rootkit
Anti-Rootkit 1.0
Panda Anti-Rootkit, offers simple, fast and free protection against online fraud and data theft usin... more>> Panda Anti-Rootkit, offers simple, fast and free protection against online fraud and data theft using hidden malicious code. Panda Anti-Rootkit scans computers for hidden items in running processes, the Windows registry, and local hard disks. On detecting a malicious rootkit, Panda Anti-Rootkit completely eliminates it along with all of the programs it could be hiding, including files, processes, registry entries and the ADSs associated to the rootkits.<<less
Rootkit Buster 1.6
Rootkit Buster is a tool equipped with the capability of scanning for hidden files, registry entries, processes, drivers and hooked system service. more>>
Rootkit Buster 1.6 is a tool equipped with the capability of scanning for hidden files, registry entries, processes, drivers and hooked system service. It also can clean hidden files and registry entries. It is free.
Radix Anti-Rootkit 1.0.0.7
Radix Anti-Rootkit detects and removes Rootkits that are hiding on your PC concealing malicious software and activities. more>>
With Radix Anti-Rookit you can detect and remove rootkits that are hiding on your PC mostly going undetected by normal Anti-Virus and Anti-Malware Software. It uses a broad range of methods detecting and fixing the problems caused by rootkit and allow the power user to easily spot rootkits on a system.
Detection methods range from detecting hidden Processes over detecting hidden Registry keys to complex detections of modified System Calls and hidden Streams, often containing Viruses or Spyware.
Additional features include extensive logging , deletion of "locked" files and the possibility to save processes to the harddisk for further investigation.
Enhancements: Mebroot / Sinowal Detection MBR Rootkit Detection Minor Bugfixes Improves Hooki fixing for IRP (Driver) Hooks
<<less
Usec - Detects and removes Rootkits from your System. Radix Anti-RootkitUsec.at - fastest & easiest way to protect computer from Rootkit Attacks. RADIX ANTI-ROOTKIT. Rootkits are dangerous programsRootkitRevealer 1.71
RootkitRevealer is an advanced root kit detection utility more>> RootkitRevealer is an advanced root kit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
RootkitRevealer including Vanquish, AFX and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that dont attempt to hide their files or registry keys).
The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.<<less
Panda Anti-Rootkit 1.08
Panda Anti-Rootkit, detect and remove rootkits freeware. more>> Panda Anti-Rootkit is a program that uses latest generation technology to detect and remove rootkits
Panda Anti-Rootkit was designed to be a small application that will use the latest generation technology to detect and remove rootkits on your system. Rootkits are programs designed to hide processes, files or Windows Registry entries.
This type of software is used by hackers to hide their tracks or to insert threats surreptitiously on compromised computers. There are types of malware that use rootkits to hide their presence on the system.
Rootkits use sophisticated techniques to avoid being detected by antivirus solutions. To combat this new threat Panda Software has developed Panda Anti-Rootkit.<<less
Panda Anti-Rootkit is a program that uses latest generation technology to detect and remove rootkits. Panda Anti-Rootkit 1.08.00 - PandaPanda Anti-Rootkit is a program that uses latest generation technology to detect and remove rootkits. Panda Anti-Rootkit 1.07.00 - PandaPanda Anti-Rootkit is a program that uses latest generation technology to detect and remove rootkits. Panda Anti-Rootkit 1.06.00 - PandaSophos Anti-Rootkit 1.3 RC
Sophos Anti-Rootkit eliminates hidden applications and processes more>>
Sophos Anti-Rootkit will find and remove any rootkit that is hidden on your computer.
The term rootkit is used to define a Trojan (or technology) used to hide the presence of a malicious object (process, file, registry key, network port) from the computer user or administrator.
Main features:
- Scans running processes, windows registry and local hard drives for rootkits.
- Identifies known rootkits and selects, by default, files for removal which will remove the rootkit component of the malware without compromising OS integrity.
- Allows users to remove unidentified hidden files, but does not allow removal of essential system files when hidden by an identified rootkit.
- Once the user has run a scan, the screen prompts the user through the necessary steps until every rootkit has been removed.
- Users can switch between the GUI and command-line functionality.
- Both context sensitive and command-line help are available.
Sophos Anti-Rootkit eliminates hidden applications and processes. Sophos Anti-Rootkit 1.3.1 - Sophos Plc ... SophosSophos Anti-Rootkit eliminates hidden applications and processes. Sophos Anti-Rootkit 1.3 - Sophos Plc ... Removing rootkitsDarkSpy Anti-Rootkit 1.0.2
Detect rootkit with multiple features. more>>
DarkSpy Anti-Rootkit 1.0.2 offers users a free yet very powerful tool for rootkit detection. DarkSpy is a multiway-based detection tool . It internally combines many effective detection techniques, including DarkSpy's own handlers and also methods used by other famous tools.
AVG Anti-Rootkit 1.1.0.42
AVG Anti-Rootkit is an advanced tool designed to detect and remove hidden objects known as Rootkits, from your computer more>>
AVG Anti-Rootkit can even remove Trojans and Rootkits that are hiding inside NTFS Alternate Data Streams.
RootKit Hook Analyzer 3.02
Check and display rootkits that hook the kernel system services of your computer. more>>
RootKit Hook Analyzer 3.02 helps you to avoid rootkits installed on your PC which hook the kernel system services. Kernel RootKit Hooks are installed modules that intercept the principal system services that all programs and the operating system rely on. Kernel hooks are out of fashion these days and not officially documented and considered deprecated by Microsoft. The pioneering heroes of the old days who discovered how to actually implement them have all adopted the new fashion of advising against using kernel hooks as a programming practice.
Often kernel hooks are unnecessary because there are documented ways that allow a programmer to achieve his goal. However in a lot of system tools such as monitoring and antivirus software, kernel hooks are the only available technique to get the difficult job done and thus an unavoidable necessary evil. Important is that if your kernel system services are hooked that you can find out which is the responsible software that makes use of these techniques. Inspired by all the discussions going on about the Sony CD protection rootkit, we have developed the RootKit Hook Analyzer.
Enhancements:
- Includes unspecified updates.
RootKit Hook Analyzer is a security tool which checks if there are any rootkits installed on your computer which hook the kernel system servicesLicense:Freeware
RootKit Hook Analyzer is a security utility which will check if there are any rootkits installed which hook the kernel
Resplendence Software Projects - Check your system for the presence of rootkits and kernel hooks. RootKit HookLicense:Freeware
McAfee Rootkit Detective 1.1 Beta
McAfee Rootkit Detective will proactively detect and clean rootkits that are running on the system more>>
McAfee Rootkit Detective should only be used by knowledgeable individuals at the direction of, and with the support of, a representative from McAfee Avert Labs or McAfee Technical Support. Improper usage of this tool could result in damage to your applications or operating system.
Main features:
- Designed to proactively detect the system objects like processes, files and registry that are hidden to the user
- Provides information about all running processes in the system
- Provides information about various system hooks like SSDT(System Service Descriptor Table) hooks, user/kernel IAT/EAT(Import/Export Address Table) hooks
- Allows the user to clean/remove the malicious objects from the system by renaming/deleting the hidden files/registry
- Allows the user to terminate the malicious processes
- Users can submit samples using the submission feature present in the tool
- Users can also collect the samples manually after renaming them and Avert Labs for further analysis
System requirements:
- Windows XP Home Edition with SP2
- Windows XP Professional Edition with SP2
- Windows 2000 with SP4
- Windows 2000 Server
- Windows 2003 Server SP1
BETA KNOWN ISSUES
- McAfee Rootkit Detective will detect registry entries pertaining to McAfee Entercept Products if installed on your system.
- McAfee Rootkit Detective will detect mfehidk.sys file pertaining to McAfee Antispyware Enterprise (Standalone) as a hooked service.
- McAfee Rootkit Detective will detect IAT/EAT hooks in Windows 2000 SP4 system pointing to shim.dll.
- McAfee Rootkit Detective will detect vsdatant.sys from Zone Alarm as hooked service for rootkit like behavior.
- McAfee Rootkit Detective will detect Goback2k.sys as hooked service on system having Go Back software installed system for rootkit like behavior.
- McAfee Rootkit Detective will detect fsndis5.sys as hooked service from F-Secure if F-Secure Internet Security Suite 2006 is installed on the system
- McAfee Rootkit Detective will detect klif.sys as hooked service from Kaspersky if Kaspersky Internet Security 2006 is installed on the system.
- McAfee Rootkit Detective will detect FireTDS.sys as hooked service from McAfee if McAfee Desktop Firewall is installed on the system.
- McAfee Rootkit Detective will detect Hidsys.sys as hooked service from McAfee if McAfee Host Intrusion Prevention is installed on the system.
- McAfee Rootkit Detective will detect Service Name ZwCreateThread when VSE product is installed on the system.
- McAfee Rootkit Detective will not run on Windows 2000 platforms when Kaspersky Internet Security 2006 is installed.
- McAfee Rootkit Detective will detect many IAT/EAT hooks and SSDT hooks of legitimate applications.
McAfee Avert Labs - It will proactively detect and clean rootkits that are running on the system. McAfeeLicense:Freeware
McAfee, Inc - Detect and clean rootkits that are running on the system. McAfee Rootkit Detective. McAfeeGromozon Rootkit Removal Tool
A small utility that can rapidly detect and remove the Gromozon rootkit more>> A small utility that can rapidly detect and remove the Gromozon rootkit
Unfortunately the Gromozon Rootkit isnt a single infection, but a blended attack designed to bypass traditional antimalware security applications.
