Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts

    Root Kit Scanner

    Anyone know of a good free rootkit scanner ?

    I want to run it on a friends PC...

    Thanks Guys...
    "If You Are Reading This In English, Thank A VET"

  2. #2
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I've never had to use one of these, but I have heard tell of several. Google shows several that I have heard of. Sophos, Avast and Kaspersky are listed among others.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  3. #3
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Hi Banyarola, as you no doubt are aware, rootkits can be extremely stealthy and many standard antivirus or antimalware packages will simply not find them. If the rootkit is revealing itself by dropping a other malware onto the system the antimalware may find and eradicate those but leave the rootkit undetected.

    I have had some success, by running Kaspersky TDSS Killer and Sophos Anti Root Kit, but most often, the rootkit is burried inside a Windows process that is launched at boot, making it difficult to be certain about the results presented.

    Another way is to run in Safe Mode without networking, which loads a restricted set of services and drivers; then run a system restore to a time before the rootkit poisoned the Windows service (returning to Safe Mode to complete the restore). That cleans up any compromised Windows service, but does not give you any indication of detections or cleaning of course.

  4. #4
    Bronze Lounger DrWho's Avatar
    Join Date
    Dec 2009
    Location
    Central Florida
    Posts
    1,501
    Thanks
    30
    Thanked 205 Times in 163 Posts
    A Google search is always BEST, when looking for something like that. It lists MANY Anti-rootkit programs.

    I have this one: (FREE)
    http://www.softpedia.com/get/Antivirus/RootAlyzer.shtml

    I also have an Anti-rootkit app in my AVG 2012 Internet Security program.

    I've also used this one (FREE)
    http://www.filehippo.com/download_rootkit_revealer/

    What indication do you have, that there might be a Rootkit problem? I would shoot at Spyware, Adware and Viruses first. Then maybe even use a Trojan removal program, like Trojan Hunter. Rootkits, would not be excluded, but further down the list of possible threats.

    A lot of malware likes to hide out in temporary folders which most people NEVER clean out for the life of the PC. I've found well over 100,000 junk files on customer's PC's.

    Cleaning out all those hiding places, gets rid of a lot of possible malware.
    Dumping old Restore Points is another way to get rid of malware that may have been saved there.

    On an XP PC that I've not worked on before, I like to run the XPCleanup.bat program that I've placed on my web page for easy download. It first counts the number of files on the C: drive, then cleans out all the normal junk folders and then does a re-count and posts the difference. That's all done in a DOS window that opens on the desktop.
    It's kind of neat to show someone just how many junk files were on their PC.
    If you do that BEFORE you do any malware scans, the scans will have fewer files to scan and the process will go much quicker.

    * A good rule to follow: Don't scan junk, Don't defrag junk and Don't Backup Junk. Remove junk!

    It will run on Vista or Win-7, but it's not as effective because many folders have been renamed or repositioned in those OS's.
    So on those OS's, you'll see a lot of "File not found" or "Folder not found" error messages. The program should still run to completion.

    I had a lot of fun writing the program (batch file) but it's even more fun running it on a badly neglected PC. It can be a real "Eye Opener". It quickly points out to the friend/customer that they need to be more active in maintaining their PC.

    Then for my XP customers, I install the XPCleanup.bat program, without the file counter, in their Startup folder, to run minimized, for a FREE cleanup every time they boot up their PC. That goes a long, long ways toward keeping a PC clean of junk files. The nice thing about a batch file is, it's technically a Text file and easily edited in notepad. You can add lines for junk folders peculiar to a specific PC, like AV Quarantine folders, Firefox cache folders, etc. On my own PC, I even added the Recycle bins.
    NO piece of junk can hide from a well written batch file.
    "If you can name it, you can claim it!" (Quote, The Doctor)

    Sorry guys, I didn't mean for this to run so long.

    The Doctor
    Last edited by DrWho; 2012-02-07 at 08:34.
    Experience is truly the best teacher.

    Backup! Backup! Backup! GHOST Rocks!

  5. The Following User Says Thank You to DrWho For This Useful Post:

    Dick-Y (2012-02-07)

  6. #5
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Just an observation Doc....

    Dumping old Restore Points is another way to get rid of malware that may have been saved there.
    While that may be true, and is a useful way to remove annoying alerts from AV scanning software, it also removes the possibility of using System Restore which offers a well proven route to recover system files that may have been poisoned by a stealthy rootkit. In my opinion, it's better only to remove System Restore files known contain malware rather than all System Restore files.

