SpyDLLRemover v3 is the standalone tool to efficiently detect and delete spywares from the system. It uses multiple techniques such as direct syscall implementation, CSRSS process handle detection, PIDB method etc to find out the user land rootkit processes.
dwtf v3 is a fake DLL maker. It creates the fake DLL, based on the original DLL given to it as input. It exports all symbols of real.dll and imports all exports of real.dll (including Forwarder). It creates an area code with a JMP DWORD [ADDRESS] for each export and more.
ElfStat is a tool designed for detecting any kernel level rootkit [or other malwares] that modifies the text segment of the kernel in memory -- this implies any malware that modifies the code of the running kernel.
This tool is designed to detect kernel rootkits and kernel malware which hijack syscalls and kernel functions by modifying the first several bytes of the routine to jump to a hacked version of the syscall or function.
Kernel rootkits are the tools that run in the kernel, hence making it really hard to detect. The entire operating system would be altered in the process, which would help in the process of hiding the fact that the system is compromised.
Rootkit Analytics blog, would encompass anything ranging from analysis of rootkits, to something like status update. This blog is hosted at Kaffe News, which is part of the EvilFingers group of Sites.
Tweeting on Rootkit analysis was being hard without a dedicated Twitter for Rootkit Analytics. This gave birth to our new twitter account, "AntiRootkit". We will try and keep you posted on the latest buzz.
This comes under both firmware and hardware rootkits. The reason being, hypervisor is a virtual environment that runs on the hardware, but basically it is a firmware. Hence, we have drawn the line and dropped this rootkit in the firmware category of rootkits.
SpyDLLRemover v3.0 is available at PortableApps.com. PortableApps.com is so far the #1 portable application set, recently awarded by SourceForge.net for its downloads. Check it out!!!