Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Best Rootkit scanner/remover ever?


  • Please log in to reply
1 reply to this topic

#1 samak

samak

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 14 January 2010 - 04:32 PM

What is the best rootkit scanner (and preferably one that can remove/fix the problem) ever? I am not looking for free software only. I do not care how much it costs.

I found this list here: http://www.techsupportalert.com/best-free-...Selection_Guide

But they are all free and they do not have the best reviews. (examples: Panda, GMER, etc).

So again, what is the VERY BEST rootkit scanner ever made?

Thanks!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 31,748 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:13 AM

Posted 14 January 2010 - 05:00 PM

List of Rootkit Detection Tools:If you're unsure how to use a particular Anti-rootkit (ARK) tool, then you should not be using it. Some ARK tools are intended for advanced users or to be used under the guidance of an expert who can interpret the log results. Arks are powerful tools and using them incorrectly could lead to disastrous problems with your operating system. Most of the more effective ARK tools should only be utilized by advanced users as they generate logs which must be interpreted and investigated before taking any removal action. There are many free ARK tools but some of them require a certain level of expertise and investigative ability to use.

Why? Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. SSDT (System Service Descriptor Table) is a table that stores addresses of functions that are used by Windows. Whenever a function is called, Windows looks in this table to find the address for it. Both Legitimate programs and rootkits can hook into and alter this table. You should not be alarmed if you see any hidden entries created by legitimate programs after performing a scan.

Some files are locked by the operating system or running programs during use for protection, so scanners cannot access them. When the scanner finds such a file, it makes a note and then just skips to the next one. API Kernel hooks are not always bad since some system monitoring software and security tools use them as well. If no hooks are active on a system it means that all system services are handled by ntoskrnl.exe which is a base component of Windows operating systems and the process used in the boot-up cycle of a computer.

These are a few of the easier ARKS for novice users:

Edited by quietman7, 14 January 2010 - 05:28 PM.

Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users