Anyone know of a good freeware anti-rootkit program?
4
Anti-Rootkit programs
Started by Icedrake, Apr 25 2008 04:17 PM
14 replies to this topic
#1 OFFLINE
-
- Members
-
- 1,646 posts
Shazam!
- Gender:Male
- Location:United States
- Interests:Reading, using my computer, astronomy, physics, mathematics, etc.
Posted 25 April 2008 - 04:17 PM
Website: www.icedrake.co.cc
YouTube: www.youtube.com/icedrake99
DeviantART: www.icedrake99.deviantart.com
Twitter: www.twitter.com/icedrake99
YouTube: www.youtube.com/icedrake99
DeviantART: www.icedrake99.deviantart.com
Twitter: www.twitter.com/icedrake99
#2 OFFLINE
-
- Moderators
-
- 13,330 posts
Captain Spectacular
- Gender:Male
- Location:Shadow Moses
Posted 25 April 2008 - 04:39 PM
These are currently freeware from reputable companies:
* Panda Anti-Rootkit
* Avira Anti-Rootkit
Do note that if you switch to either Avast Antivirus Home Edition, or AntiVir PersonalEdition Classic that they include rootkit detection build-in.
* Panda Anti-Rootkit
* Avira Anti-Rootkit
Do note that if you switch to either Avast Antivirus Home Edition, or AntiVir PersonalEdition Classic that they include rootkit detection build-in.
#3 OFFLINE
-
- Members
-
- 115 posts
Advanced Member
Posted 27 April 2008 - 01:48 AM
The Avira AntiRootKit Tool (beta) finds more rootkit entries than AntiVir free does.
#4 OFFLINE
-
- Members
-
- 2,101 posts
POSIMO
Posted 27 April 2008 - 02:08 AM
Here are two more. Both are no install apps.
F-Secure Black Light. Link is at the bottom of the page http://www.f-secure....ecurity_center/
Trend Micro Rootkit Buster http://www.trendmicr...oad/rbuster.asp
F-Secure Black Light. Link is at the bottom of the page http://www.f-secure....ecurity_center/
Trend Micro Rootkit Buster http://www.trendmicr...oad/rbuster.asp
#5 OFFLINE
-
- Members
-
- 941 posts
Power Member
- Location:Scottsdale, AZ USA
Posted 27 April 2008 - 02:46 AM
Just downloaded and tried to install Avira Anti-Rootkit Tool. However, couldn't get the Setup.exe file to open. Anyone else have that problem? Or, is there possibly another way to install it?
#6 OFFLINE
-
- Members
-
- 2,101 posts
POSIMO
Posted 27 April 2008 - 03:57 AM
Tom AZ, on Apr 26 2008, 10:46 PM, said:
Just downloaded and tried to install Avira Anti-Rootkit Tool. However, couldn't get the Setup.exe file to open. Anyone else have that problem? Or, is there possibly another way to install it?
Go with the two I linked or the Panda one. All 3 do not require an install.
#7 OFFLINE
-
- Members
-
- 2,235 posts
Keep it simple !
- Gender:Male
- Location:Maryland U.S.A.
Posted 27 April 2008 - 04:20 AM
Tom AZ, on Apr 26 2008, 10:46 PM, said:
Just downloaded and tried to install Avira Anti-Rootkit Tool. However, couldn't get the Setup.exe file to open. Anyone else have that problem? Or, is there possibly another way to install it?
davey
#8 OFFLINE
-
- Moderators
-
- 13,330 posts
Captain Spectacular
- Gender:Male
- Location:Shadow Moses
Posted 27 April 2008 - 09:31 AM
Tom AZ, on Apr 26 2008, 08:46 PM, said:
Just downloaded and tried to install Avira Anti-Rootkit Tool. However, couldn't get the Setup.exe file to open. Anyone else have that problem? Or, is there possibly another way to install it?
The one I really like is Panda Anti-Rootkit, it will even check for an update before scanning.
Many of the free anti-rootkit scanners haven't been updated for months!
#9 OFFLINE
-
- Members
-
- 1,778 posts
blanko
- Gender:Not Telling
Posted 28 April 2008 - 01:37 AM
IceSword is pretty good, but detects many processes that are harmless. Info and a download link:
http://www.castlecops.com/t165203-IceSword...llustrated.html
SpyBot S&D is getting into rootkit finding; they describe their present app as "a work in progress". Info and a download link:
http://forums.spybot...ead.php?t=24185
Sophos has a good one. You have to register to download it:
http://www.sophos.com/products/free-tools/...ti-rootkit.html
Sysinternals has a good one: RootKit Revealer. Info and a download link:
http://technet.microsoft.com/en-us/sysinte...s/bb897445.aspx
None of the above require installation, all are free. I just use them to find out whats going on in my computer...never have found anything ugly, thank goodness. Would have to get expert help if an actual rootkit showed up. You have to be careful, a lot of processes that look scary are really legitimate.
Also I think you do have to install the Avira RKD, but no reboot is required.
http://www.castlecops.com/t165203-IceSword...llustrated.html
SpyBot S&D is getting into rootkit finding; they describe their present app as "a work in progress". Info and a download link:
http://forums.spybot...ead.php?t=24185
Sophos has a good one. You have to register to download it:
http://www.sophos.com/products/free-tools/...ti-rootkit.html
Sysinternals has a good one: RootKit Revealer. Info and a download link:
http://technet.microsoft.com/en-us/sysinte...s/bb897445.aspx
None of the above require installation, all are free.
