When your computer gets a virus, that virus tries to spread, and eventually it will damage the host making it much easier to detect. A rootkit on the other hand is designed to hide certain elements such as files, processes, registry entries, or network connections, from the user and other programs thus making it very difficult to detect. This technology can be used for good as well as malicious purposes so it is important to be familiar with your computer to avoid deleting these legitimate objects. Within Windows rootkits are used to hide malware so that their execution goes unnoticed by your security applications. So imagine that a rootkit has been installed on your computer and that its purpose is to hide a virus, thus giving the malware time to complete its goal, steal your data, and damage your system all the while going undetected. Unfortunately, rootkits are extremely effective at this, which means that even though you may believe your PC to be totally clean, some of you could be infected right now.
Most of the anti-virus vendors have integrated anti-rootkit technology into their more recent products. However, this is not a fool proof solution against rootkits because just as the AV companies improve their products detection abilities, so the malware creators find new ways to avoid detection. So as security conscious users we must rely on third party tools to help us, and there are several free applications which specialize in the detection and removal of rootkits. Keep in mind that none of these products will detect every single problem, so it is always a good idea to keep more than one of them to hand.
Discussion
There are a lot of anti-rootkit programs available, a lot of this software is very advanced and requires an experienced and technical minded user who is familiar with computers and operating systems. However, there are a couple of options that do not require much technical ability and are also very effective.
The new Top pick is Kaspersky TDSSKiller. It has an easy to use GUI, Fast scan times, great detection rate, and is user friendly. TDSS Killer managed to detect and remove all modern rootkits tested (TDSS, Zeus, TDLV4, etc.). The only down side is TDSS Killer seems to detect some false positives and has crashed on Windows 7 Ultimate twice during my tests. The positives far out weigh the negatives on this one. TDSS Killer also includes 64 bit functionality which is a huge plus.
Avast Anti-Rootkit (or aswMBR) resembles a command prompt windows but is fairly easy to use. It lets you scan your computer and MBR for rootkits and even fixes any issues. Understanding the output from Avast Anti-rootkit may be a little hard for some users but it does the job well. I tested it against TDSS and several other modern rootkits and it found all of them. Removal on the other hand was not as good as some of the other tools.
Sophos Anti-Rootkit (Out-Of-Date) has a small but easy to use interface with no options other than choosing where you want to scan. As it scans it opens up to a slightly larger interface where it lists the results of the scan and gives you information about each result as well as a recommendation for them. Additionally, a small help file is available that explains the program in a little more detail and gives directions on how to use the command line anti-rootkit tool which is also included. For all Windows users, Sophos offers an easy and very effective choice in rootkit removal, that is suitable even for beginners. Unfortunately Sophos Anti-Rootkit is out of date. After running several tests against modern malware it seems it is unable to detect most threats.
I have two top choices for all the experienced and technical users because I find it impossible to choose one over the other. GMER and RootRepeal are very popular applications, and they are definitely my favorites, but it takes someone pretty knowledgeable about computer systems to be able to interpret the results. You can find a lot of documentation on both programs but if you are the type of person who likes to click the scan button and simply wait for the results, you would be better served with either Sophos or F-Secure Blacklight TDSS Killer or Prevx.
F-Secure Blacklight(Not Supported) is another great tool for rootkit removal. Unfortunately, support for it ended a couple of years ago or it might have been my top pick. However, you can still download it on the F-Secure web site and it is compatible with Windows Vista and XP.
Windows Vista and XP users should download a copy of this great program because even though it is not supported anymore, it is still one of the best rootkit removal applications available.
Still works well for older rootkits but gives "Incompatible" error if ran on Windows 7. Blacklight is also unable to detect most modern rootkits as support seems to have slowed down. I recomend one of the other tools for now.
