Partizan - Rootkit detector and remover

Looking to the progress of rootkit development since last year we have the opinion that the rootkit detection on the working computer is not real. We can not get you the 100% guarantee free of rootkits on the working computer connected to network.

The simple way to do it is using Windows PE boot CD for checking a computer.

But how often you will do it?

Sometimes: May be one time per week, may be not.

It′s not enough!

The rootkit can start his work today or tomorrow. This why you need a way to quickly check a computer for rootkits without luck.

We can offer you to check your computer every Windows boot-up!

How does the Partizan work?


Partizan starts using the BootExecute registry key on the early stage of the Windows boot process. It can get the access to any file or registry keys. Using another words, Partizan is a king on your computer at the moment.


Partizan
Partizan executes 2 main tasks:

  1. Getting file/registry information.
  2. Delete Files/Registry Keys.
The kernel rootkits can cause the trouble with detecting hidden registry keys/files etc.

But rootkits are not invulnerable!

The simple way to kill a rootkit is to shutdown your computer.

A rootkit can revive after reboot using:

  1. Rootkit service/driver with auto start setting (to be more hidden for user mode checkers).
  2. Injection to the executable file or to the process memory. The body may be hidden in the mother file.
  3. Using registry startup keys.
  4. Infection from network.
The last chance is very dangerous but it can be resolved by simple cut off the network cable.

The second chance is not the simple because the user can control the file integrity using Microsoft or another software.

Third chance is more often used. But rootkit detectors easily detect it.

The fake Winlogon DLLs are not the surprise for us very long ago :-)

The hidden kernel driver is the top of the hacker skills. This is one reason why the Partizan was created.

Unfortunately Microsoft prevents Partizan for interacting with user using keyboard and it is a real problem for creating the shell like "cmd". Why they don′t?

I think you need ask Microsoft.

Anyway it′s not a technical problem. It′s the Microsoft decision.

We need to get a workaround.


We use the command file (RRI). Partizan opens the command file and executes the tasks listed in it. After that the Windows boot will continue.

RegRun Platinum Secure Start will run the special copy of UnHackMe software for comparing Partizan information with current visible. It will be notify you if it found something suspicious.

To be sure that it′s not false positive alert you will be prompted to reboot again. It′s required because the some services drivers may be deleted at startup and this will cause the alarm.

Does Partizan is a panacea?

Hackers use a lot of rootkit modification combining with spyware components. RegRun Platinum guarantees that you can clean your computer from a deep hidden rootkits and from common spyware.

Does it clean rootkits in the auto mode?

No. It uses Greatis Application Database for detecting known root-kits/viruses/spyware. We suggest you to update the database. But some of the software will be detected as unknown - suspicious.

What you need to do in this case?

If you have enough computer skill to use professional tools included to the RegRun Platinum - OK, you can do it. If not, you can send detailed system report to the Greatis Support center: http://greatis.com/support and we will send the special file for auto cleaning your computer. The service is free for RegRun′s users.

What′s about self-protection?

  1. You can specify the own file name for Partizan executable.
  2. RegRun generates the random name for executable in the Windows mode. In addition, it will crypt the executable for preventing de-tection using MD5 signature and strings.

How to start rootkit detection using Partizan?

  1. Open RegRun Control Center.
  2. Choose the "Partizan" tab and set up the Partizan checkbox.

Does Partizan work with Platinum Edition only?

    The rootkit auto detection is allowed for RegRun Platinum users only. Other users can use it for deleting virus files. Partizan is included to the free Reanimator software too.

How to uninstall Partizan?

Uninstall
  1. Open RegRun Start Control.
  2. Go to the Features menu.
  3. Choose "Partizan" item.
  4. Click on the "Remove" button.

Need Help?

  1. Knowledge Base.
  2. Submit your question to our Support Center.
Add or See Comments (>10)