Subscribe to our Best Free Rootkit Scanner/Remover
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
Rootkits are a special kind of software tool used to hide trojans, viruses and other malware from your anti virus scanner and other security products. Unfortunately, they are extremely effective, which means that some of you who are reading this will be infected, even though you believe your PC to be totally clean. Thankfully, there is a new class of security product now available, called "rootkit detectors", that use specialized techniques to detect these dangerous intruders. The reality is that at the present time, full protection against rootkits may require the use of multiple products, and complete removal may require a system rebuild. For more details, see my introductory article on rootkits. |
|
Discussion
|
|
I suggest that all of you download this product and scan your PCs. The chances of you being infected are small, but for five minutes work it's well worth eliminating the risk. Panda Anti Rootkit will detect most rootkits missed by AV scanners, but it can't provide perfect detection; no rootkit detector can. That's why I suggest you use more than one. |
|
RootkitRevealer is more complex to use than BlackLight, and is a bit prone to false positives, so take care before you delete detected items. |
|
I like this product a lot but it's not for everyone. So if you are the type that simply likes to press the "scan" button, then stick with Panda Anti Rootkit. |
|
IceSword has an English interface, but if you want to read the help manual that comes with it, you might find it cumbersome because it is written in Chinese. IceSword and DarkSpy are not really detectors like the other products, Rather, they offer a set of tools that can help reveal the presence of a rootkit. These tools include a special process viewer, startup manager and port enumerator that are not fooled by rootkits. It's left to the user, though, to interpret the results. In the hands of a skilled user, these are powerful tools, but are not of much use to beginners. The Chinese download sites are slow, so I've given local download links. |
|
Related Products and Links
|
|
You might want to check out these articles too: |
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
1.08 
Unrestricted Freeware 
Windows 2000 - XP2
|
Editor
|
|
This software category is maintained by volunteer editor cfigarella |
|
Tags
|
|
rootkit scanner, rootkit remover, free rootkit scanner, free rootkit remover, freeware |
Back to the top of the article
Delicious
Digg
StumbleUpon
Please rate this article
This is a promising article on rootkits. http://www.sciencedaily.com/releases/2009/11/091103102246.htm
Some Rootkits hide so well, that nothing you use will get rid of it. Sometimes re-installing Windows will not even get rid of it. The best thing to do is to make regular image backups, and if you get infected, wipe and restore the last uninfected image. A better option than cleanly wiping and re-installing.
I have to add my recommendation for Sophos Anti Rootkit. It found and removed hidden objects that Panda didn't even find. I'm not saying that it is a silver bullet, and it can't remove everything it finds, but it did find things that Panda didn't.
BUT there is still an infection that even this couldn't deal with on one of our pc's at work.
I have tried UnHackme, and it DID get rid of the root kit, but the system was so borked by that time that we had to do a reinstall of windows.
So try Sophos anyway, who knows, it may work for you.
I received this note via the site contact form:
Hello,
Sophos has recently released an updated version of their free anti-rootkit tool.
Along with increased detection Sophos has added support for the following operating systems;
Windows Vista
Windows Server 2008
Windows 7
Windows 64-bit platforms
I believe Sophos Anti-Rootkit is the first tool to support Windows 7 and 64-bit versions of Windows.
James Coulter
Sophos site requires registration to download, but it can also be downloaded from majorgeeks without registration. Unzip and run the exe.
http://majorgeeks.com/Sophos_Anti-Rootkit_d5238.html
Another quarrel, MajorGeeks states this works only with NT/2K/XP/2003.
It can also be downloaded from softpedia.com
http://www.softpedia.com/get/Antivirus/Sophos-Anti-Rootkit.shtml
Why would you not check out the vendor's own site for system compatibility information?
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
* Windows 2000
* Windows XP
* Windows Vista
* Windows 7
* Windows Server 2003
* Windows Server 2008
* 64-bit platforms
Sophos Anti-Rootkit requires a minimum of 128 Mb RAM.
I would recommend a combination of Prevx3.0 and GMER to remove the hardest and hardest of the Rootkits. Prevx3.0 is free for detection of malware, even though its not free for full version with removal facility. Use Prevx to scan the system and find out the malwares. Then it can be removed using the GMER. This combination helped me from a worst situation recently.
Hello !
Panda Antirootkit and the old Rootkit Revealer, IceSword and DarkSpy are too bypassed by new rootkits, I'am afraid. GMer itself can't follow the evolution.
Now a day, after many tests, I prefer :
- Rootkit Unhooker (version 3.8)
http://infomars.fr/forum/index.php?showtopic=1906
- RootRepeal (version 1.2.3)
http://infomars.fr/forum/index.php?showtopic=1912
For "average users", what do you think about Avast! antirootkit tool ?
Regards.
Txon.
http://www.threatfire.com/
Do yourself a favor and check this out. It is fast, uses very little system resources and live scans everything. Only manual scan is rootkit scan. Auto and manual updates are fast. It is very new and FREE... Runs in background without changing main anti-virus.
ThreatFire is patent-pending, security software for your computer. This Help system covers both ThreatFire Free Edition and ThreatFire Pro.
If I already have antivirus software why do I need ThreatFire?
ThreatFire is dramatically different to traditional antivirus software. Normal antivirus products usually need to have first identified and seen a threat before they can provide adequate protection against it. The protection is then provided via a signature or fingerprint update, which must first be written by an antivirus researcher. This creates a large window of time where threats are undetected and can therefore infect your PC even when you have antivirus software installed.