The next product that I looked at is one that I always keep in my toolkit. Dr.Web CureIt! is not a standalone anti-rootkit tool like the other tools I recommended, rather it is a free malware scanner and removal tool that happens to be pretty effective at removing rootkits. It is always a good idea to have more than one tool capable of removal, so Dr. Web's freeware scanner is a great addition to anybody's arsenal because it removes more than just rootkits, and it does this very well.
Sometimes the only symptoms you will get from rootkits is an increase in network traffic, or a decrease in performance, and maybe an unknown process running. So with today's high bandwidth networks, and high performance computers it can be very hard to notice any signs. Prevention is always the best practice, but detection is just as important so make sure your AV has anti-rootkit capabilities, and make sure you have a good Firewall and HIPS combo. This and a combination of the tools I have mentioned are the best approach toward keeping your computer free of rootkits.
Prevx Free, the free version of Prevx, offers the same class leading real time detection of the full version, unfortunately it doesn't offer much more than this. Prevx Free is only capable of cleaning select infections, such as Adware, the ZEUS banking trojan, and MBR rootkits. When dealing with rootkits detection is definitely very important, so even if you can't clean all infections you might at least be alerted, enabling you to take further action and manually remove the rootkit or seek help in doing so. As hard as it is detect the newer, ever evolving rootkits and viruses, Prevx can be a very powerful and informative addition to your regular anti-virus software.
Additionally, Prevx Free can run customized scans from the context menu and also gives you the ability to schedule scans in the GUI to help assure that nothing has gotten by your normal security software. On my 320 GB hard drive a deep scan takes about three minutes on average. The free version also offers protection of stored cookies as well as protection for all of your saved credentials. There is also a browser protection component in the free version but it only offers custom protection on only one web site of your choice. It does however, give the full Prevx Safe Online protection, which includes anti-phishing, protection against hijacks, keyloggers, and cookie stealers for a number of popular websites such as PayPal, CleverBridge, or Amazon and of course the one website of your choice.
While the free version of Prevx can not clean a lot of rootkits, it can effectively warn you about new infections. Prevx is inherently built on their anti-rootkit technology, and has consistently been one of the first vendors to detect new rootkits. I believe that this application can play a very important role in keeping your computer clean of all infections, after all, you can't remove what you can not find.
Please note: Some of the free version component features in Prevx/SafeOnline are either restricted or disabled altogether. Users should read the vendor's description carefully for the version they are downloading before deciding if the program is suitable for their own needs.
PrevX also has a free Safe-Online version available through facebook now. Link has been added.
NOTE: Some users have reported slow down when running PrevX and Online Armor. I am working on confirming this with PrevX support.
Runs as a stand-alone program on a user's computer
Real time anti-rootkit detection. Can detect all types of infections and is very good at it. Very light on resources. Scans in 5- 10 minutes. Provides some browser protection. Very easy to use and intuitive.
Free version doesn't include cleaning or realtime protection.
This software category is maintained by volunteer editor Kyle Davidson. You can contact the editor with any comments or suggestions you might have by clicking here.
by AMDFAN (not verified) on 3. February 2012 - 20:55(88250)
503 Error - Service unavailable
OOPS! Looks like we have a problem!
We are sorry but our server security software has objected to something in your post. It could be that it thinks your post contains spam, is attempting to link to a hostile website or something nastier. Usually there is nothing actually wrong with your post but rather our security software has got it wrong but I think you will agree it is better to be safe than sorry. Try removing any links in your post and removing any words like "pharmacy", "sex" or other words likely to upset our security software. If problems persist please use our site contact form to let us know.
Other than that you can also go back to our home page by clicking on the link below.
^ Weird all I spammed if you can call it that was a FF link for an add on to help some one fight off facebook attacks :/ Other then that I dont think I did anything wrong :( I didnt use those words or nothin... IDK what I did but sorry :( ^
by killed_by_TDSS (not verified) on 21. January 2012 - 21:55(87558)
I've run Kaspersky TDSSKiller on a notebook. It found and removed one file. Now my network does not work!! Ethernet does not connect. Wireless connects sometimes for a second and drops connection.
