Rootkit Analytics has the new look and feel and not just that, we are now working on more stuff that would make it user friendly. We aren’t going to list each minute tweak, but there is a lot more to come. Hence, we would complete it all and keep you posted on any major update. Please send us your feedback to contact.fingers@gmail.com so that we would take some action based on your claims, ideas and viewpoints.

Thank you for following us!

StreamArmor (previously HiddenADSExplorer) is the sophisticated tool for discovering hidden alternate data streams (ADS) as well as clean them completely from the system. It’s advanced auto analysis coupled with online threat verification mechanism makes it the best tool available in the market for eradicating the evil streams.

It comes with fast multi threaded ADS scanner which can recursively scan over entire system and quickly uncover all hidden streams. All such discovered streams are represented using specific color patten based on threat level which makes it easy for human eye to distinguish between suspicious and normal streams.

StreamArmor has built-in advanced file type detection mechanism which examines the content of file to accurately detect the file type of stream. This makes it great tool in forensic analysis in uncovering hidden documents/images/audio/video/database/archive files within alternate data streams.

It is the standalone, portable application which does not require any installation. It can be copied to any place in the system and executed directly.

To read more about its fascinating features and to download it, please visit the StreamArmor main page.

.

Spyware Analytics Forum, the division of EvilFingers empire is released to public now. The main aim of this forum is to provide an interface for home & enterprise users to interact with security professionals. Most users do not really get a chance to directly interact with professionals who can really solve their issues.

Spyware Analytics is created to fix this gap and to help people fix malware or spyware issues. So now you can post all your rootkits related queries on this public forum for faster response for elite security professionals….

In addition to normal forum activities, it also hosts pathora of articles pertaining to latest happenings in security arena. So you have every reason to join no matter if you are computer user, professional or security geek…

It also provides wide and strong platform for security nerds to contribute and make their mark before they fade away in the darkness of the life.

Click here to join the SpywareAnalytics Forum now

.

Rootkit Analytics has come up with a “Testimonials” section. This can be seen in our web portal, www.RootkitAnalytics.com:

[Click on the above image to enlarge view]

We welcome all our users to submit testimonials, as this would increase your visibility in our community and we provide Extended FREE Support* to these users.

Enterprise Users:

If you are using our tools in your enterprise and would like to:

• Receive Support from us for making any changes to your environment.
• Receive Support from us to ensure that the tools are functioning as it should.
• Receive Support to customize tools [if applicable**].
• Receive Support in determining if the reports are true-postive/negative or false-positives.
• and other possible help that we can provide from our end.

It would be best to register with us that you are using our tool by shooting us an email to contact.fingers@gmail.com. In the email, mention your “Name, Title/Position, Organization” at which you are using our tool. Once you like our tool or if you have used our tool and it worked out for your benefit, you could write us a testimonial like the ones listed in our Testimonial section at www.RootkitAnalytics.com.

Home Users:

If you are using one of our tools, we would be more than happy to provide FREE support to help you fix things. Hence, to do this you would have to register with us similar to enterprise users, but the only difference is the format of the registration request: “Name, Active Email, Expertise with Computer: Novice/Intermediary/Expert”. The reason for knowing your expertise with computer is to ensure that we send our response according to the expertise level you have mentioned. Hence, be really honest with your expertise level. We ensure not to share or reveal your details like other websites or organizations that try to make money with such details.

Support Section:

We are coming up with a “Support” page soon, where you could:

• Create tickets & track activity.
• Receive alerts for patches, other changes & update notice.
• other support activities that would help you resolve issues.

Hopefully, this Testimonial page would help you and us [both ways]. Thank you for choosing Rootkit Analytics!

As our next tool, HiddenADSExplorer is moving towards the final beta stage, we bring you the latest update straight from our research center.

HiddenADSExplorer is the first ever tool to not only scan for hidden streams but to explore, analyze and quickly detect hidden malicious content within the streams using the advanced analysis technique.  It is currently in the final stages of development, after that it will go through UI fine tuning cycle along with performance bench mark tests.

Here is the quick preview of current lab print version.

HiddenADSExplorer

Hopefully if stars continue to be on our side,  it will not take much time to release it to the market.

