Jump to content

RootkitBuster

Tom AZ

By Tom AZ
in Windows Security

 Share

Recommended Posts

Tom AZ

Tom AZ

Posted
Posted

Anyone use Trend Micro's RootkitBuster? I've had it on my computer for a while, but rarely use it. I decided to run a scan today and came up with 63 items -- a number of them in the Services category. Some of those (such as Sandboxie) sure didn't look like problems, but how do you know which ones to delete and which one to keep? I'm sure that getting a little too happy with the delete button could cause some real problems.

Link to comment
Share on other sites
login123

login123

Posted
Posted

Anyone use Trend Micro's RootkitBuster? I've had it on my computer for a while, but rarely use it. I decided to run a scan today and came up with 63 items -- a number of them in the Services category. Some of those (such as Sandboxie) sure didn't look like problems, but how do you know which ones to delete and which one to keep? I'm sure that getting a little too happy with the delete button could cause some real problems.

 

Just ran it, it found a bunch of stuff that I know to be harmless, and I don't know enough about the other stuff to know what to delete. I'm gonna leave it alone, in the absence of any other symptoms.

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites
redhawk

redhawk

Posted
Posted

Trend Micro's RootkitBuster doesn't support System Service Despatch Table checking which in my opinion is an essential requirement for rootkit detection.

I can't say I've had any false positive results with the registry scan, however I'm less than impressed with this program.

 

If you want to try other rootkit detects then I would recommend: Radix Antirootkit, Kernel Detective, Rootkit Unhooker, Rootrepeal and IceSword (run from a clean boot).

 

Richard S.

Link to comment
Share on other sites
  • 3 weeks later...
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted

It does flag some harmless stuff, if you have Microsoft's User Profile Hive Cleanup Service it will flag that and some other stuff, however once used to it and I am you can easily notice safe from harmful, albeit they really shouldn't be showing people harmless system related stuff. My main complaint about it however is the extra tall UI which is downright strange.

 

Some other rootkit scanners do the same, such as the one in Avira AntiVir free always finding 1 or 2 hidden harmless items created by Windows itself one in particular belonging to a "license" key - but at least it doesn't allow for actually removing those - more like a false positive or nuisance than anything.

 

I wonder though if using something like my current anti-malware scanners setup even needs a standalone rootkit scanner?:

* Microsoft Security Essentials

* Malwarebytes' Anti-Malware

* Emsisoft Anti-Malware

* ClamWin Portable

Link to comment
Share on other sites
  • 2 weeks later...
Super Fast

Super Fast

Posted
Posted

It does flag some harmless stuff, if you have Microsoft's User Profile Hive Cleanup Service it will flag that and some other stuff, however once used to it and I am you can easily notice safe from harmful, albeit they really shouldn't be showing people harmless system related stuff. My main complaint about it however is the extra tall UI which is downright strange.

 

Some other rootkit scanners do the same, such as the one in Avira AntiVir free always finding 1 or 2 hidden harmless items created by Windows itself one in particular belonging to a "license" key - but at least it doesn't allow for actually removing those - more like a false positive or nuisance than anything.

 

I wonder though if using something like my current anti-malware scanners setup even needs a standalone rootkit scanner?:

* Microsoft Security Essentials

* Malwarebytes' Anti-Malware

* Emsisoft Anti-Malware

* ClamWin Portable

Adavari, I would have said no years ago.

 

But current experience says yes.

You do have to be careful which rootkit buster you use, because some are overly zealous, & flag illegitimate stuff.

 

But there are rootkits that go right by Malwarebytes/Emsisoft and come up clean.

Some of the rootkits out there now are pretty sophisticated & use advanced techniques to disguise themselves.

Some even block security apps from running & have a list of known good...

 

Some also hook themselves into the login process so they can load with Safe Mode to try to further deter detection/retain control over the PC

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept