Home

Download

Order

Support

?

Looking to the progress of rootkit development since last year we have the opinion that the rootkit detection on the working computer is not real. We can not get you the 100% guarantee free of rootkits on the working computer connected to network.

The simple way to do it is using Windows PE boot CD for checking a computer.

But how often you will do it?

Sometimes: May be one time per week, may be not.

It's not enough!

The rootkit can start his work today or tomorrow. This why you need a way to quickly check a computer for rootkits without luck.

We can offer you to check your computer every Windows boot-up!

How does the Partizan work?

Partizan executes 2 main tasks:

1. Getting file/registry information.
2. Delete Files/Registry Keys.

But rootkits are not invulnerable!

The simple way to kill a rootkit is to shutdown your computer.

A rootkit can revive after reboot using:

1. Rootkit service/driver with auto start setting (to be more hidden for user mode checkers).
2. Injection to the executable file or to the process memory. The body may be hidden in the mother file.
3. Using registry startup keys.
4. Infection from network.

The second chance is not the simple because the user can control the file integrity using Microsoft or another software.

Third chance is more often used. But rootkit detectors easily detect it.

The fake Winlogon DLLs are not the surprise for us very long ago :-)

The hidden kernel driver is the top of the hacker skills. This is one reason why the Partizan was created.

Unfortunately Microsoft prevents Partizan for interacting with user using keyboard and it is a real problem for creating the shell like "cmd". Why they don't?

I think you need ask Microsoft.

Anyway it's not a technical problem. It's the Microsoft decision.

We need to get a workaround.

We use the command file (RRI). Partizan opens the command file and executes the tasks listed in it. After that the Windows boot will continue.

RegRun Platinum Secure Start will run the special copy of UnHackMe software for comparing Partizan information with current visible. It will be notify you if it found something suspicious.

To be sure that it's not false positive alert you will be prompted to reboot again. It's required because the some services drivers may be deleted at startup and this will cause the alarm.

Does Partizan is a panacea?

Does it clean rootkits in the auto mode?

What you need to do in this case?

If you have enough computer skill to use professional tools included to the RegRun Platinum - OK, you can do it. If not, you can send detailed system report to the Greatis Support center: http://greatis.com/support and we will send the special file for auto cleaning your computer. The service is free for RegRun's users.

What's about self-protection?

1. You can specify the own file name for Partizan executable.
2. RegRun generates the random name for executable in the Windows mode. In addition, it will crypt the executable for preventing de-tection using MD5 signature and strings.

How to start rootkit detection using Partizan?

1. Open RegRun Control Center.
2. Choose the "Partizan" tab and set up the Partizan checkbox.

Does Partizan work with Platinum Edition only?

How to uninstall Partizan?

1. Open RegRun Start Control.
2. Go to the Features menu.
3. Choose "Partizan" item.
4. Click on the "Remove" button.

Would you like to add your opinion?