I've not wrote down the file name Kasperski deleted :-( !!
I expected that like any decent program it saves the log.
But Kasperski saved no log!! of what it did!!!
by AMDFAN (not verified) on 3. February 2012 - 21:09(88251)
If it says it's a windows file of any kind or a legit driver program you don't remove that. If it had the brand of computer in it's explanation such as dell, toshiba Hewlett Packard. Some times even exe. files run what is called rootkit technology witch is legit but can be confusing. You must have run the extra 2 choices it gives you that can potentially be more dangerous if you dont know whats going on. Probably removing your TCP drivers. Sorry dude thats one thing you need to watch out for when ever using such devices. Next time dont use the extra 2 options it gives you, that can and obviously has proven dangerous for you. I ran it as well and got 4 windows uploads and 2 InCD files and I know not to touch windows but I wasnt sure what to do about the InCD devices sense its a program been on this computer as long as I remember so I left it alone. If it was something I knew I added I might have tried removing it though cause it wouldnt have caused any real damage except maybe having to re install the program. Sorry dude hopefully you got it fixed and next time you just let it run its regular priority process just to be safe.
As indicated in the review text, these tools require an experienced knowledge of Windows to avoid deleting legitimate files. The same applies to so called registry cleaners and tweak tools.
by Rocky (not verified) on 11. January 2012 - 14:55(87012)
Hello Guys,
Happy New Year to all!
Can someone tell me:
1. Which is the best Realtime Rootkit prevention/Detection software?
2. Is online Armor Free version/ComodoFirewall Free/Outpost Firewall Free/Adaware Free able to detect/prevent and stop the Rootkit from Impacting?
by AMDFAN (not verified) on 3. February 2012 - 21:19(88253)
Honestly I think I'm pretty stuck on Avast and Spyware doctor. Online Armor works quite well but it causes the computer to be sluggish and Comodo I always seem to have issues with their updates on the full free package and using just the antivirus it seems after a couple times the GUI refuses to work. I used to use Avast allot but started using Online armor and Comodo ( at separate times of course) figuring I didnt need it but now that I no longer bother with their firewalls I go back to the old reliable's of the day. Spyware Dr. cause its the most silent on XP and works real well in almost all areas but does not work well on WIN7 where it wont allow it to shut down fully so Avast is best there. I have heard however some good about Outposts preventions but have never used it myself. At the same time I've also heard it's not very good about harder to detect software and Rootkits would fall under that category but again as I said I have never used it so I can't give a fully honest answer about that.
by Arjan Groenewoud (not verified) on 6. January 2012 - 8:59(86671)
I had a very nasty backdoor tdss rootkit who turned off Kaspersky TDSSKiller... Dr web was the only one who found it. Before I tried Dr web TDSSKiller didn't do anything, after it was killed by Dr web it worked good, but found nothing duh! Before Dr web I tried spyware terminator, spybot search and destroy, ad-aware, microsoft sec. essentials, avast but IE automaticly started up randomly , and TDSSKiller didn't do anything (no reaction after double click), but after the scan of avast it came up with a screen about to trust this program etc. and then nothing. But after Dr web it worked it could scan...with no results...
Its a pitty but I don't know the exact name of it. And the above I found out after. Dr web doesn't make a log anyware?
Hope this helps..
by Chuckmerja (not verified) on 5. January 2012 - 16:21(86619)
Very useful article. I had TDL4@MBR on my main home computer. AVG free and Malewarebytes did not find it. GMER found it, but when trying to remove I got BSOD. Kaspersky TDSSkiller got it and now I have my computer back!
