How important are these programs? I currently don't have any installed but looking at two right now. AVG Anti-Rootkit and Panda Anti-Rootkit. Anybody use these two and are these types of programs something we should all have like an AV or AS program? I don't see any mention of them on here.

I just few days ago installed that AVG Anti-Rootkit program. There's also i.e. F-Secure Blacklight and RootkitRevealer.

I think it's good to scan for rootkits once a while, just to be sure.

I have the AVG one, seems alright. Also have Blacklight available, and Rootkit revealer.
Some of the results do need a bit of knowledge to action correctly, not everything flagged is necessarily a rootkit. Help files definitely worth reading.

I installed and tried the AVG Anti-Rootkit. Didn't find anything which is a good thing. Not much to it. I will keep this one just to be sure.

Also tried the Panda Anti-Rootkit. This was recommended on the 46 Best Ever Free Ware List as the guys first choice for Anti-Rootkit programs. This one requires no install. Unzip and run. Also found nothing.

AVG Anti-Rootkit installs two driver (.sys) files to system32/drivers folder and they are loaded to memory every time when Windows is booted. I don't like it very much. I scanned once with AVG AR and then stopped them from loading with AutoRuns.

AntiVir PE Classic also has a root-kit scanner. For people using it they have anti-virus and anti-rootkit all in one app, I'd use it too if it weren't for the update problems I keep having with AntiVir.

Could you elaborate on this procedure of stopping them from loading? Thanks.

Just download AutoRuns. Launch Autoruns.exe and go to "Drivers" tab. Uncheck "AVG Anti-Rootkit driver" and "AVG7 Clean Driver". Then just close AutoRuns program. Of course you can't use AVG Anti-Rootkit after that. When you want use it again, just check those drivers and reboot Windows.

The Panda Anti-Rootkit seems decent. It's really simple to use has a clean GUI and no install. Even has a option to run the scan on start up. You check the option and reboot. The scan starts at start up. It's a more thorough scan the regular one. Here is the help file with some screen shots in it. Only takes 5 min to go through.

http://www.pandasoftware.com/download/docu...c_en.htm#20.htm

Panda Antirootkit crashes on me, when it's scanning registry. I get error "memory could not be written". ?? I got XP SP2.

EDIT: Others got also problems with 1.08. http://research.pandasoftware.com/blogs/re...rsion-1.07.aspx

Andrew, cham44, Jack, Sam and the rest of you running into problems with 1.08 during the registry scan, I have uploaded version 1.07 to http://research.pandasoftware.com/blogs/im...ootkit-1.07.zip. Please try running 1.07 but still send me the details of your machine and installed applications to pbustamante'at'pandasoftware.com.

That 1.07 works fine.

Wher did you get 1.08? The download from the Panda site is 1.07. This is the download I used.
http://www.pandasoftware.com/products/antirootkit/

You're still having them? I haven't had any update trouble nor have I heard complaints in a while now.

Just tried the "in depth scan" that requires a restart and it scanned with no problems.

Yes I'm still having update issues. I recently got sick of Avast again and decided to switch back to either AntiVir or AVG. I would've preferred AntiVir but it just sits there and doesn't want to update, therefore I had to go with AVG.

Edit:
Supposedly my network settings are "borked" according to several software titles, however upon checking them and even reinstalling my ISP software that enables my DSL modem I find nothing out of the ordinary.

From this link: http://research.pandasoftware.com/blogs/im...AntiRootkit.zip

Site: http://research.pandasoftware.com/blogs/re...t-Released.aspx





Why? What it was about Avast, that you got sick of?

Well spent several hours researching and trying out several of these Anti-Rootkit programs. I like the Panda one the best so far and I have tried Blacklight, Sophos, AVG, and Panda. Panda is getting good reviews. It's tiny and no install required. I had no issues with it like CeeCee did but I ran 1.07 not 1.08. It has a scan on start up option to check for things that might not get detected in a normal scan. Very simple clean GUI and easy to use. From the reviews I have read Panda is much more thorough compared to some of the others. It scans the registry AVG and Blacklight do not. AVG didn't get good reviews. Blacklight is only free until October.
Here is a review of Panda http://www.pcmag.com/article2/0,1895,2119254,00.asp

You are hellofatester.

All I could really test is how smooth they ran and how easy to use and install they were. I had to rely on reviews about how well they cleaned since I don't have anything to clean

Hey Cee Cee are you sure the AVG7 Clean Driver is for the Anti-Rootkit and not the Anti Virus or Anti Spyware? I have that driver in two machines that never had AVG Anti rootkit installed.

I don't got AVG Antivirus -or Spyware. Those two files came for me with that AVG Anti-rootkit. Of course i cannot say, if those other AVG programs uses that same file also...

