Rootkit Revealer

[Zareba]

I searched but could not find an answer here so I am asking.

Can Rootkit Revealer from Sysinternals be used successfully on Vista SP1?

The day after I joined Facebook last week, my address book was used to send spam in my name to everyone on my contact list. I have scanned with Windows Defender, Avast, Malware Bites, Super Antispyware, Hijack This, and Stinger. Everything says I am clean. I have also removed myself from Facebook as I suspect that the problem originated with something I did or something they did.

The only thing I have not done is searched for a rootkit.

Any help or advice would be appreciated.

....Z (learned to avoid social networks)

 

[Mick Murphy]

http://forum.sysinternals.com/forum_topics.asp?FID=15

Ask in their forums, for everything you want to know about their product..

 

[Zareba]

Thanks, I will ask in their forum. I suspect the answer is no, because I did run it unsuccessfully and was simply hoping there had been an update or a tweak that would work.

But I also would like to know if there is any other free rootkit revealer or remover that will run on Vista.

Thanks again

 

[Kayman]

Thanks, I will ask in their forum. I suspect the answer is no, because I did run it unsuccessfully and was simply hoping there had been an update or a tweak that would work.
But I also would like to know if there is any other free rootkit revealer or remover that will run on Vista.

Anti Rootkit - Panda
http://research.pandasecurity.com/blogs/images/AntiRootkit.zip
http://www.rootkit.com/boardm.php

Avira AntiRootkit Tool
http://www.free-av.com/en/tools/4/avira_antirootkit_tool.html
http://www.free-av.com/en/products/index.html
Avira Support Forum
http://forum.avira.com/wbb/index.php?langid=1

Anti-Rootkit Software - Detection, Removal & Protection
http://www.antirootkit.com/software/index.htm

*ComboFix* - A guide and tutorial on using
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
http://www.thespykiller.co.uk/index.php?board=3.0
(ComboFix should not be used without guided assistance.)

DarkSpy
http://www.antirootkit.com/software/DarkSpy.htm
http://www.antirootkit.com/forums/viewforum.php?f=18

F-Secure BlackLight (Download Trial)
http://www.f-secure.com/blacklight/
http://www.antirootkit.com/forums/viewforum.php?f=13

GMER - is an application that detects and removes rootkits.
http://www.gmer.net/index.php
http://antirootkit.com/forums/index.php?sid=9e746bb696ac0bb38781ffe4361c3a17

IceSword
http://www.antirootkit.com/software/IceSword.htm
http://www.antirootkit.com/forums/index.php

RAIDE
http://www.rootkit.com/project.php?id=33
download:
http://www.rootkit.com/vault/petersilberman/RAIDE_BETA_1.zip
http://www.rootkit.com/boardm.php

Rootkit Detective - McAfee
http://download.nai.com/products/mcafee-avert/McafeeRootkitDetective.zip
http://forums.mcafeehelp.com/

Rootkit Revealer
http://www.microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.mspx
http://forum.sysinternals.com/forum_topics.asp?FID=15

RootKit Hook Analyzer
http://www.softpedia.com/get/Security/Security-Related/RootKit-Hook-Analyzer.shtml
http://www.antirootkit.com/forums/viewforum.php?f=17

RootKit Hook Analyzer
http://www.resplendence.com/hookanalyzer
http://www.antirootkit.com/forums/viewforum.php?f=17

RootAlyzer
http://forums.spybot.info/showthread.php?t=24185
http://www.spybotupdates.com/files/rootalyz.zip

Sophos Anti-Rootkit - Free tool for rootkit detection and removal
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
Direct link:
http://www.sophos.com/support/cleaners/sarsfx.exe
http://www.techsupportforum.com/net...irewalls/113585-free-sophos-anti-rootkit.html

System Virginity Verifier
http://www.softpedia.com/get/System/System-Info/System-Virginity-Verifier.shtml
http://www.antirootkit.com/forums/viewforum.php?f=25

System Virginity Verifier
http://www.antirootkit.com/software/System-Virginity-Verifier.htm
http://www.antirootkit.com/forums/viewforum.php?f=25

VICE
http://www.rootkit.com/project.php?id=20
download:
http://www.rootkit.com/vault/fuzen_op/vice.zip
http://www.rootkit.com/boardm.php

"Make sure you always read the current user instructions for your scanning
tools to see what special steps you need to take before, during and after
the clean-up process. Then, after you've found and cleaned a rootkit,
rescan the system once you reboot to double-check that it was fully cleaned
and the malware hasn't returned."

Avoiding Rootkit Infection.
"The rules to avoid rootkit infection are for the most part the same as
avoiding any malware infection however there are some special
considerations:
Because rootkits meddle with the operating system itself they *require*
full Administrator rights to install. Hence infection can be avoided by
running Windows from an account with *lesser* privileges" (LUA in XP and
UAC in Vista).

AntiHook
http://www.infoprocess.com.au/AntiHook.php

DiamondCS ProcessGuard
http://www.diamondcs.com.au/processguard/
http://www.diamondcs.com.au/processguard/download.php

Educational viewing:
Mark Russinovich - Advanced Malware Cleaning
http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359

Educational reading:
Hidden Backdoors,Trojan Horses and Rootkit Tools in a Windows Environment
http://www.windowsecurity.com/artic...d_Rootkit_Tools_in_a_Windows_Environment.html

Rootkits: What you should know
http://resources.zdnet.co.uk/articles/0,1000001991,39523773,00.htm

Rootkits For Dummies
http://books.google.com/books?id=MTcep7V6heUC&printsec=frontcover

 

[Zareba]

Thank you Kayman, this will keep me busy for a while.

How come I did not get this info when I googled?

 

[Sam Hobbs]

Maybe because you used Google. It is not the first nor the only search
engine but they obviously pay a lot of money to make people think they are.
Try the following; I quickly found most of those items; the ones I found are
listed in a single web site that is among the first few responses.

http://www.altavista.com/web/results?itag=ody&q=AntiRootkit&kgs=0&kls=1

Note that I converted this message to plain-text format from HTML format.
Newsgroups prefer plain-text and when messages are viewed in plain-text
format it is essentially impossible for viruses to be effective.

 

[Zareba]

Note that I converted this message to plain-text format from HTML format.
Newsgroups prefer plain-text and when messages are viewed in plain-text
format it is essentially impossible for viruses to be effective.
-------------------------------------------------

Sorry about that, Sam. I am used to using rich text in Annexcafe groups and
forgot to change to plain text. A little senile dementia, I suppose.

I have been going to the sites that Kayman provided, but have found only
GMER -
http://www.gmer.net/index.phphttp:/...ndex.php?sid=9e746bb696ac0bb38781ffe4361c3a17
to be useful. I was able to download and run the GMER program, which showed
me to be clean.

Generally I found that either they were not compatible with Vista or
consistently timed out or windows can not open this file or still in beta
testing and carry a disclaimer. I have not yet explored all of the listed
sites.

....Z

 

[FromTheRafters]

GMER is a good one to trust.