Hello Folks,

Thank you for helping us by reading our stuff & using our tools. We are proud to say that we are extending our support to our first ISP Customer – Ridgewood Cable. Thanks to Joshua A. Coody for making this happen. We provide free support:

• to upgrade our tools to what you would like, if it meets our requirements.
• to help you analyze samples, when required.
• to ensure that the tools runs as it should.

Check out the Ridgewood Cable Support page:

If you are an non-profit or a for-profit organization, ISP or any other corporate entity and if you wish to get support for our tool[SpyDLLRemover], all you have to do is to email us and let us know that you want our support. We provide 100% support [listed above] at no cost and only thing we expect in return is:

• List us in your support page, and/or
• Leave us a testimonial.

In that way, it would help us reach more people and help us to help the community. Thank you for choosing our news portal!

Rootkit Analytics is seeking for Rootkit Analysts [volunteering] with varying skill-sets and at different levels to join our team.  As a Rootkit Analyst, you will be involved with: Detection, analysis and documentation of rootkits.

What would a Rootkit Analyst do?

• A rootkit analyst would work on collection, research and analysis of rootkit samples.
• The analyst would be categorizing the rootkits based on its nature [User, kernel & more].
• Document every step of research and analysis performed.
• Code proof-of-concept [PoC] of futuristic rootkits and research on detection techniques.
• Architect and Develop strategies and tools required to: Detect, Prevent or Analyze rootkits.
• Provide ideas for bringing in faster ways to do the job effectively.
• Achieve objectives & goals, and go beyond what is required by effective team building.
• Communicating with our users through forums, blogs and other methods to ensure users safety.

For more description of job profile and to find what is in it for you, look at complete post at our KaffeNews job portal.

.

The newer version of SpyDLLRemover v3.2 now support removal malicious DLL from system processes on Vista/Win7 platforms. Starting with Vista, Windows has introduced the session separation feature which prevents processes in one session interacting with process in another session.

Normally all system processes including services live in session 0. All user session starts with session 1. So even though any process is running as administrator it cannot create remote thread, hence cannot inject/free DLL from system processes because of the session separation concept.

SpyDLLRemover uses advanced DLL removal technique to remove spy DLL from remote process. However due to this session restriction it was not able to remove DLL from system processes. Often spywares hide themselves in the system processes so as to be evade suspicion of user. In that context such a limitation was in fact boon for those spywares.

But stars have changed in the sky. The new version of SpyDLLRemover now comes with a support to remove DLL from any system process across session boundaries thus breaking all those restrictions imposed by Vista/Win7.

Now even if malware is hiding its DLL in the system process such as Lsass.exe or Winlogon.exe, it cannot escape from SpyDLLRemover any more…!

.

No software is perfect in this world and so is the SpyDllRemover. I am writing this post here to clear some of the misconceptions about SpyDllRemover. Many times people complain that SpyDllRemover is showing false positive or listing the legitimate DLL as malicious.

SpyDLLRemover uses heuristic approach for deducing the type of threats unlike other anti-virus/anti-spy software which rely on predefined signatures. As a result SpyDLLRemover can detect new as well as old threats based on its generic detection technique.

On scanning, SpyDllRemover shows 3 different type of threats…

• Dangerous  (shown in Red color)
• Suspicious (shown in Brown color)
• Analysis   (shown in Yellow color)

Dangerous threats may be hidden Rootkits and suspicious entries indicates possibility of malicious DLL. However there are some DLLs which SpyDLLRemover is not able to classify and they are marked as ‘analysis type’. This kind of DLLs are put for the manual analysis of user. By default SpyDLLRemover shows only 2 type of (dangerous/suspicious) threats.

Being heuristic approach based software, its always possible to have false positives in the above 2 categories. But many people saw some legitimate DLL being listed during full scan under the ‘Analysis type’ section and complained that SpyDllRemover is showing legitimate DLL as spywares

The fact is that those DLLs (may be legitimate or malicious) were not being judged by SpyDllRemover and presented to user for further analysis rather than putting user in the dark. User can then use ‘check online’ option to verify authenticity of such DLLs online.

So next time when you see good DLLs being listed in yellow flavor, please do not think it as false positive. It just means that you have to use your brain to complete the analysis.

.

SpyDLLRemover was published on Facebook’s ‘Tips, Trick & Tutorial’ section. This is Facebook’s additional section where it lists top tools on the web which make our day to day life easier.

Its the proud moment for all of us at RootkitAnalytics to see the SpyDLLRemover being listed at Facebook.

.