One of the few ARK tools that are still under development:

http://www.trendmicro.com/download/rbuster.asp

-{ Quote: "
This version of RootkitBuster includes enhanced capabilities to
detect rootkits that hook the NT function "IofCompleteRequest".
" }-

-{ Quote: "One of the few ARK tools that are still under development:

http://www.trendmicro.com/download/rbuster.asp" }-
.
Any idea how this one compares with other antimalware tools? There are quite a few tools that detect root kits, but aren't dedicated ARKs. Do dedicated tools such as TM RootkitBuster have better detection?

I remember this test (http://www.anti-malware-test.com/?q=taxonomy/term/7) with Trend Micro RootkitBuster 1.6 :)

-{ Quote: ".
Any idea how this one compares with other antimalware tools? There are quite a few tools that detect root kits, but aren't dedicated ARKs. Do dedicated tools such as TM RootkitBuster have better detection?" }-

The paper Anti-Stealth Fighters: Testing for Rootkit Detection and Removal (http://www.av-test.org/down/papers/2008-04_vb_rootkits.pdf) has tests using 30 rootkit samples and also 30 samples of malware hidden by rootkits. Products tested include 14 anti-rootkit programs, as well as some other security programs. The tests were done in late 2007.

New version released: 2.80.0.1071
http://www.trendmicro.com/download/rbuster.asp

Thx for the heads up, G1111.

Easy to use and up-to-date, thank you :)

I don't know how effective it is but it is blisteringly fast, I didn't find anything on my pc.

-{ Quote: "I don't know how effective it is but it is blisteringly fast, I didn't find anything on my pc." }-

Some older test results here: http://www.av-test.org/down/papers/2008-04_vb_rootkits.pdf

Still very weak, what it detects very often cannot be deleted using the same tool:( RootkitBluster - boisterous with no buster.

-{ Quote: "Still very weak, what it detects very often cannot be deleted using the same tool:(" }-

Detection is more important, cleaning is often impossible and not really recommended :-\

-{ Quote: "Detection is more important, cleaning is often impossible and not really recommended :-\" }-

Ya, prevention is the only one useful thing. I would not sure to fully remove a rootkit and repair his damages neither with a more powerful tool as GMER.

-{ Quote: "...and not really recommended :-\" }-
For someone that removes malware, disassembles code I've totally lost the sense of your post:)

edit : okay never mind I understand you.

What, if anything, has changed in terms of detection-n-removal capabilities since this TechNet article was published?

A whole lot seems to have changed in terms of new rootkit AUTHORING strategies.
http://rootkit.com/
http://www.pcworld.com/businesscenter/article/149677-3/how_to_root_out_rootkits.html

-{ Quote: "Is there a sure-fire way to know of a rootkit's presence
In general, not from within a running system. A kernel-mode rootkit can control any aspect of a system's behavior so information returned by any API, including the raw reads of Registry hive and file system data performed by RootkitRevealer, can be compromised. While comparing an on-line scan of a system and an off-line scan from a secure environment such as a boot into an CD-based operating system installation is more reliable, rootkits can target such tools to evade detection by even them.
ref: http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
dated Nov 2006
" }-
The Sysinternals RootkitRevealer doc doesn't specifically mention MBR rootkits.
The TrendMicro doc does, it specifically claims ability to detect MBR kits.

-{ Quote: "
http://www.trendmicro.com/download/rbuster.asp" }-

New version released: 2.80.0.1077 :)

It seems to work on Win 7 as well ... :thumb:

Old DarkSpy antirootkit author very busy atm.