Question about Rootkit Scanners/Removers

26Dolphins · 08. Jul 2011, 01:53 PM

Hi guys,

I posted this question in the "Best Free Rootkit Scanner/Remover" some time ago - I noticed it doesn't have a dedicated editor only aftewards.

So, here it is:

Quote:

I'm familiar with the first four ones and have noticed that, except for Gmer, the others don't update often - Sophos is about a year old and Root Repeal & F-Secure Blacklight Rootkit Eliminator are about two years old.
This may be a silly question, but I'm wondering, are they considered to still be very effective because rootkits' updates are slow as well?

Thanks in advance.

J_L · 09. Jul 2011, 02:02 AM

I find Hitman Pro one of the most effective, but it's removal is a 30-day trial.

26Dolphins · 10. Jul 2011, 03:51 PM

Thanks for the reply J.L. (I'm familiar with Hitman Pro), but it didn't enlighten me on my original question

Thanks anyway.

bo.elam · 10. Jul 2011, 06:26 PM

Hi 26Dolphins, my reply might not answer your question, but at one point
in the past I asked myself the same. The only thing that I could figure is
that dedicated anti rootkits don't use or need to update often because
they don't use definitions like a regular antivirus.
The applications you mentioned are scaners which as you know, detect
infections after you been infected so I decided to go a different way and
use something that prevents rootkit infections, that's how I got to SBIE.
I don't know if you are using SBIE but using the sandbox is a sure way to
stop rootkits when you are browsing/running programs under the
supervision of Sandboxie.
Sandboxie does not allow drivers to be installed.

Bo

J_L · 10. Jul 2011, 10:17 PM

If they use specific signatures, then they won't be effective anymore without updating (unless uploading to cloud like HMP). If they use heuristics and behaviour analysis, then they can still be effective.

26Dolphins · 11. Jul 2011, 06:05 PM

Thanks to both for replying.

I don't have an infection, thankfully.
The question came up after noticing that the version updates of SuperAntiSpyware include improvements to its rootkit detection engine, while the dedicated rootkit scanners/ removers don't update often, yet are considered effective.

I'm quite new to SBIE, but can already appreciate its advantages.

Thanks again.

10. Jul 2011, 03:51 PM	#3 (permalink)
26Dolphins Senior Member Join Date: Nov 2009 Posts: 440	Thanks for the reply J.L. (I'm familiar with Hitman Pro), but it didn't enlighten me on my original question Thanks anyway. __________________ 26Dolphins

11. Jul 2011, 06:05 PM	#6 (permalink)
26Dolphins Senior Member Join Date: Nov 2009 Posts: 440	Thanks to both for replying. I don't have an infection, thankfully. The question came up after noticing that the version updates of SuperAntiSpyware include improvements to its rootkit detection engine, while the dedicated rootkit scanners/ removers don't update often, yet are considered effective. I'm quite new to SBIE, but can already appreciate its advantages. Thanks again. __________________ 26Dolphins

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

09. Jul 2011, 02:02 AM	#2 (permalink)
J_L Co-Author, Best Free Security List Join Date: Dec 2008 Posts: 1,475	I find Hitman Pro one of the most effective, but it's removal is a 30-day trial.

10. Jul 2011, 06:26 PM	#4 (permalink)
bo.elam Senior Member Join Date: Nov 2009 Posts: 1,224	Hi 26Dolphins, my reply might not answer your question, but at one point in the past I asked myself the same. The only thing that I could figure is that dedicated anti rootkits don't use or need to update often because they don't use definitions like a regular antivirus. The applications you mentioned are scaners which as you know, detect infections after you been infected so I decided to go a different way and use something that prevents rootkit infections, that's how I got to SBIE. I don't know if you are using SBIE but using the sandbox is a sure way to stop rootkits when you are browsing/running programs under the supervision of Sandboxie. Sandboxie does not allow drivers to be installed. Bo

10. Jul 2011, 10:17 PM	#5 (permalink)
J_L Co-Author, Best Free Security List Join Date: Dec 2008 Posts: 1,475	If they use specific signatures, then they won't be effective anymore without updating (unless uploading to cloud like HMP). If they use heuristics and behaviour analysis, then they can still be effective.