But what do I now do with the half dozen thumbdrives that have "setup50045.fon, setup50045.lnk, autorun.inf, myporno.avi.lnk, pornmovs.lnk" on them? How do I clean them up???
by AMDFAN (not verified) on 3. February 2012 - 21:28(88255)
LMAO Just plug in your thumbdrive and remove it all like anything else. Delete it all and throw it in the trash, Run some deep scans on the computer and it will clean it all up while scanning the computer. Superantispyware free edition you can actually just set it to specifically clean the thumbdrive and it'll do it up for you with out wasting the time on the rest of the machine. I like to open up the containing folder and get the installers out and move them to my thumbdrive so i can scan them before I ever DL the programs so at least I know I have a cleaner install then what just going in there directly off the web pages. It's not like a disk where you can scan it but it wont remove it, a thumb drive is just a drive but with a chip instead of a rotating hard drive. More like a phones sim card. Hope this helps.
You can use a virtualization software. Plug-in the pen drives while the virtualization software is running, and then either format the pen drives, or try to remove malware from them. If the data is not important in those drives, then format would be the best thing to do.
Make sure to remove the pen drive, while the software is running too, otherwise, if you reboot with the pen drive still intact, the changes will be rolled back, and computer might get infected.
by Rocky (not verified) on 26. December 2011 - 10:32(86011)
Hello Guys,
Does anyone have any Idea if running the Avira12 Free AV + Online armor Free cause any issues?
I have recently seen a very High CPU usage by Hardware Interrupts on my system, it also does not accept the Shutdown command aswell, Any suggestions please ?
This could be due to many things but we are unable to provide individual support here in the comments. Please post your issue including full system details in our forum.
Avast! has been telling there is a rootkit infection in my PC, something called rootkit-gen. Then, it asks me to press 1 to delete it, and so on. But when I press 1 (or 3, to put it in the vault), nothing really happens. I get a message to the effect that the operation is incompatible with this sort of file. TDSS Killer, otherwise, says that there is no infection. What to think? I will appreciate any help.
Unfortunately we cannot provide individual support here in the comments. The best place to post this is either in the Avast! forum or another that can analyze a HijackThis log for you.
by geeksquad (not verified) on 24. November 2011 - 10:02(83832)
hey kyle,
ive tried so many antiviruss its so annoying over the past year i would say: microsoft security essentials-garabage, bitdefender-garbage, brain fart sorry theres more just cant think rite now. avast worked great with me but when i went online to look alot of the ratings in labs said it wasnt too good? :( thats why i got rid of it. i am using comodo right now but i got a nasty nasty nasty rootkit that i think infected comodo because it freezes and wont let me delete it. 2 questions first which antivirus do you prefer with antimalware and second did my comodo get infected because it showed on the search that the rootkit went into a lot of my comodo files and now it swont let me delete it? ohh ya sorry one more question what antimaleware should i use or does it matter? because if you run both does it mess up ur functions? thanks for your time
by AMDFAN (not verified) on 3. February 2012 - 16:08(88221)
Screw Comodo dude, I used it's firewall for about 2 years and was constantly having to re DL it cause updates kept causing operation problems and it wouldn't block right. Won't pass the ping tests either with XP. I tried some of their other freewares and none of them worked right and some of them just caused problems with my computer, Causing lock up, downloads wouldnt download right, I just gave up on them altogether, and its to bad too cause when I first got Comodo I loved it and told everyone I knew they should try it over [commercial AVs]. I just use private firewall now, Been doing great sense I started it 6 months ago and havnt had a single issue. Blocks people trying to get remote access quite well cause nothing has been out of place. I combine it with [commercial av] and on win7 with avast cause some reason [commercial av] wont allot the computer to shut down properly. Nice thing is unlike Comodo they know when to just shut up and do their jobs.
This is something that the developers really need to know. That said, I've never heard of anyone who did get infected while using CIS, unless they disabled something at one point. So if this is a genuine bypass then it's very important.
You can't take those tests verbatim as they can be wrong or exaggerated depending on how they tested the product. I can say in my experience I have never seen Avast! Home miss any "in the wild" malware.
