SanityCheck 1.02 Build 10230301
The SanityCheck application was designed to be an advanced rootkit and malware detection tool for Windows which thoroughly scans the system for threats and irregularities which indicate malware or rootkit behavior.
By making use of special deep inventory techniques, this program detects hidden and spoofed processes, hidden threads, hidden drivers and a large number of hooks and hacks which are typically the work of rootkits and malware. It offers a comprehensible report which gives a detailed explanation of any irregularities found and offers suggestions on how to solve or further investigate any situation.
Here are some key features of “SanityCheck”:
· Makes use of special deep inventory techniques
· SanityCheck makes use of a special Windows feature (a GlobalFlag setting) which allows it to create a deep inventory of drivers, devices, processes, threads and a lot of other information about your system. By making use of this feature in combination with other techniques it is able to create a very thorough scan of irregularities on your system.
· Detect hidden processes
· SanityCheck goes to incredible lengths to detect processes which hide themselves from the Windows taskmanager and programming interfaces. It uses seven unmentioned safe techniques to reveal hidden processes in both usermode and kernelmode.
· Detect obfuscated processes
· Sanity Check detects processes which do efforts to obfuscate their names. This is a typical activity associated with malware.
· Detect processes attempting to appear as common system processes
· Sanity Check detects for processes which appear as a standard Windows process.
· Detect processes with obviously deceptive names
Malicious processes which are received as email attachements often try to appear as an innocent document types. An exmaple of such a process name is:
· foo.txt .exe
