Not all hidden components detected by ARKs are malicious
. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. SSDT (System Service Descriptor Table) is a table that stores addresses of functions that are used by Windows. Whenever a function is called, Windows looks in this table to find the address for it. Both Legitimate programs and rootkits can hook into and alter this table. You should not be alarmed if you see any hidden entries created by these software programs after performing a scan.
GMER is a stand-alone tool that will help investigate for the presence of rootkits. It will not actually tell you if you are infected or not unless you know what you're looking for. If you're unsure how to use GMER or read its logs, then use another tool instead. Some ARK tools are intended for advanced users
or to be used under the guidance of an expert
as they are powerful and can be misused
with disastrous results
. There are many free ARK tools but some require a certain level of expertise and investigative ability to use. These are a few of the easier ARKS for novice users:
Edited by quietman7, 18 March 2009 - 08:33 PM.