Anti-Rootkit idea

Hi guys :slight_smile: I have an idea that may prove useful, if it hasn’t been implemented yet
and I am awaiting your feedback on this.

My suggestion is ROOTKIT related. Wouldn’t it be useful to create a “Boot Time Scanning” feature in COMODO Antivirus, or alternatively provide the scanner DIRECT access to each volume and scan the disk in a “raw” way (bypassing Windows API)?

Thanks and have a great day :slight_smile:

Don’t quote me, but I think Comodo already has this designed and implemented somewhere. My view of root kits, use with risk.

I want to be protected OR warned against a rootkit.
If it actually went through, i would not need a cleaning anymore. Rather a wipe.

Hi cocalaur,
The quotes below are from the help file here, does that cover what you are asking?

Enable rootkit scanning - Instructs Comodo Internet Security to scan the file system and Windows registry for (malicious) files or registry values that have been hidden by rootkits. If any such rootkits are found, they are listed in the scan results - enabling you to remove them from your system. (Default = Disabled)
Background Note:

A rootkit is a type of malware that is designed to conceal the fact that the user’s system has been compromised. Once installed, they camouflage themselves as (for example) standard operating system files, security tools and APIs used for diagnosis, scanning, and monitoring. Rootkits then store hidden malicious files into the Window’s file system and/or store hidden registry values into the Window’s Registry. These malicious files and registry values can be used by hackers to steal user passwords, credit card information, computing resources, or conduct other unauthorized activities.

Rootkits are usually not detectable by normal virus scanners as they camouflage themselves as system files. However, Comodo AntiVirus features a dedicated Rootkit detection scanner that identifies rootkits and, if any, the hidden files and the registry keys stored by them. Any discovered rootkits, hidden malicious files or registry values are listed along with the Antivirus Scan results at the end of each manual scan.

I have read and I aknowledge the fact that COMODO has anti-rootkit capabilities. However, if a system is already infected with a rootkit when I install COMODO (and thus wasn’t blocked by Defense+), can the user get rid of it using solely COMODO on the infected machine?

Especially for existing kernel-mode rootkits, is there a reliable way of removing them using COMODO Antivirus? Or shall I use the Rescue Disk instead?

It has been brought to my attention that kernel-mode rootkits are almost impossible to remove. That’s why I have asked this question. I need to know what measures I need to take.

Thank you.

If it’s already infected that’s what CCE/Comodo Rescue Disk is for.

Comodo Antivirus/Comodo Internet Security is mainly meant for systems which are already clean.

Why would you trust your computer to be clean after an antivirus cleaned what it knew?

If you know that you have an infected computer, especially infected and hijackd by “advanced” procedures, you should do the right thing, that additionally keeps you from further worrying

Well in a since CCE is a portable AV what makes it any diffrent then any other AV?

Also CCE has problems with Fps…which is rather annoying I post some that chiron looked at… plus I have never found one rootkit with CCE or anything that Comodo should make something like TDSS Killer which is built just for rootkit but hey don’t listen to me I believe I already talked about this topic…

Easy on the attitude, Ivan. Thank you. :slight_smile:

sorry just makes me mad when people get mad at me for double posting…then nothing happens to other when them do it… :frowning:

-this is what I was talking about… :stuck_out_tongue: