Author Topic: How do I remove an SSDT Hook with PCHunter (Xuetr)?  (Read 5967 times)

0 Members and 1 Guest are viewing this topic.

November 22, 2014, 11:13:14 PM

Limrex

  • Guest
How do I remove an SSDT Hook with PCHunter (Xuetr)?
« on: November 22, 2014, 11:13:14 PM »
I've opened the program and it says I have SSDT Entrey: 401 and Hooks: 46

When I right click on them I get these options: Refresh, Only show hooks, Disassembling current entry, Disassembling original entry, Restore, Restore all, Find target, Properties, Locate in file tab, Export display. It's under the Ring0 tab

Is there one that removes the hook? Is there another program I need to remove the hook?

It's also detecting hooks in it's own file location...

It's also detected an IRP and a Callback Object, and a idt hook
« Last Edit: November 22, 2014, 11:16:16 PM by Limrex »

Reply #1November 24, 2014, 09:38:21 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: How do I remove an SSDT Hook with PCHunter (Xuetr)?
« Reply #1 on: November 24, 2014, 09:38:21 AM »
Hello
You don't have to remove hook, you just need to know what program is doing them.
If that program is legit, please stop harassing them.
If it's not legit or unknown, remove persistence item instead, please read that: http://www.adlice.com/kernelmode-rootkits-part-1-ssdt-hooks/