Author Topic: First Time for Antirootkit  (Read 3847 times)

0 Members and 1 Guest are viewing this topic.

August 24, 2016, 02:17:17 PM

shoestringdave

  • Guest
First Time for Antirootkit
« on: August 24, 2016, 02:17:17 PM »
I've used RogueKiller in the past, but never had any antirootkit entries show up. On a scan yesterday, I had a list of entries. I'm wondering if someone can help me decipher this portion of the report.

¤¤¤ Antirootkit : 25 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] ZwCreateKey[70] : Unknown @ 0xffffffff88b2d26c
[SSDT:Addr(Hook.SSDT)] ZwCreateMutant[74] : Unknown @ 0xffffffff88b37744
[SSDT:Addr(Hook.SSDT)] ZwCreateProcess[79] : Unknown @ 0xffffffff88b37944
[SSDT:Addr(Hook.SSDT)] ZwCreateProcessEx[80] : Unknown @ 0xffffffff88b2d00c
[SSDT:Addr(Hook.SSDT)] ZwCreateSymbolicLinkObject[86] : Unknown @ 0xffffffff88b376c4
[SSDT:Addr(Hook.SSDT)] ZwCreateThread[87] : Unknown @ 0xffffffff88b37804
[SSDT:Addr(Hook.SSDT)] ZwCreateThreadEx[88] : Unknown @ 0xffffffff88b377c4
[SSDT:Addr(Hook.SSDT)] ZwCreateUserProcess[93] : Unknown @ 0xffffffff88b2d3ac
[SSDT:Addr(Hook.SSDT)] ZwDebugActiveProcess[96] : Unknown @ 0xffffffff88b37644
[SSDT:Addr(Hook.SSDT)] ZwDeleteKey[103] : Unknown @ 0xffffffff88b2d1ec
[SSDT:Addr(Hook.SSDT)] ZwDeleteValueKey[106] : Unknown @ 0xffffffff88b2d12c
[SSDT:Addr(Hook.SSDT)] ZwDuplicateObject[111] : Unknown @ 0xffffffff88b37684
[SSDT:Addr(Hook.SSDT)] ZwLoadDriver[155] : Unknown @ 0xffffffff88b37784
[SSDT:Addr(Hook.SSDT)] ZwOpenProcess[190] : Unknown @ 0xffffffff88b2d36c
[SSDT:Addr(Hook.SSDT)] ZwOpenSection[194] : Unknown @ 0xffffffff88b2d0ec
[SSDT:Addr(Hook.SSDT)] ZwOpenThread[198] : Unknown @ 0xffffffff88b2d2ac
[SSDT:Addr(Hook.SSDT)] ZwRenameKey[290] : Unknown @ 0xffffffff88b2d1ac
[SSDT:Addr(Hook.SSDT)] ZwRestoreKey[302] : Unknown @ 0xffffffff88b2d16c
[SSDT:Addr(Hook.SSDT)] ZwSetSystemInformation[350] : Unknown @ 0xffffffff88b37704
[SSDT:Addr(Hook.SSDT)] ZwSetValueKey[358] : Unknown @ 0xffffffff88b2d22c
[SSDT:Addr(Hook.SSDT)] ZwTerminateProcess[370] : Unknown @ 0xffffffff88b2d32c
[SSDT:Addr(Hook.SSDT)] ZwTerminateThread[371] : Unknown @ 0xffffffff88b2d2ec
[SSDT:Addr(Hook.SSDT)] ZwWriteVirtualMemory[399] : Unknown @ 0xffffffff88b37844
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookAW[584] : Unknown @ 0xffffffff87e9eb74
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0xffffffff858155e4

Thanks in advance!
Dave

Reply #1August 24, 2016, 05:26:27 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: First Time for Antirootkit
« Reply #1 on: August 24, 2016, 05:26:27 PM »
Hi Dave,

Could you please copy/paste RogueKiller full report in your next reply ?

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.