Adlice forum

General Category => Malware removal help => Topic started by: Limrex on November 22, 2014, 11:13:14 pm

Title: How do I remove an SSDT Hook with PCHunter (Xuetr)?
Post by: Limrex on November 22, 2014, 11:13:14 pm
I've opened the program and it says I have SSDT Entrey: 401 and Hooks: 46

When I right click on them I get these options: Refresh, Only show hooks, Disassembling current entry, Disassembling original entry, Restore, Restore all, Find target, Properties, Locate in file tab, Export display. It's under the Ring0 tab

Is there one that removes the hook? Is there another program I need to remove the hook?

It's also detecting hooks in it's own file location...

It's also detected an IRP and a Callback Object, and a idt hook
Title: Re: How do I remove an SSDT Hook with PCHunter (Xuetr)?
Post by: Tigzy on November 24, 2014, 09:38:21 am
Hello
You don't have to remove hook, you just need to know what program is doing them.
If that program is legit, please stop harassing them.
If it's not legit or unknown, remove persistence item instead, please read that: http://www.adlice.com/kernelmode-rootkits-part-1-ssdt-hooks/