : 0x7FFA0005
Link to Panda Internet Security 2010:
hxxp://
www.pandasecurity.com/homeusers/downloa ... N-IS10-DWN
Needs to register for mail instructions where to download :(
Re: RkUnhooker 3.8 SR2 public beta test
PostPosted:Fri Apr 30, 2010 1:03 pm
by gjf
Ronlennon, all ARK software counteracts with antiviruses and other ARK. I believe it is not a bug, because author (as I remember) recommends to shut down all antiviruses and HIPS during scan.
FYI system hangs on if I will try to start RkU with Kaspersky Internet Security 9.0.736.
Re: RkUnhooker 3.8 SR2 public beta test
PostPosted:Fri Apr 30, 2010 1:19 pm
by Ronlennon
gjf.
Ok , Thanks for information.
Yes you´re right running Ark tools with security software results in an unpredicted results especially false positives.
I usually uninstall them before for minimize such results.
I just wanted to report this in hope that it may be useful for the author.
RkU3.8.386.589 worked just fine showing of what security measurements where taken by Panda Internet Security.
thinking of if a malware is set up in the same fashion , then RKU may have problem to start.
Re: RkUnhooker 3.8 SR2 public beta test
PostPosted:Fri Apr 30, 2010 2:56 pm
by EP_X0FF
Hello,
yes, it is highly recommended to uninstall all security software before trying any antirootkit simple because of tons of false positives they will generate.
This is probably related to rku incompatibly with Kaspersky/Panda self-protection of IPS features. I will look for this in next week and if this is caused by rku bug I will try to fix that.
Thanks.
edit:
thanks to a_d_13, RkU mirrored at this site
http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar
updated link listed also in AntiRootkits topic table.