Jump to content

Anti-Rootkit programs

Anthony A

By Anthony A
in Windows Security

 Share

Recommended Posts

Anthony A

Anthony A

Posted
Posted

How important are these programs? I currently don't have any installed but looking at two right now. AVG Anti-Rootkit and Panda Anti-Rootkit. Anybody use these two and are these types of programs something we should all have like an AV or AS program? I don't see any mention of them on here.

Link to comment
Share on other sites
Tarq57

Tarq57

Posted
Posted

I have the AVG one, seems alright. Also have Blacklight available, and Rootkit revealer.

Some of the results do need a bit of knowledge to action correctly, not everything flagged is necessarily a rootkit. Help files definitely worth reading.

Link to comment
Share on other sites
Anthony A

Anthony A

Posted
  • Author
Posted
I just few days ago installed that AVG Anti-Rootkit program. There's also i.e. F-Secure Blacklight and RootkitRevealer.

 

I think it's good to scan for rootkits once a while, just to be sure.

I installed and tried the AVG Anti-Rootkit. Didn't find anything which is a good thing. Not much to it. I will keep this one just to be sure.

 

Also tried the Panda Anti-Rootkit. This was recommended on the 46 Best Ever Free Ware List as the guys first choice for Anti-Rootkit programs. This one requires no install. Unzip and run. Also found nothing.

Link to comment
Share on other sites
CeeCee

CeeCee

Posted
Posted

AVG Anti-Rootkit installs two driver (.sys) files to system32/drivers folder and they are loaded to memory every time when Windows is booted. I don't like it very much. I scanned once with AVG AR and then stopped them from loading with AutoRuns.

Path Copy TeraCopy Unlocker
Link to comment
Share on other sites
CeeCee

CeeCee

Posted
Posted
Could you elaborate on this procedure of stopping them from loading? Thanks.

 

Just download AutoRuns. Launch Autoruns.exe and go to "Drivers" tab. Uncheck "AVG Anti-Rootkit driver" and "AVG7 Clean Driver". Then just close AutoRuns program. Of course you can't use AVG Anti-Rootkit after that. When you want use it again, just check those drivers and reboot Windows.

Path Copy TeraCopy Unlocker
Link to comment
Share on other sites
Anthony A

Anthony A

Posted
  • Author
Posted

The Panda Anti-Rootkit seems decent. It's really simple to use has a clean GUI and no install. Even has a option to run the scan on start up. You check the option and reboot. The scan starts at start up. It's a more thorough scan the regular one. Here is the help file with some screen shots in it. Only takes 5 min to go through.

 

http://www.pandasoftware.com/download/docu...c_en.htm#20.htm

Link to comment
Share on other sites
CeeCee

CeeCee

Posted
Posted

Panda Antirootkit crashes on me, when it's scanning registry. I get error "memory could not be written". ?? I got XP SP2.

 

EDIT: Others got also problems with 1.08. http://research.pandasoftware.com/blogs/re...rsion-1.07.aspx

 

Andrew, cham44, Jack, Sam and the rest of you running into problems with 1.08 during the registry scan, I have uploaded version 1.07 to http://research.pandasoftware.com/blogs/im...ootkit-1.07.zip. Please try running 1.07 but still send me the details of your machine and installed applications to pbustamante'at'pandasoftware.com.

 

That 1.07 works fine.

Path Copy TeraCopy Unlocker
Link to comment
Share on other sites
Anthony A

Anthony A

Posted
  • Author
Posted
Panda Antirootkit crashes on me, when it's scanning registry. I get error "memory could not be written". ?? I got XP SP2.

 

EDIT: Others got also problems with 1.08. http://research.pandasoftware.com/blogs/re...rsion-1.07.aspx

 

Andrew, cham44, Jack, Sam and the rest of you running into problems with 1.08 during the registry scan, I have uploaded version 1.07 to http://research.pandasoftware.com/blogs/im...ootkit-1.07.zip. Please try running 1.07 but still send me the details of your machine and installed applications to pbustamante'at'pandasoftware.com.

 

That 1.07 works fine.

 

Wher did you get 1.08? The download from the Panda site is 1.07. This is the download I used.

http://www.pandasoftware.com/products/antirootkit/

Link to comment
Share on other sites
mfenech

mfenech

Posted
Posted
AntiVir PE Classic also has a root-kit scanner. For people using it they have anti-virus and anti-rootkit all in one app, I'd use it too if it weren't for the update problems I keep having with AntiVir.