To answer your questions:
1) I would scan your system with TDSS Rootkit scanner (or another one listed here) and make sure you are infected. You can feel free to contact me via the link at the bottom of the post and send me the report if you want.
by LilJon (not verified) on 31. October 2011 - 12:32(82464)
If you run TDSS Killer and enable signature verification, it will usually pick up 1 or more unsigned files. To be more confident these are just false positives, submit them to any of the following Online MultiVirus Scanners to check (listed in no particular order):
http://www.virustotal.com
http://virusscan.jotti.org/en
http://virscan.org
http://vscan.novirusthanks.org
I just noticed this too. My scan showed 20 Unsigned files. Basically anything the isn't signed will show up using this scan so I recommend only using it in an emergency (if you know you are infected and it doesn't see anything). Use this option with caution, especially if you are going to remove detected files. There are plenty of ways to verify malware (including the links above and other free AV's).
by AMDFAN (not verified) on 3. February 2012 - 20:31(88246)
Agreedd, I had to take a second look myself then found it was just an old program that this computer has had forever (inCd) and the others where just MS updates using rootkit tech. No big deal, I just let it go.
by mook (not verified) on 21. October 2011 - 23:56(81889)
Thanks for the review. Recently I foolishly allowed a program to install thinking it was a Firefox Nightly upgrade, of course this was around a week after my AV had expired. To make a weeks worth of story short, everything I tried including Sophos, PCTools, Reg Mech, and various Microsoft tools did not find what I suspected to be a rootkit.
One pass with TDSS killed the b*st*rd fast. Running Win7 SP1 64bit. I never do this type of stupid behavior, but I was not paying attention and as a result my index finger caused me grief.After the TDSS, I renewed my AV, had harsh words with my index finger and verified that the brain and index finger were communicating again :)
Thanks!!!
[Moderators edit] - commercial program details removed.
by steves123 (not verified) on 14. October 2011 - 20:41(81413)
hi, ive just started to download Dr web cure it, after reading your review i thought i'd give it a whirl as ive tried most other security software, i know im probably being picky, but from following your link to the download, you have to fill out personal details just to get the download started ie name email age,etc i think you should make people aware of this as i dont like giving info to sites i dont know, also you stated the file size is 49.2 mb, but the size is 75.4, a slight difference i think you'd agree, dont mean to moan keep up the good work it really is appreciated.thank you
by PeterW (not verified) on 12. October 2011 - 3:41(81266)
I ran TDSS Killer and it came back with one hit: Servic:sptd. I looked it up on Bleepingcomputer.com and it came back as a necessary Windows file that's used for Daemon Tools CD emulation. So, while I'm glad that nothing else was found, I don't know if it then missed something out there. After all, the worst rootkit killer out there would come up with nothing, right? I'm going to hope that no news (or a false positive - you can and should look up what is found anyway before you trash it) is good news, and will keep it around for awhile.
I tried Sophos and found it difficult to work with and lacking a good gui. My humble opinion.
For what it's worth, I run Win7 on a 64-bit
Windows firewall
Microsoft Security Essentials
Malwarebytes (paid subscription)
RUbotted
Thanks for the great article and for your work on our behalf.
by AMDFAN (not verified) on 3. February 2012 - 16:20(88224)
I just used Avast rootkit on XP and it found nothing BUT i looked and noticed that it was tested on WIN7. In your opinion was I in the wrong to try it and should I try another or is this going to be ok?
Subscribe to our RSS feed or enter your email address below to get the feed delivered to you by email:
We are currently looking for people with skills and/or interest in the following areas:
Read this article in Spanish
Go straight to the Quick Selection Guide
Printer-friendly version
Comments
503 Error - Service unavailable
OOPS! Looks like we have a problem!
We are sorry but our server security software has objected to something in your post. It could be that it thinks your post contains spam, is attempting to link to a hostile website or something nastier. Usually there is nothing actually wrong with your post but rather our security software has got it wrong but I think you will agree it is better to be safe than sorry. Try removing any links in your post and removing any words like "pharmacy", "sex" or other words likely to upset our security software. If problems persist please use our site contact form to let us know.