How can ThreatFire protect me when traditional antivirus can't?
ThreatFire continually protects your PC against attacks by detecting malicious behavior, such as capturing your keystrokes or stealing your data, instead of only looking for known threats like normal antivirus software. By implementing sophisticated real-time behavioral analysis ThreatFire is able to stop never- before-seen "zero-day" threats solely by detecting their malicious activity.
Hello !
I tested ThreatFire. It's an HIPS but not really an ARK.
ThreatFire doensn't block the more astute rootkits.
Its scanner just detects a very few of them, old one's.
Regards.
Txon.
ThreatFire is reviewed here:
http://www.techsupportalert.com/best-free-hips.htm
This sounds like an ad.
Threatfire is not new, it's been around a few years, and was called Cyberhawk before that.
Now it's owned by Symantec.
I thought it was owned by PC Tools?
Symantec gobbled up all of PC Tools last year: http://www.symantec.com/about/news/release/article.jsp?prid=20080818_02
I installed Darkspy and got a STOP 24 when I ran it. When I tried to uninstall it I could not find it in either Win XP or REVO Uninstallers. I used Little Registry Cleaner and RegCure to get it out of the registry and then deleted the setup file. I have XP PRO SP3.
I don't like the red color of this type, but I do like this site. Thanks
Is it okay to run any of these products with service Pack 3?
Too bad Panda Anti Rootkit is not supported for Vista :-(.
F-Secure BlackLight 2.2.1092
http://majorgeeks.com/F-Secure_BlackLight_d5156.html
- avast! ΑntiΡootkit
see the 1st post at
http://forum.avast.com/index.php?topic=33753.0
u said antipootkit xDD
It is still in beta... and being tested.
Anupam Shriwatri, India
So what?
It has been very effective since it is based on the GMER Technology!!!
Trend Micro "RootkitBuster" is a rootkit scanner that scans
-hidden files,
-registry entries,
-processes, drivers,
and
-Master Boot Record (MBR) rootkits.
RootkitBuster can also clean
-hidden files
and
-registry entries.
http://www.trendmicro.com/download/rbuster.asp
- avast! ΑntiΡootkit
xxxxxxxxxxxxxx
- F-Secure BlackLight 2.2.1092
xxxxxxxxxxxxxxxxx
Please note that we do not permit direct links to executables.
Man, what a headache finding the download link! Here it is:
Panda AntiRootkit 1.08
http[COLON]//research.pandasecurity.com/blogs/images/AntiRootkit.zip
replace the [colon] with :
Thanks! I couldn't find it either!
How about RootAlyzer from safer-networking.org? Any good?
What you probably are downloading is a ROOTKIT! And how on Earth would you know?
Don't download ANYTHING ever again :P
Well, these tools are fairly popular among security experts. If something suspicious was going on we would probably have known about it by now. Software recommendations on this site are given only to totaly safe and legitimate software so there's no need not to worry:)
thank's
I need a good rootkit remover and finder that works for vista I tried getting Ice sword and it failed to work any help?
It failed to work or you couldn't figure out how to use it? Besides, IceSword is recommended to experienced users only
They said it failed to work, maybe they are experienced.
It was my impression that you don't need anti-rootkits etc on Microsoft's latest Windows version, or any of their new software. It is so technically advanced now that these things can't get in.
That's why it didn't work on Vista, it's not needed. If it was needed, Bill Gates or others would tell us.
If MS software is so technically advanced why are there dozens (if not hundreds) of software and hardware products designed to protect your PC? Microsoft is an OS, applications, and software infrastructure provider. Unless they take over a major player in the anti-virus/anti-malware field, it's unlikely I would trust their protection.
Rik Mayell - Category Editor - Best Free Windows 7 / Vista 64 bit Software
The latest version of Rootkit Unhooker works on Windows Vista Ultimate, SP1. I read about it in Help file.
Anyone like Threatfire? I have it and like it it has a rootkit scanner.
It hasn't found any on my system yet, so maybe it doesn't work. How many should it find, one or two a day?
I use Rootkit Unhooker. It's great tool and is considered as one of the best antirootkit.
The latest vesion can be downloaded from http://www.rootkit.com/
Most of these tools are out of date. The best rootkit/trojan remover is Unhackme. They offer a free Russian version but if you install the trial and print out some screenshots the Russian version is pretty easy to navigate, since there aren't that many options or menus. It has saved me more times than all other crapware removal tools combined. Bold statement, but see for yourself.
So let's get this straight, u want me to download an unknown Russian program, with a GUI in Russian, that you say is an anti-rootkit? And install it.
I can't figure it out yet but there's something strange in that somewhere.
Panda isnt at all a very good ark! GMER & IceSword are much better...and how about RootkitUnhooker still the best ark out there!!!
GMER & IceSword better for expirienced users.
Hi,
Interesting article. Sophos Anti-Rootkit is another free rootkit removal tool which i find to be very effective and the scanning speed is also very admirable.
James
Hi, James from Sophos!
Hi,
I think, like a year ago or something, I checked this section and there were only about two 32bit programs. So I tried to search around for 64bit support, and I finished when I read somewhere that rootkits don't work on 64bit systems. Now I'm wondering if that's true.
Thanks.
Post new comment