Sunday, September 23, 2007

SysProt AntiRootkit v1.0.0.5 Beta Released!

SysProt AntiRootkit v1.0.05 is out! This new version contains IRP Hooks detection feature and also various other improvements, bug fixes etc. IRP Hooks detection may come handy as some of the new Rootkits are utilizing this technique. One such example is Win32/Cutwail trojan, which hooks IRP_MJ_DEVICE_CONTROL of Tcpip.sys driver.

Here's an overview of SysProt AntiRootkit v1.0.0.5 features:
Hidden process detection and removal
Hidden drivers detection
SSDT Hooks detection and removal
Kernel Inline hooks detection and removal
IRP hooks detection
Sysenter Hook detection
TCP/UDP Ports Info
File System browser
Hidden Services Registry keys detection and removal

SysProt AntiRootkit can be downloaded from here.

Supported OS: Windows 2000/XP/2003

Here are some screen shots:
IRP Hooks:

SSDT Hooks:


Hidden Services Registry keys:

Kernel Hooks:


Anonymous Kelpie said...

This program looks to be interesting and useful. I will try it out.

9:14 PM  
Anonymous Kelpie said...

Perhaps it isn't compatible with Windows XP 64bit. It says "SysProt Service not started. Please restart SysProt."

9:19 PM  
Anonymous Anonymous said...

You should put the SysProt log in the same directory in which the executable program is located, rather than putting it in C:\ .

Also, instead of including everything in the log, you should only put the exceptions/items that bear looking into. Perhaps you should even flag these items on the screen also. Not everyone that uses SysProt will be a malware researcher. You might also give the user the option to print the log.

Keep up the good work. I'd like to see SysProt get five stars on


Robert Scroggins

10:03 PM  
Blogger swatkat said...

Hi Kelpie,
Yes, SysProt AntiRootkit works only 32-bit systems. Thanks for trying it out.

Hi Robert,
Thank you very much for the inputs. I will surely implement the suggestions that you have mentioned. I will make it more user friendly :)

11:30 PM  

Post a Comment

<< Home