[..] List hidden files (like gmer or IceSword does)

[matwachich]

Hi every body!

I have a question:

- Is it possible with AutoIt to list rootkit hidden files/registry keys/processes? I mean, like does anti-rootkit utilities like gmer or IceSword

- If it's not possible using AutoIt, do you know any command line tool, or external ibrary that would help me doing that.

Thanks!

[matwachich]

Up

[JohnOne]

AutoIt is a scripting language/interpreter it is not an anti rootkit tool.

To me, your question does not make any sense, you should ask a proper question if you would like a proper answer.

[matwachich]

your question does not make any sense

Sorry but I think the question is simple: How/is it possible to reproduce gmer's behaviour?

AutoIt is a scripting language/interpreter it is not an anti rootkit tool.

So does this mean that it's not possible?

In this case

If it's not possible using AutoIt, do you know any command line tool, or external ibrary that would help me doing that.

PS: I can't make the question better than this!

[JohnOne]

It's simple then, just get the source code of gmer and port it to AutoIt

[matwachich]

After surfing on some open source anti-rootkits, I found that it's more complicated than I first thought.

So, I found a small utility called catchme.exe that (I think) will be usefull to me.

Solved. Thanks