Other than that you can also go back to our home page by clicking on the link below.
^ Weird all I spammed if you can call it that was a FF link for an add on to help some one fight off facebook attacks :/ Other then that I dont think I did anything wrong :( I didnt use those words or nothin... IDK what I did but sorry :( ^
I've run Kaspersky TDSSKiller on a notebook. It found and removed one file. Now my network does not work!! Ethernet does not connect. Wireless connects sometimes for a second and drops connection.
I've not wrote down the file name Kasperski deleted :-( !!
I expected that like any decent program it saves the log.
But Kasperski saved no log!! of what it did!!!
ARGH!!!!!!!!!!!!!!!!!!
Beware
If it says it's a windows file of any kind or a legit driver program you don't remove that. If it had the brand of computer in it's explanation such as dell, toshiba Hewlett Packard. Some times even exe. files run what is called rootkit technology witch is legit but can be confusing. You must have run the extra 2 choices it gives you that can potentially be more dangerous if you dont know whats going on. Probably removing your TCP drivers. Sorry dude thats one thing you need to watch out for when ever using such devices. Next time dont use the extra 2 options it gives you, that can and obviously has proven dangerous for you. I ran it as well and got 4 windows uploads and 2 InCD files and I know not to touch windows but I wasnt sure what to do about the InCD devices sense its a program been on this computer as long as I remember so I left it alone. If it was something I knew I added I might have tried removing it though cause it wouldnt have caused any real damage except maybe having to re install the program. Sorry dude hopefully you got it fixed and next time you just let it run its regular priority process just to be safe.
As indicated in the review text, these tools require an experienced knowledge of Windows to avoid deleting legitimate files. The same applies to so called registry cleaners and tweak tools.
Hello Guys,
Happy New Year to all!
Can someone tell me:
1. Which is the best Realtime Rootkit prevention/Detection software?
2. Is online Armor Free version/ComodoFirewall Free/Outpost Firewall Free/Adaware Free able to detect/prevent and stop the Rootkit from Impacting?
Thanks in Advance!!
Rocky.
Honestly I think I'm pretty stuck on Avast and Spyware doctor. Online Armor works quite well but it causes the computer to be sluggish and Comodo I always seem to have issues with their updates on the full free package and using just the antivirus it seems after a couple times the GUI refuses to work. I used to use Avast allot but started using Online armor and Comodo ( at separate times of course) figuring I didnt need it but now that I no longer bother with their firewalls I go back to the old reliable's of the day. Spyware Dr. cause its the most silent on XP and works real well in almost all areas but does not work well on WIN7 where it wont allow it to shut down fully so Avast is best there. I have heard however some good about Outposts preventions but have never used it myself. At the same time I've also heard it's not very good about harder to detect software and Rootkits would fall under that category but again as I said I have never used it so I can't give a fully honest answer about that.
Hope I could help and sorry if I couldn't.
I had a very nasty backdoor tdss rootkit who turned off Kaspersky TDSSKiller... Dr web was the only one who found it. Before I tried Dr web TDSSKiller didn't do anything, after it was killed by Dr web it worked good, but found nothing duh! Before Dr web I tried spyware terminator, spybot search and destroy, ad-aware, microsoft sec. essentials, avast but IE automaticly started up randomly , and TDSSKiller didn't do anything (no reaction after double click), but after the scan of avast it came up with a screen about to trust this program etc. and then nothing. But after Dr web it worked it could scan...with no results...
Its a pitty but I don't know the exact name of it. And the above I found out after. Dr web doesn't make a log anyware?
Hope this helps..
Very useful article. I had TDL4@MBR on my main home computer. AVG free and Malewarebytes did not find it. GMER found it, but when trying to remove I got BSOD. Kaspersky TDSSkiller got it and now I have my computer back!
But what do I now do with the half dozen thumbdrives that have "setup50045.fon, setup50045.lnk, autorun.inf, myporno.avi.lnk, pornmovs.lnk" on them? How do I clean them up???