You're still having them? I haven't had any update trouble nor have I heard complaints in a while now.

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted
You're still having them? I haven't had any update trouble nor have I heard complaints in a while now.

Yes I'm still having update issues. I recently got sick of Avast again and decided to switch back to either AntiVir or AVG. I would've preferred AntiVir but it just sits there and doesn't want to update, therefore I had to go with AVG.

 

Edit:

Supposedly my network settings are "borked" according to several software titles, however upon checking them and even reinstalling my ISP software that enables my DSL modem I find nothing out of the ordinary.

Link to comment
Share on other sites
CeeCee

CeeCee

Posted
Posted
Wher did you get 1.08?

 

From this link: http://research.pandasoftware.com/blogs/im...AntiRootkit.zip

 

Site: http://research.pandasoftware.com/blogs/re...t-Released.aspx

 

 

 

I recently got sick of Avast again

 

Why? What it was about Avast, that you got sick of?

Path Copy TeraCopy Unlocker
Link to comment
Share on other sites
Anthony A

Anthony A

Posted
  • Author
Posted

Well spent several hours researching and trying out several of these Anti-Rootkit programs. I like the Panda one the best so far and I have tried Blacklight, Sophos, AVG, and Panda. Panda is getting good reviews. It's tiny and no install required. I had no issues with it like CeeCee did but I ran 1.07 not 1.08. It has a scan on start up option to check for things that might not get detected in a normal scan. Very simple clean GUI and easy to use. From the reviews I have read Panda is much more thorough compared to some of the others. It scans the registry AVG and Blacklight do not. AVG didn't get good reviews. Blacklight is only free until October.

Here is a review of Panda http://www.pcmag.com/article2/0,1895,2119254,00.asp

Link to comment
Share on other sites
Anthony A

Anthony A

Posted
  • Author
Posted
Just download AutoRuns. Launch Autoruns.exe and go to "Drivers" tab. Uncheck "AVG Anti-Rootkit driver" and "AVG7 Clean Driver". Then just close AutoRuns program. Of course you can't use AVG Anti-Rootkit after that. When you want use it again, just check those drivers and reboot Windows.

 

Hey Cee Cee are you sure the AVG7 Clean Driver is for the Anti-Rootkit and not the Anti Virus or Anti Spyware? I have that driver in two machines that never had AVG Anti rootkit installed.

Link to comment
Share on other sites
CeeCee

CeeCee

Posted
Posted
Hey Cee Cee are you sure the AVG7 Clean Driver is for the Anti-Rootkit and not the Anti Virus or Anti Spyware?

 

I don't got AVG Antivirus -or Spyware. Those two files came for me with that AVG Anti-rootkit. Of course i cannot say, if those other AVG programs uses that same file also...

Path Copy TeraCopy Unlocker
Link to comment
Share on other sites
JDPower

JDPower

Posted
Posted
Hey Cee Cee are you sure the AVG7 Clean Driver is for the Anti-Rootkit and not the Anti Virus or Anti Spyware? I have that driver in two machines that never had AVG Anti rootkit installed.

I have it too and only have AVG antivirus so its not just for AVG rootkit. Not easy to find info on it on Google though.

Link to comment
Share on other sites
CeeCee

CeeCee

Posted
Posted

File name in AVG Anti-Rootkit for AVG7 Clean Driver is AvgArCln.sys. Pay a tension to file name.

 

Service entry name (or something like that) for Anti-Rootkit is AvgArCln. AvgAsCln must be for Antispyware and AvgClean for Antivirus. It's a different file for each app, only description is the same.

Path Copy TeraCopy Unlocker
Link to comment
Share on other sites
Tom AZ

Tom AZ

Posted
Posted
Icesword ver 1.22 in english is out. :)

 

http://www.antirootkit.com/software/IceSword.htm

I was not at all familiar with "IceSword, but after reading this post, I tried to find out a little more about it. It sounded quite interesting, so I downloaded and installed it. However, I'm not really sure how it works or what to do with it. I assume it's an active monitoring and detection program, but I can't really figure out how to actually use it. Does it launch automatically at startup -- or do you run selected processes as desired, or ????

 

If anyone knows how to use IceSword, I would welcome your input.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept