Jump to content

Opinions needed regarding best free anti-rootkit programs


razz

Recommended Posts

I'm in the process of developing a new version of my program.  Within my program I would like to provide 2 or 3 links to anti-rootkit programs.  I'm including TDSSKiller (by Kaspersky) so I need one or two more good choices.

 

Your recommendations will be greatly appreciated.   :)

Link to comment
Share on other sites

Goodluck with that. Even Alternativeto isn't popping up with much result (at least none that are still being updated). Most small tools like that have been bought out by big AV companies and have been merged with their programs. You could try Malwarebytes anti-rootkit, but I do not know if they are still updating the stand along program.

I am a maintainer for Winapp2. I also have a open-source group on Steam.

http://steamcommunity.com/groups/opencommunity

Link to comment
Share on other sites

  • Moderators

Most standalones are very old and not given any attention anymore which I suspect was the antivirus vendors just testing them and getting feedback before including them in their antivirus products.

 

You can enable rootkit scanning in Malwarebytes, AVG Antivirus, etc.

 

For a standalone that still receives some rare updates I use Trend Micro RootkitBuster.

 

Edit:

Note that while Trend Micro RootkitBuster is a standalone it will create and leave behind a driver even if you delete the program off a system, the driver is located at:

%windir%\system32\drivers\tmcomm.sys

Edited by Andavari
Link to comment
Share on other sites

- Even Alternativeto isn't popping up with much result (at least none that are still being updated).

 

- Most small tools like that have been bought out by big AV companies and have been merged with their programs.

 

- I know   :)  I checked!

 

- Sadly, I'm afraid you're right.  It sure would be handy sometimes to have a stand-alone tool.

Link to comment
Share on other sites

- Most of the top AV/Malware programs detect rootkits now.

 

- Standalone, up to date, anti rootkit programs are now as rare as hens teeth.

 

- You are so right.  I was just hoping to find a couple of stand-alone anti-rootkits.

 

:angry:  :(

Link to comment
Share on other sites

- You can enable rootkit scanning in Malwarebytes

 

- For a standalone that still receives some rare updates I use Trend Micro RootkitBuster.

 

Edit:

Note that while Trend Micro RootkitBuster is a standalone it will create and leave behind a driver even if you delete the program off a system, the driver is located at:

%windir%\system32\drivers\tmcomm.sys

 

- Yup! I have it enabled on mine.

 

- thanks for the info on TMRB and the tip regarding the left over driver.

Link to comment
Share on other sites

You can also enable a startup rootkit scan in Avast v. 12.3.2280 ...  runs at every startup.

 

Below is a site with a bunch of rootkit softwares. You have probably already seen it, but if not, it's a good list. 

 

Wouldn't try any of them unless I had the system virtualized.  Don't know enough about them to trust them. 

 

Can't speak well or ill of any of them, but I have tried Icesword, Rootkit Revealer, Sophos AntiRootkit, and Rootkit Unhooker. 

Didn't find anything here. Didn't do any damage here.  (Win xp)

http://www.antirootkit.com/software/

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

It sure would be handy sometimes to have a stand-alone tool.

 

People like having 1 product that does it all. Spybot use to be a small tool, but now they use the Bit Defender engine. I don't think Super Antispyware will be around much longer either. I don't think people have much need for a stand-alone anti-spyware anymore, let alone having more then 1 AV either. The only tool I can think of that's still stand alone and still being updated that isn't owned by a big time company would be Trojan Hunter, but I heard Malwarebytes has been looking into acquiring them and I even suggested them to acquire it, too.

I am a maintainer for Winapp2. I also have a open-source group on Steam.

http://steamcommunity.com/groups/opencommunity

Link to comment
Share on other sites

  • Moderators

I don't think Super Antispyware will be around much longer either. I don't think people have much need for a stand-alone anti-spyware anymore

 

SuperAntiSpyware ("SAS") really isn't an anti-spyware removal tool anymore at least not in my thoughts, it's really an outdated name they're using on it. It's more in line of being an anti-malware nowadays in my opinion, although some YouTube reviews of it don't paint it as being any good I still think it's relevant. It really should get a name change in my opinion and be called an anti-malware. It still finds and removes junk that some other scanners don't. Although I can't personally use it anymore on my XP system, something they updated in it maybe three months ago in a new version will result into a random BSOD when attempting to scan with it - just glad I never upgraded to the professional version as it would've been a waste of money being I can't use it.

 

SAS is what I put onto my mothers Win10 laptop last month after Dell tech support's rubbish attempt to disinfect it using Trojan Remover (hadn't even thought of that product in like 10 years). I scanned with Malwarebytes and Windows Defender but they didn't detect anything, I then scanned with SAS and it detected the problem and disinfected the system.

Link to comment
Share on other sites

Well it is good you found a use for it. Have you tried Adwcleaner? It is owned by Malwarebytes, but not yet merged with their anti-malware. It found a hidden malware on my system that was causing CMD pop ups all the time and Malwarebytes was missing it.

 

Anyways, I expect once Windows 7 stops receiving updates, lots of AVs will be shutting down or be bought out by another company, especially the ones using Bit Defender engine as well as MSE and Microsofts malicious software removal tool, because 8/10 have Windows Defender.

I am a maintainer for Winapp2. I also have a open-source group on Steam.

http://steamcommunity.com/groups/opencommunity

Link to comment
Share on other sites

  • Moderators

Anyways, I expect once Windows 7 stops receiving updates, lots of AVs will be shutting down or be bought out by another company, especially the ones using Bit Defender engine as well as MSE and Microsofts malicious software removal tool, because 8/10 have Windows Defender.

 

I don't necessarily think they'll disappear, sure there may be more buyouts like when Avast bought AVG, and perhaps they'll reduce their prices - they'd surely be more desirable if they were $19.95 to $24.95 per year versus what they are now.

 

While if I had a compatible system that could run MSE/Windows Defender I'd use it - if it were optimized. You may find the MSE/Windows Defender reviews on the TPSC YouTube page interesting, as in it failing.

Link to comment
Share on other sites

 

- You can also enable a startup rootkit scan in Avast v. 12.3.2280 ...  runs at every startup.

 

- Below is a site with a bunch of rootkit softwares. You have probably already seen it, but if not, it's a good list. 

 

- I knew about that in Avast, but I am looking for a stand-alone on-demand scanner.

 

- most on that list run on old windows systems - i.e. were designed a long time ago.  However, I guess some may function fine on more recent OS.

Link to comment
Share on other sites

SuperAntiSpyware ("SAS") really isn't an anti-spyware removal tool anymore at least not in my thoughts, it's really an outdated name they're using on it. It's more in line of being an anti-malware nowadays in my opinion

 

You are so right Andavari.  I have never thought of SAS as only a spyware scanner.  To be very honest, in my mind I've always substituted the "Spy" in SAS to "Mal", thus SAM in my mind.    :)

Link to comment
Share on other sites

- I knew about that in Avast, but I am looking for a stand-alone on-demand scanner.

 

- most on that list run on old windows systems - i.e. were designed a long time ago.  However, I guess some may function fine on more recent OS.

 

Quite right.  I had read your post. 

Still there are some on that list that run on newer OSs.

And as ROCKNROLL pointed out, stand-alones are becoming rare. 

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to comment
Share on other sites

- Still there are some on that list that run on newer OSs.

 

- And as ROCKNROLL pointed out, stand-alones are becoming rare. 

 

- I agree   :)

 

- You and ROCKNROLL are so right.  In the words of hazelnut: "Standalone, up to date, anti rootkit programs are now as rare as hens teeth".  IMO, this is too bad.