I have it too and only have AVG antivirus so its not just for AVG rootkit. Not easy to find info on it on Google though.

I actually have two drivers by that name and this machine has never had the Rootkit program installed

File name in AVG Anti-Rootkit for AVG7 Clean Driver is AvgArCln.sys. Pay a tension to file name.

Service entry name (or something like that) for Anti-Rootkit is AvgArCln. AvgAsCln must be for Antispyware and AvgClean for Antivirus. It's a different file for each app, only description is the same.

Icesword ver 1.22 in english is out.

http://www.antirootkit.com/software/IceSword.htm

I was not at all familiar with "IceSword, but after reading this post, I tried to find out a little more about it. It sounded quite interesting, so I downloaded and installed it. However, I'm not really sure how it works or what to do with it. I assume it's an active monitoring and detection program, but I can't really figure out how to actually use it. Does it launch automatically at startup -- or do you run selected processes as desired, or ????

If anyone knows how to use IceSword, I would welcome your input.

Some of those antirootkit apps are very technical and you have to be careful what you remove with them. I have chosen to go with the Panda and Blacklight programs. Not many options with these just run the exe. press the scan button. No install needed. If something gets detected I will Google it or go to some of the forums who have the experts to help me. I will use these like I use Highjackthis. Run it get the results and post the log for an expert to examine.

Hi, Tom AZ. Very good advice just above here from Anthony A. Rootkits are tough. If you suspect you have one, get expert help. Icesword looks at most places you might find a rootkit, and gives you a list of all the things going on there. For example, thread creations, system services, message hooks, and several others. There are sometimes false positives, so be careful.

Icesword won't do anything when you click on it except list what's going on. That is what I use it for, and if there is anything suspicious I start looking for expert help. So far nothing found yet. It is an interesting app, and harmless just to run. No installation required.

I'm considering downloading the AVG Anti-Rootkit program, and I was curious if the drivers loaded at startup, and also, if it could be incorporated into my already existing AVG Anti-Spyware Program.
Here is the email I received from AVG support:

"According to your description, we would like to inform you that AVG Anti-Rootkit Free is a standalone rootkit removal tool and cannot be incorporated in any other program. Anyway, it is not necessary to load it on startup. It should be used very rare, only in situations that you notice something strange in the computer's behavior, but other security software did not detect anything. Additionally, it can be used when you have some malicious code, which reproduces itself every time when you detect and remove it. Please, be informed, that AVG Anti-Rootkit Free has no drivers left loaded in the system after exiting the program. This tool is used by starting, scanning and closing it, with no on-access scanning functions or any real time protection. Please, do not hesitate to contact us about any further questions you may have."
-------------

Sounds pretty good. I think I'll download this one.

None of the reviews I have read about it were very good. I went with Panda and Black Light. Both of these do not even require an install. Just run the exe. They had good reviews and are very simple to use.

I have scanned with 4 Antirootkit programs and non of them found anything.

I have used Panda, AVG, BlackLight and RootkitRevealer.

Is BlackLight a free app or a commercial one?

Stand-alone BlackLight expiration has been extended until 1st of October 2007.

http://www.f-secure.com/blacklight/

If I didn't know any better, I'd say that you sounded 'disappointed' CeeCee! LOL

I just downloaded AVG Rootkit and it didn't find anything either. I'll put it on the back-shelf and check it from time to time. Good little program to have.

Yeah, they're all probably pretty good. I like AVG so I went with them. I also have a paid Anti-Spyware account with them, so, it was easy for me to get a question answered quickly from support. That question & reply I posted earlier was answered within the hour. They're real good about that.

Their forum will answer questions about any AVG product for free and they are quick. No need to be a paying customer to get help with AVG.

Oh rats, and I thought I was special with the personal email and all.

Did you use this forum or something else? http://forum.grisoft.cz/freeforum/

You sign up to this forum when you install AVG AV. It's an option in the install process. I'm not sure if there is another way?

No, I didn't sign up for the AVG forum. It works like this, On my AVG Anti-Spyware program, there's a 'Request Technical Support' link, so when you click on it, it takes you to a private 'Ask Technical Team Question' page, and from their you have to enter your full name and personal registration number/key of the product you purchased so they can recognize who you are. Then you write your message and send it, then they send you the answer to your registered email address.

Take a look at the following list of free anti-rootkits

It's divided into Anti-rookits by Antivirus Companies , Relatively well known antirootkits and Others

It's somewhat dangerous to use anti-rootkits from unknown sources, hence the categories above will help you decide. Rootkits from AV companies should not be malicious, and well known anti-rootkits are probably not malicious as well given the amount of scrunity they have being subjected to.

That said even if the anti-rootkit is not malicious on purpose it is still possible to damage your computer because of either user error, or incompatiabilities. Users running Kaspersky based engines should be particularly careful.