Codewalker is a rootkit detection software that has been developed by a member of the Sysinternals forum. The current version that has been released today is 0.24b which clearly outlines that the software program is a work in progress. It is a portable software that can be run from the local drives or removable devices.

The security program suggests a deep scan of the computer system upon startup which takes a few minutes to complete. It is possible to avoid this deep scan which will lead directly to the main program interface. The main interface uses tabs to display various information including system processes, hidden code, kernelmode and usermode hacks.

The connected disk drives are displayed on the right side with the option to select some or all of them for a scan. The same scan that was suggested upon program start will then be performed. The results are shown in the various tabs after the scan has finished.

The developer explains his program:

For hidden driver detection, you can test it with some pretty well hidden driver PoC such as phide_ex and many builds of Rustock.B variants. Although you have to use the “Hardcore Scan” method to detect them.

For code hooking detection, the engine walks all the branches of scanned module i.e any execution path of it to detect modification (btw, that’s why i call it CodeWalker). IMHO, It can detect code hooking very well especially with rootkits that place abnormal hooks like Rustock.C (FF25 & FF15 – jmp/call dword ptr [abc]) tho there’re still some problems with false-positive hooks/modifications.

Codewalker is a viable alternative to already available rootkit detection programs like Gmer or AVG Anti-Rootkit. It is probably be best used in conjunction with these tools.

Related posts

• Youtube Video Search Is A Barebone Youtube Downloader (2)
• Xkcd Comic Wallpaper Changer (2)
• Wireless Networking Software Homedale (13)
• Windows XP: Default Internet Browser Per User Profile (0)
• Windows XP System File Checker (7)

As I said earlier, running Gmer is really easy. Just start the application and click on the scan button. Gmer does scan the system automatically and displays the results in the main window. If you spot red entries you should try and search the Internet for clues about them. It is possible to kill processes, service and files by right-clicking an entry in the main window.

Next to scanning for Rootkits you can also scan for Autostart entries, check running processes, services and modules and activate the Intrusion Prevention System and the Firewall. Take a look at this nice Gmer tutorial which walks you through a basic process.

Related posts

• Rootkit Detection Software Codewalker (4)
• AVG Anti Rootkit free (3)

AVG Anti Rootkit is a free software that scans a computer for rootkits and removes them if one or more of those have been identified. The anti rootkit application can be used to either quickly scan the computer for possible rootkits and the other to make an in depth scan which takes longer but is more thorough. The in depth scan for Rootkits takes some time depending on the amount of files and size of your hard drives.

Related posts

• Rootkit Detection Software Codewalker (4)
• IceSword the better Rootkit Revealer ? (1)
• How to scan your Linux-Distro for Root Kits (2)
• How to check your system for rootkits (0)
• Gernova Keylock (2)