    ....but each to his own.

  7. #6
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,588
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    Even though RootkitRevealer does NOT run on Vista or Windows 7 I urge you to read the article associated with it. The points about rootkits are still valid especially the "Interpreting the output" section. Removing rootkits is tricky business.

    Joe

  8. #7
    WS Lounge VIP Browni's Avatar
    Join Date
    Dec 2009
    Location
    Rochdale, UK
    Posts
    1,653
    Thanks
    38
    Thanked 161 Times in 139 Posts
    Quote Originally Posted by DrWho View Post
    A Google search is always BEST, when looking for something like that. It lists MANY Anti-rootkit programs.
    Are you really sure about that?

    I would always come to a site such as this for recommendations rather than trying potluck in Google search results!

  9. #8
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    Well guys, all the suggestions are helpful and informative...

    I am going to work on her computer remotely and she has various problems so I just want run various scans and try to cover as many things as I can to search out any things that may be giving her problems..

    There may or may not be any infections or it just may be some of her Vista settings are not right...
    "If You Are Reading This In English, Thank A VET"

  10. #9
    Silver Lounger
    Join Date
    Apr 2010
    Location
    Montréal
    Posts
    1,796
    Thanks
    33
    Thanked 52 Times in 51 Posts
    Doc, hello.
    You wrote : * A good rule to follow: Don't scan junk, Don't defrag junk and Don't Backup Junk. Remove junk!
    A better rule is to lock your MBR, this is done in BIOS, you knew this. Then, never a rootkit. JP.

  11. #10
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Cleaning out 'junk' before scanning is not a good idea where recent malware is concerned - some of the 'junk' might be your own files, moved by the very malware you're scanning for.

    Better to diagnose first.

  12. #11
    Bronze Lounger
    Join Date
    Jan 2010
    Location
    Birkirkara, Malta
    Posts
    1,467
    Thanks
    205
    Thanked 15 Times in 14 Posts
    handcuff36,

    How do I lock the MBR?

    Please advise.

    Thanks and regards,
    Roy

  13. #12
    Bronze Lounger DrWho's Avatar
    Join Date
    Dec 2009
    Location
    Central Florida
    Posts
    1,501
    Thanks
    30
    Thanked 205 Times in 163 Posts
    The BIOS was mentioned, but all BIOS are not created equal. In fact, some, on Brand Name PC's are pretty lame.
    If someone has a bios that allows locking the Master Boot Record, all well and good, but most don't.

    And many Rootkit revealers are just that. They may Reveal where a Rootkit lives, but it won't remove it.
    I find that somewhat disconcerting. Eh?

    Experience is truly the best teacher.

    Backup! Backup! Backup! GHOST Rocks!

  14. #13
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    Well DrWhy, I'll have to check out my BIOS.
    I built my own PC with a ASUS mb and have been in the BIOS many times but don't ever remember seeing that feature...
    But, then again, I wasn't looking for it.
    "If You Are Reading This In English, Thank A VET"

  15. #14
    Bronze Lounger DrWho's Avatar
    Join Date
    Dec 2009
    Location
    Central Florida
    Posts
    1,501
    Thanks
    30
    Thanked 205 Times in 163 Posts
    I was repairing an older PC today, that was experiencing all sorts of really weird problems.

    Somewhere along the line, Malware Bytes ran a scan and found and then removed two Rootkits.
    I'm not sure I'd ever seen MB do that before. It took two more hours to get all the CRAP off of
    that old PC to get it running right again.

    So I guess you can add "Malware Bytes" to the rootkit "KILLER" list.

    Cheers Mates!
    The Doctor :coo:
    Experience is truly the best teacher.

    Backup! Backup! Backup! GHOST Rocks!

  16. #15
    Silver Lounger
    Join Date
    Apr 2010
    Location
    Montréal
    Posts
    1,796
    Thanks
    33
    Thanked 52 Times in 51 Posts
    Hello.
    For those wishing to find out how to lock the MBR, here it goes. In my Phoenix Award BIOS page that I found after hitting Del on booting, I go to the left pane of the offered options, third line from the top says : "Advanced BIOS Features". It then presents me with a third line saying "Virus Warning", I toggled it to Enabled, F10 out of it and then Save and boot. Kid's play.
    I have not seen this option on any laptop, has anybody ? Be good, eh !

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •