RootRepeal is a rootkit scanner that scans for kernel-mode drivers, whether they are hidden, or if the driver file is hidden on disk. It also has the ability to look for hidden files, hidden process, SSDT hooks, hidden services, and stealth objects.
RootkitRevealer is a rootkit scanner from Microsoft Sysinternals. This program will search for user-mode or kernel-mode rootkits and list any API discrepancies that are found.
TCPView is a handy little program that allows you to see the network activity on your computer. When run, you will be able to see what remote devices or computers that your individual programs are communicating with as well as what programs are waiting for connections.
FixExec is a program that is designed to fix executable file associations for the .bat, .exe, and .com file extensions. If the program detects any of these associations are missing, changed, or hijacked, the settings will be set back to the original Windows defaults. When file associations for batch, executable, or COM files are changed it could cause your executables to no longer start. If you are looking for FixNCR.reg, this file replaces FixNCR with greater functionality.
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.
DDS is a program that will scan your computer and create logs that can be used to display various startup, configuration, and file information from your computer. This program is used in our security forum to provide a detailed overview of what programs are automatically starting when you start Windows. The program will also display information about the computer that will allow us to quickly ascertain whether or not malware may be running on your computer.
Unhide is a program that reverts back the changes made to your files and Windows Registry by the rogue.FakeHDD family of rogue anti-spyware program. This family of malware pretends to be a hard disk repair and system optimization program for Windows. In reality, though, these programs are computer infections that deliberately hide your files and change certain settings in the Windows Registry to make it appear that you have lost data on your hard drive. It will then prompt you to purchase the program to restore the data.
If you have a CD or DVD emulation software installed, it may make it harder to get accurate scan results when you scan your computer with a anti-rootkit scanner. Due to this it is wise to first disable these emulation programs before scanning your computer so that the scan results are more accurate.