I just use them to find out whats going on in my computer...never have found anything ugly, thank goodness. Would have to get expert help if an actual rootkit showed up. You have to be careful, a lot of processes that look scary are really legitimate. Also I think you do have to install the Avira RKD, but no reboot is required.
The SLIM version is always released a bit after any new version; when it is it will be HERE :-)
#10 OFFLINE
-
- Moderators
-
- 13,330 posts
Captain Spectacular
- Gender:Male
- Location:Shadow Moses
Posted 28 April 2008 - 01:54 AM
login123, on Apr 27 2008, 07:37 PM, said:
Also I think you do have to install the Avira RKD, but no reboot is required.
Some of those others that claim they can just be ran without installing are actually adding stuff onto the system like adding a line into a Windows .ini file like win.ini, etc.,, or writing stuff into the registry.
#11 OFFLINE
-
- Members
-
- 2,101 posts
POSIMO
Posted 28 April 2008 - 02:05 AM
login123, on Apr 27 2008, 09:37 PM, said:
IceSword is pretty good, but detects many processes that are harmless. Info and a download link:
http://www.castlecops.com/t165203-IceSword...llustrated.html
SpyBot S&D is getting into rootkit finding; they describe their present app as "a work in progress". Info and a download link:
http://forums.spybot...ead.php?t=24185
Sophos has a good one. You have to register to download it:
http://www.sophos.com/products/free-tools/...ti-rootkit.html
Sysinternals has a good one: RootKit Revealer. Info and a download link:
http://technet.microsoft.com/en-us/sysinte...s/bb897445.aspx
None of the above require installation, all are free. I just use them to find out whats going on in my computer...never have found anything ugly, thank goodness. Would have to get expert help if an actual rootkit showed up. You have to be careful, a lot of processes that look scary are really legitimate.
Also I think you do have to install the Avira RKD, but no reboot is required.
http://www.castlecops.com/t165203-IceSword...llustrated.html
SpyBot S&D is getting into rootkit finding; they describe their present app as "a work in progress". Info and a download link:
http://forums.spybot...ead.php?t=24185
Sophos has a good one. You have to register to download it:
http://www.sophos.com/products/free-tools/...ti-rootkit.html
Sysinternals has a good one: RootKit Revealer. Info and a download link:
http://technet.microsoft.com/en-us/sysinte...s/bb897445.aspx
None of the above require installation, all are free.
I just use them to find out whats going on in my computer...never have found anything ugly, thank goodness. Would have to get expert help if an actual rootkit showed up. You have to be careful, a lot of processes that look scary are really legitimate. Also I think you do have to install the Avira RKD, but no reboot is required.
Some of those ones you mentioned are for advanced users. You need to know what you are doing with them. Panda and Blacklight are very easy to use.
#12 OFFLINE
-
- Members
-
- 1,778 posts
blanko
- Gender:Not Telling
Posted 28 April 2008 - 03:03 AM
Andavari, on Apr 27 2008, 08:54 PM, said:
It does have to be installed.
Some of those others that claim they can just be ran without installing are actually adding stuff onto the system like adding a line into a Windows .ini file like win.ini, etc.,, or writing stuff into the registry.
Some of those others that claim they can just be ran without installing are actually adding stuff onto the system like adding a line into a Windows .ini file like win.ini, etc.,, or writing stuff into the registry.
You are quite right, Andavari. But none of those I listed change the registry very much as far as I can tell, nor compromise performance after they are run. Sophos does add a stubborn key: HKLM\...\LEGACY_MEMSWEEP2, but no harm done as I can tell.
Anthony_A is right too. You gotta know what you're doing. Expert help is called for if you think you have found a rootkit. If it was easy everybody would be doin' it.
The SLIM version is always released a bit after any new version; when it is it will be HERE :-)
#14 OFFLINE
-
- Members
-
- 95 posts
Advanced Member
Posted 01 May 2008 - 03:44 PM
A couple more tools here http://wiki.castlecops.com/Lists_of_freewa...al_AV_companies
Bitdefender, Mcafee, Sophos , AVAST, Spybot all also provide standalone antirootkits ...
Bitdefender, Mcafee, Sophos , AVAST, Spybot all also provide standalone antirootkits ...
#15 OFFLINE
-
- Moderators
-
- 9,460 posts
try to stay calm
- Gender:Female
- Location:Huddersfield uk
Posted 01 May 2008 - 03:54 PM
Looks like DiamondsCS may be back up and running.
A new beta from them is Deep System Explorer for finding new and future rootkits
Info here
http://www.diamondcs.../detections.php
Some of you may recognise some of their windows freeware
http://www.diamondcs...eeutilities.php
A new beta from them is Deep System Explorer for finding new and future rootkits
Info here
http://www.diamondcs.../detections.php
Some of you may recognise some of their windows freeware
http://www.diamondcs...eeutilities.php
CCLEANER, RECUVA, DEFRAGGLER AND SPECCY DOCUMENTATION CAN BE FOUND HERE
http://www.piriform.com/docs
http://www.piriform.com/docs
