DEFT - rkhunter - rootkit search on windows machine

The place to post if you need help or advice

Moderators: ChrisThornett, LXF moderators

DEFT - rkhunter - rootkit search on windows machine

Postby dickiemint5 » Tue Feb 23, 2010 2:44 pm

Hello. Is there a way of pointing rkhunter, as found on the DEFT live cd, to search on the 'C' partition of a windows machine?
rkhunter is CLI driven, and I am next to useless at the command line. The same cd has clamtk as a windowed front end to clamav, which I can get to work fine.
In other words, command line help for rkhunter please.
Cheers
Dick
dickiemint5
 
Posts: 6
Joined: Tue Apr 28, 2009 4:09 pm
Location: Gloucester

Postby nelz » Tue Feb 23, 2010 3:08 pm

No, because rkhunter is designed to test the currently running Unix-alike OS. You can have it check another supported OS with the --rootdir option, but not a Windows directory.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8495
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Thanks

Postby dickiemint5 » Tue Feb 23, 2010 4:56 pm

Thanks for that reply. Explains why I cannot do it then.javascript:emoticon(':D')
Do you know of anything that will search for rootkits on a machine which is NOT running is installed OS?
Cheers
Dick
dickiemint5
 
Posts: 6
Joined: Tue Apr 28, 2009 4:09 pm
Location: Gloucester

Postby nelz » Tue Feb 23, 2010 7:23 pm

rkhunter will do that, but only for *nix OSes. Have you tried googling for Windows rootkit?
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8495
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Windows rootkit finders

Postby dickiemint5 » Wed Feb 24, 2010 8:32 pm

Thanks again nelz. Yes I have tried, but it gets confusing. Tried a microsoft 'revealer', and did not know what I was looking at. Tried Prevexcsi, which told me I had a virus which was not!
I shall have to take time to learn how to make a simple ubuntu cd with at least Clamtk, so that I can virus check an OS without running same.
In case you are wondering, I look after a Vista 32bit PC, which was running happily for some 3 years with no faults. Then a month ago it started to go slow. I found that around 85% of its 1 GB ram was being used, and that swapping the page file to HD was slowing the machine down considerably. I suspect a virus, but AVG et al shows nowt.
But that is not a subject for this forum.
Thanks again for your replies.
Dick
dickiemint5
 
Posts: 6
Joined: Tue Apr 28, 2009 4:09 pm
Location: Gloucester

Re: Windows rootkit finders

Postby paulm » Wed Feb 24, 2010 9:52 pm

dickiemint5 wrote:I shall have to take time to learn how to make a simple ubuntu cd with at least Clamtk, so that I can virus check an OS without running same.


While doing so might be a good exercise from an educational point of view, in terms of what you are looking for, its a lot of unnecessary work :)

Download and burn a copy of SystemRescueCD:

http://www.sysresccd.org/Main_Page

That will give you everything you need not only to scan a M$ computer for virus problems, but to remove passwords, back up, rescue files from a non-booting M$ operating system, etc.

Anyone who has to deal with the endless problems Windows comes up with should not be without a copy....

I often find myself amused by the fact that people who will not look at Linux often owe the continued operation of their 'superior' Windows machine to Linux.

Paul.
paulm
LXF regular
 
Posts: 242
Joined: Mon Apr 03, 2006 4:53 am
Location: Oxfordshire, UK

SystemRescueCD

Postby dickiemint5 » Thu Feb 25, 2010 10:28 am

Thanks for replying. I currently use Mint 8 as a desktop machine for all 'office' and internet work, so I am not against Linux, but rather very much for it. It is the command line I always have trouble with, and most advice is given with a command line example, and these days my pensioner brain struggles!!!
I will now have a learning curve with System Rescue. Ah well, keeps the brain ticking over.
Again, thanks for the replies.
Cheers.
Dick
dickiemint5
 
Posts: 6
Joined: Tue Apr 28, 2009 4:09 pm
Location: Gloucester

Re: SystemRescueCD

Postby towy71 » Thu Feb 25, 2010 10:50 am

dickiemint5 wrote:... I currently use Mint 8
Then your user name must be a misnomer :roll: :P
still looking for that door into summer
User avatar
towy71
Moderator
 
Posts: 4263
Joined: Wed Apr 06, 2005 2:11 pm
Location: wild West Wales


Return to Help!

Who is online

Users browsing this forum: No registered users and 4 guests