The end result meaning that the machine is not only infected by several well known Trojans but also a highly dangerous Rootkit. Traditional AV vendors are at the moment dealing with the known infections, but overlooking the rootkit.
Here is how you could get infected with the Gromozon rootkit:
- Upon visiting an infected webpage an obfuscated JavaScript is run.
- The user is forwarded to another website which of course contains a further obfuscated JavaScript. This connects to a network of websites which are used to launch the infection routine. These websites are constantly changing and since May 2006 have become considerably more numerous
- A server side script will be run to analyse the user agent (web browser) under which the user is visiting. Different attack methods are then launched depending on whether the user is running Opera, Firefox or Internet Explorer.
- For Internet Explorer, the victim is presented with the option to install an ActiveX control called FreeAccess.ocx This is actually copied into the Microsoft Windows system32 folder as a randomly named DLL.
- Firefox and Opera undergo a very clever piece of social engineering. What appears to be a link to www.google.com is presented to the victim. This unfortunately is not a hyperlink but in fact a cleverly hidden .com file. Once accepted and run, a randomly named DLL is again installed to the windows system32 folder.
- Once the DLL agent is installed, various pieces of Adware are downloaded and installed onto the machine. Examples are the Bravesentry and LinkOptimizer Trojans. The real payload is then downloaded to the victims computer. Both a Rootkit and service component are installed along with a hidden windows user account. The main purpose of this is to enable the Adware which was previously installed to be hidden from any Anti-malware tools installed on the machine
AVG Anti-Rootkit Free 1.1.0.42
AVG Anti-Rootkit can detect and remove rootkits, a anti rootkit freeware. more>> AVG Anti-Rootkit is a powerful tool with state-of-the-art technology for detection and removal of rootkits. Rootkits are used to hide the presence of a malicious object like trojans or keyloggers on your computer. If a threat uses rootkit technology to hide itself it is very hard to find the malware on your PC. AVG Anti-Rootkit gives you the power to find and delete the rootkit and to uncover the threat the rootkit is hiding
Feature:
1.Easy to use
2.Fast and efficient detection
3.Advanced powerful cleaning driver<<less
Lavasoft ARIES Rootkit Remover 1.0
The ARIES Rootkit Remover was desgined tolocate and permanently remove the Sony rootkit from the system more>>
This standalone tool is a reliable, trustworthy, and safe way of removing the rootkit--unlike Sonys own rootkit remover that has been known to cause blue screens.
This primarily protects consumers and ensures privacy. The tool is developed by Lavasoft in line with our common goals to steer computing environment towards better standards.
Resolve for Esbot and Rootkit-AA 1.07
A tool that removes Esbot and Rootkit-AA trojan more>> A tool that removes Esbot and Rootkit-AA trojan
Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms. They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.
W32/Esbot-B is a network worm and IRC backdoor Trojan for the Windows platform.
W32/Esbot-B will connect to an IRC channel and wait for instructions. W32/Esbot-B is a network worm and IRC backdoor Trojan for the Windows platform.
W32/Esbot-B will connect to an IRC channel and wait for instructions.
When first run W32/Esbot-B copies itself to services32.exe.
The file services32.exe is registered as a new system driver service named "Content List Management Sub System", with a display name of "services32" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLMSYSTEMCurrentControlSetServicesContent List Management Sub System
The following registry entry is set:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionShell Extensions
Melt
Troj/Rootkit-AA is a kernel-mode driver that is capable of hiding processes by directly manipulating kernel structures.
W32/Esbot and Troj/Rootkit-AA can be removed from Windows computers automatically with the following Resolve tools:
Windows disinfector
ESBOTGUI is a disinfector for standalone Windows computers. To use it you have to do the following:
- Open ESBOTGUI.com file from your desktop after downloading it.
- Click on the Start Scan Button.
- Wait for the process to complete.
- After removing the worm you should install the Microsoft security patches, as described in the W32/Esbot removal tool Readme.
Command line disinfector
ESBOTSFX.EXE is a self-extracting archive containing ESBOTCLI, a Resolve command line disinfector for use by system administrators on Windows networks.
Avira AntiRootkit Tool 1.0.1.17 Beta
A useful utility for rootkit detection more>> A useful utility for rootkit detection
Avira AntiRootkit Protection recognizes active rootkits. However, there are rootkits, which are used legally in programs. Avira AntiRootkit Protection also detects those. Please note that using reported rootkits is at your own risk and it can cause program errors.
With Avira AntiRootkit Tool youll be able to view all the rootkits that are active on your system.