Link to comment
Share on other sites

  • Moderators

Two standalones that I've used in years past don't even run quite right anymore (they did at one time though) on the OSes they're supposed support, those being Panda Anti-Rootkit, and Sophos Anti-Rootkit - and one of them modifies a system .INI file, don't remember which one though. After both of those starting not working correctly years ago I switched to Trend Micro RootkitBuster which works without issue.

Link to comment
Share on other sites

years ago I switched to Trend Micro RootkitBuster which works without issue.

 

After you mentioned it in an earlier post in this thread, I added it to a list for me to check out (which I haven't done yet).  You had mentioned that it has rare updates.  Are you referring to program updates or definitions?

 

The latest OS mentioned on the relevant Trend Micro webpage is Windows 7.  Would you happen to know if it can handle Windows 10?

Link to comment
Share on other sites

  • Moderators

@razz,

 

I am yet to see any software that if it works on Win7 doesn't also work on Win10. :)

Backup now & backup often.
It's your digital life - protect it with a backup.
Three things are certain; Birth, Death and loss of data. You control the last.

Link to comment
Share on other sites

@razz,

 

I am yet to see any software that if it works on Win7 doesn't also work on Win10. :)

 

Actually, I've found the same thing mta   :)   I'm sure there is some weird program out there somewhere that doesn't.

Link to comment
Share on other sites

Actually, I've found the same thing mta   :)   I'm sure there is some weird program out there somewhere that doesn't.

 

XPY runs on win10, but doesn't work properly, but also hasn't been updated since 2014. Does that count?

I am a maintainer for Winapp2. I also have a open-source group on Steam.

http://steamcommunity.com/groups/opencommunity

Link to comment
Share on other sites

  • Moderators

no, nice try @ROCKNROLL, no Piriform golden laptop for you this time. :lol:

Backup now & backup often.
It's your digital life - protect it with a backup.
Three things are certain; Birth, Death and loss of data. You control the last.

Link to comment
Share on other sites

  • Moderators

After you mentioned it in an earlier post in this thread, I added it to a list for me to check out (which I haven't done yet).  You had mentioned that it has rare updates.  Are you referring to program updates or definitions?

 

The latest OS mentioned on the relevant Trend Micro webpage is Windows 7.  Would you happen to know if it can handle Windows 10?

 

It was last updated December 2016. There aren't really any definitions, as in it doesn't, won't, can't download any and the only update is when there's a new version released. By rare updates I'm referring to don't expect to see a new version for several months, maybe even a year or longer - that is as long as they actively support and develop it, however it's the only one from a big time antivirus vendor that still gets any sort of attention to my knowledge. The others that are several years old I wouldn't even bother with, not even on this old WinXP Pro computer I'm using.

 

The link I provided states it works up to Win7. I haven't tried it on Win10 such as on my mothers laptop and I won't since I installed Malwarebytes Anti-Malware (the old v2 without issues) on that laptop.

 

Edit:

I think it's still safe to recommend Malwarebytes, as long as people change the scan settings to scan for rootkits. I find it rather strange that the default settings don't have rootkit scanning enabled by default, since on Win10 systems it takes mere seconds to scan for them whereas on older OSes like XP it takes a bit longer to scan for them.

Link to comment
Share on other sites

- it's the only one from a big time antivirus vendor that still gets any sort of attention to my knowledge. The others that are several years old I wouldn't even bother with

 

-- I installed Malwarebytes Anti-Malware (the old v2 without issues) on that laptop.

 

    Edit:

-- I think it's still safe to recommend Malwarebytes, as long as people change the scan settings to scan for rootkits

 

- that's a very good reason to use it   :)

 

-- I found a post that claims: Malwarebytes 2.2.1 will stop being supported on June 8th of this year, after which the program won't receive any updates.

 

https://forums.malwarebytes.com/topic/195411-malwarebytes-version-2/

 

So it looks like soon we'll have to live with Malwarebytes 3 - i.e. if we wish to use Malwarebytes that is!   :unsure:

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.