LMAO Just plug in your thumbdrive and remove it all like anything else. Delete it all and throw it in the trash, Run some deep scans on the computer and it will clean it all up while scanning the computer. Superantispyware free edition you can actually just set it to specifically clean the thumbdrive and it'll do it up for you with out wasting the time on the rest of the machine. I like to open up the containing folder and get the installers out and move them to my thumbdrive so i can scan them before I ever DL the programs so at least I know I have a cleaner install then what just going in there directly off the web pages. It's not like a disk where you can scan it but it wont remove it, a thumb drive is just a drive but with a chip instead of a rotating hard drive. More like a phones sim card. Hope this helps.
You can use a virtualization software. Plug-in the pen drives while the virtualization software is running, and then either format the pen drives, or try to remove malware from them. If the data is not important in those drives, then format would be the best thing to do.
One such virtualization software you can use is Toolwiz Time Freeze : http://www.toolwiz.com/products/toolwiz-time-freeze
Make sure to remove the pen drive, while the software is running too, otherwise, if you reboot with the pen drive still intact, the changes will be rolled back, and computer might get infected.
Hello Guys,
Does anyone have any Idea if running the Avira12 Free AV + Online armor Free cause any issues?
I have recently seen a very High CPU usage by Hardware Interrupts on my system, it also does not accept the Shutdown command aswell, Any suggestions please ?
This could be due to many things but we are unable to provide individual support here in the comments. Please post your issue including full system details in our forum.
Avast! has been telling there is a rootkit infection in my PC, something called rootkit-gen. Then, it asks me to press 1 to delete it, and so on. But when I press 1 (or 3, to put it in the vault), nothing really happens. I get a message to the effect that the operation is incompatible with this sort of file. TDSS Killer, otherwise, says that there is no infection. What to think? I will appreciate any help.
Unfortunately we cannot provide individual support here in the comments. The best place to post this is either in the Avast! forum or another that can analyze a HijackThis log for you.
so Panda Antirootkit is no good anymore?
hey kyle,
ive tried so many antiviruss its so annoying over the past year i would say: microsoft security essentials-garabage, bitdefender-garbage, brain fart sorry theres more just cant think rite now. avast worked great with me but when i went online to look alot of the ratings in labs said it wasnt too good? :( thats why i got rid of it. i am using comodo right now but i got a nasty nasty nasty rootkit that i think infected comodo because it freezes and wont let me delete it. 2 questions first which antivirus do you prefer with antimalware and second did my comodo get infected because it showed on the search that the rootkit went into a lot of my comodo files and now it swont let me delete it? ohh ya sorry one more question what antimaleware should i use or does it matter? because if you run both does it mess up ur functions? thanks for your time
Screw Comodo dude, I used it's firewall for about 2 years and was constantly having to re DL it cause updates kept causing operation problems and it wouldn't block right. Won't pass the ping tests either with XP. I tried some of their other freewares and none of them worked right and some of them just caused problems with my computer, Causing lock up, downloads wouldnt download right, I just gave up on them altogether, and its to bad too cause when I first got Comodo I loved it and told everyone I knew they should try it over [commercial AVs]. I just use private firewall now, Been doing great sense I started it 6 months ago and havnt had a single issue. Blocks people trying to get remote access quite well cause nothing has been out of place. I combine it with [commercial av] and on win7 with avast cause some reason [commercial av] wont allot the computer to shut down properly. Nice thing is unlike Comodo they know when to just shut up and do their jobs.
Hi, if you believe that you were infected while using Comodo Internet Security then please report this on the Comodo forums:
http://forums.comodo.com/news-announcements-feedback-cis-b129.0/
This is something that the developers really need to know. That said, I've never heard of anyone who did get infected while using CIS, unless they disabled something at one point. So if this is a genuine bypass then it's very important.
Thank you.
You can't take those tests verbatim as they can be wrong or exaggerated depending on how they tested the product. I can say in my experience I have never seen Avast! Home miss any "in the wild" malware.
To answer your questions:
1) I would scan your system with TDSS Rootkit scanner (or another one listed here) and make sure you are infected. You can feel free to contact me via the link at the bottom of the post and send me the report if you want.
2) I recommend Avast Home or take a look at this page http://www.techsupportalert.com/best-free-anti-virus-software.htm for some other good ones.
If you run TDSS Killer and enable signature verification, it will usually pick up 1 or more unsigned files. To be more confident these are just false positives, submit them to any of the following Online MultiVirus Scanners to check (listed in no particular order):
http://www.virustotal.com
http://virusscan.jotti.org/en
http://virscan.org
http://vscan.novirusthanks.org
Cheers!
LJ
Hi,
I just noticed this too. My scan showed 20 Unsigned files. Basically anything the isn't signed will show up using this scan so I recommend only using it in an emergency (if you know you are infected and it doesn't see anything). Use this option with caution, especially if you are going to remove detected files. There are plenty of ways to verify malware (including the links above and other free AV's).
Thanks for the comment!
Agreedd, I had to take a second look myself then found it was just an old program that this computer has had forever (inCd) and the others where just MS updates using rootkit tech. No big deal, I just let it go.
Thanks for the review. Recently I foolishly allowed a program to install thinking it was a Firefox Nightly upgrade, of course this was around a week after my AV had expired. To make a weeks worth of story short, everything I tried including Sophos, PCTools, Reg Mech, and various Microsoft tools did not find what I suspected to be a rootkit.
One pass with TDSS killed the b*st*rd fast. Running Win7 SP1 64bit. I never do this type of stupid behavior, but I was not paying attention and as a result my index finger caused me grief.After the TDSS, I renewed my AV, had harsh words with my index finger and verified that the brain and index finger were communicating again :)
Thanks!!!
[Moderators edit] - commercial program details removed.
Hi there,
I'm sorry to hear you were infected, but I am glad to hear TDSS Killer worked for you!
Thanks for the comment!
hi, ive just started to download Dr web cure it, after reading your review i thought i'd give it a whirl as ive tried most other security software, i know im probably being picky, but from following your link to the download, you have to fill out personal details just to get the download started ie name email age,etc i think you should make people aware of this as i dont like giving info to sites i dont know, also you stated the file size is 49.2 mb, but the size is 75.4, a slight difference i think you'd agree, dont mean to moan keep up the good work it really is appreciated.thank you
Thanks for the feed back!
I will adjust the review to reflect these changes/errors. I agree you shouldn't need to give personal info for the download.
I appreciate the feedback!
I ran TDSS Killer and it came back with one hit: Servic:sptd. I looked it up on Bleepingcomputer.com and it came back as a necessary Windows file that's used for Daemon Tools CD emulation. So, while I'm glad that nothing else was found, I don't know if it then missed something out there. After all, the worst rootkit killer out there would come up with nothing, right? I'm going to hope that no news (or a false positive - you can and should look up what is found anyway before you trash it) is good news, and will keep it around for awhile.
I tried Sophos and found it difficult to work with and lacking a good gui. My humble opinion.
For what it's worth, I run Win7 on a 64-bit
Windows firewall
Microsoft Security Essentials
Malwarebytes (paid subscription)
RUbotted
Thanks for the great article and for your work on our behalf.
Peter
Hi there! Sorry for the late reply.
I notice the same thing when running TDSS Killer. I will send an e-mail to them about the false positive.
I think what is happening here is Daemon Tools CD Driver acts in a way that TDSS detects it as a rootkit.
I have tested Daemon tools with several other AV's and all seems fine.
Thanks for the comment!
I just used Avast rootkit on XP and it found nothing BUT i looked and noticed that it was tested on WIN7. In your opinion was I in the wrong to try it and should I try another or is this going to be ok?
Thanks Kyle the Kaspersky tool worked like a charm - hooray I have my computer back!
Post new comment