Recommend a rootkit detector

[smlunatick]

I am experiencing an upload access speed issue on my 7 Meg DSL
service. I have checked the 2 Windows XP Pro SP3 (up to date) PCs and
know that neither have any viruses or malwares that I can see.
However, I have known for sometime that rootkits can / may not be
detected by several "retail" grade anti-virus / anti-malware tools.

Which tool can anyone recommend to see if a rootkit is running?

 

[Ron Badour]

I don't think that any one program will catch everything but I have detected
rootkits with this program:

Anti-Malware 1.33, which is a great, free program, can be downloaded from
here:

http://www.download.com/Malwarebyte...l-10804572&subj=dl&tag=button&cdlPid=10997763


--
Regards

Ron Badour
MS MVP
Windows Desktop Experience

 

[SC Tom]

I am experiencing an upload access speed issue on my 7 Meg DSL
service. I have checked the 2 Windows XP Pro SP3 (up to date) PCs and
know that neither have any viruses or malwares that I can see.
However, I have known for sometime that rootkits can / may not be
detected by several "retail" grade anti-virus / anti-malware tools.

Which tool can anyone recommend to see if a rootkit is running?

Go here http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

SC Tom

 

[FredW]

Anti-Malware 1.33, which is a great, free program, can be downloaded from
here:

http://www.download.com/Malwarebyte...l-10804572&subj=dl&tag=button&cdlPid=10997763

Malwarebytes' Anti-Malware 1.34 (since February 11th, 2009) Free
http://www.malwarebytes.org/
http://www.malwarebytes.org/mbam.php
(use the blue download button)

 

[Kayman]

I am experiencing an upload access speed issue on my 7 Meg DSL
service. I have checked the 2 Windows XP Pro SP3 (up to date) PCs and
know that neither have any viruses or malwares that I can see.
However, I have known for sometime that rootkits can / may not be
detected by several "retail" grade anti-virus / anti-malware tools.

Which tool can anyone recommend to see if a rootkit is running?

Rootkit Removal applications.
The effectiveness of an individual Rootkit removal application are
wide-ranging and it is recommended utilizing a collection of
detection/removal tools; You are encouraged to try all of them (join
relevant fora for additional support i.e. interpretation of scan results):

Anti Rootkit - Panda
http://research.pandasecurity.com/blogs/images/AntiRootkit.zip
http://www.rootkit.com/boardm.php

Avira AntiRootkit Tool
http://www.free-av.com/en/tools/4/avira_antirootkit_tool.html
http://www.free-av.com/en/products/index.html
Avira Support Forum
http://forum.avira.com/wbb/index.php?langid=1

http://www.antirootkit.com/software/index.htm

ComboFix - A guide and tutorial on using
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
http://www.thespykiller.co.uk/index.php?board=3.0
(ComboFix should not be used without guided assistance.)

DarkSpy
http://www.antirootkit.com/software/DarkSpy.htm
http://www.antirootkit.com/forums/viewforum.php?f=18

F-Secure BlackLight (Download Trial)
http://www.f-secure.com/blacklight/
http://www.antirootkit.com/forums/viewforum.php?f=13

GMER - is an application that detects and removes rootkits.
http://www.gmer.net/index.php
http://antirootkit.com/forums/index.php?sid=9e746bb696ac0bb38781ffe4361c3a17

IceSword
http://www.antirootkit.com/software/IceSword.htm
http://www.antirootkit.com/forums/index.php

RAIDE
http://www.rootkit.com/project.php?id=33
download:
http://www.rootkit.com/vault/petersilberman/RAIDE_BETA_1.zip
http://www.rootkit.com/boardm.php

Rootkit Detective - McAfee
http://download.nai.com/products/mcafee-avert/McafeeRootkitDetective.zip
http://forums.mcafeehelp.com/

Rootkit Revealer
http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx
http://forum.sysinternals.com/forum_topics.asp?FID=15

RootKit Hook Analyzer
http://www.softpedia.com/get/Security/Security-Related/RootKit-Hook-Analyzer.shtml
http://www.antirootkit.com/forums/viewforum.php?f=17

RootKit Hook Analyzer
http://www.resplendence.com/hookanalyzer
http://www.antirootkit.com/forums/viewforum.php?f=17

RootAlyzer
http://forums.spybot.info/showthread.php?t=24185
http://www.spybotupdates.com/files/rootalyz.zip

Sophos Anti-Rootkit - Free tool for rootkit detection and removal
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
Direct link:
http://www.sophos.com/support/cleaners/sarsfx.exe
http://www.techsupportforum.com/net...irewalls/113585-free-sophos-anti-rootkit.html

System Virginity Verifier
http://www.softpedia.com/get/System/System-Info/System-Virginity-Verifier.shtml
http://www.antirootkit.com/forums/viewforum.php?f=25

System Virginity Verifier
http://www.antirootkit.com/software/System-Virginity-Verifier.htm
http://www.antirootkit.com/forums/viewforum.php?f=25

VICE
http://www.rootkit.com/project.php?id=20
download:
http://www.rootkit.com/vault/fuzen_op/vice.zip
http://www.rootkit.com/boardm.php

"Make sure you always read the current user instructions for your scanning
tools to see what special steps you need to take before, during and after
the clean-up process. Then, after you've found and cleaned a rootkit,
rescan the system once you reboot to double-check that it was fully cleaned
and the malware hasn't returned."

Avoiding Rootkit Infection.
"The rules to avoid rootkit infection are for the most part the same as
avoiding any malware infection however there are some special
considerations:
Because rootkits meddle with the operating system itself they *require*
full Administrator rights to install. Hence infection can be avoided by
running Windows from an account with *lesser* privileges" (LUA in XP and
UAC in Vista).

AntiHook
http://www.infoprocess.com.au/AntiHook.php

DiamondCS ProcessGuard
http://www.diamondcs.com.au/processguard/
http://www.diamondcs.com.au/processguard/download.php

Educational viewing:
Mark Russinovich - Advanced Malware Cleaning
http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359

Educational reading:
Hidden Backdoors,Trojan Horses and Rootkit Tools in a Windows Environment
http://www.windowsecurity.com/artic...d_Rootkit_Tools_in_a_Windows_Environment.html

Rootkits: What you should know
http://resources.zdnet.co.uk/articles/0,1000001991,39523773,00.htm

Rootkits For Dummies
http://books.google.com/books?id=MTcep7V6heUC&printsec=frontcover

 

[1PW]

I am experiencing an upload access speed issue on my 7 Meg DSL
service. I have checked the 2 Windows XP Pro SP3 (up to date) PCs and
know that neither have any viruses or malwares that I can see.
However, I have known for sometime that rootkits can / may not be
detected by several "retail" grade anti-virus / anti-malware tools.

Which tool can anyone recommend to see if a rootkit is running?

When speaking *strictly* about rootkit detection, forget all others
except GMER:

<http://www.gmer.net/index.php>

However, you should also be running at least an antivirus application
with a known good reputation. Same for antimalware.

Pete