Good anti-rootkits for Win 7

Meriadoc

Thanks for the test. Hope you can be of help to Tizer.

pradeepschandra

Nice to see you responding.

3GUSER

That's good to know

 

Hi Meriadoc,

I will be glad to see your pm for your interest in discussing rootkit detection algorithm.

PS : Please find some spare time if possible.

Regards
Pradeep

 

Yes you were pmed

 

XueTr works on 7.

 

What is the download link for it? Is it good?

 

aigle, XT second from bottom of ark list.

 

XueTr showing some of TDL3 - DriverObject

 

Thanks. So how will you compare it with RKU, gmer and RootRepeal?

Thanks

 

...pmed

 

Thanks

 

XueTr reports a suspicious driver object after installing avast 5.

 

Is it aswSP.SYS? If so, this is normal. It's avast!'s self-protection module.

 

Unfortunately it doesn't say. XueTr says the object is not signed either. So maybe your right or maybe it's just a quirk with XueTr.

 

If you post a screenshot of XueTr it would help me verify that we're looking at the same thing. I checked again and the drivers I see on my system don't sound like what you're describing.

EDIT: I just realized that this is a Win7 thread and I'm on XP. I may not be much help. Maybe someone else with the same OS as you will reply.

 

Thanks to Meriadoc for reporting the TDL3 4DW4R3 detection issue with Tizer Rootkit Razor. We have downloaded the rootkits and run several tests after which we have successfully completed necessary upgrades for Rootkit Razor so that it is now able to detect TDL3 4DW4R3 and Rustock and safely remove them. During our testing, we noticed that TDL3 4DW4R3 appeared to have been updated over the internet by the malware writers last weekend, after which the latest version is not fully removable (though it is detected by some) by any of the other currently available rootkit removal tools. We have updated Rootkit Razor to detect and safely remove both Rustock and the latest version of TDL3 4DW4R3. Please see screen shots of detection

Screen Shot 1

Screen Shot 2

We invite your comments and useful suggestions for any further improvements that we can make to better meet user requirements. We would also be glad to receive any reports of new rootkits that you may find or any new malware samples for our analysis and testing. We look forward to receiving support from the user community that will help us launch better tools for your internet security.

You can download Tizer™ Rootkit Razor here.

PS: If you are testing, please restart your system after installing rootkits.

Best regards,
Tizer Secure™ Support

 

So far only tested against TDL 3.273

FAIL

confirmed

 

TDL3 Razor

 

Tizer™ Rootkit Razor was updated recently to be able to detect and safely remove the dangerous rootkits Rustock and 4DW4R3. It is not yet able to detect TDL3, but we have launched a separate utility called Tizer™ TDL3 Razor which has been tested and is able to safely remove the TDL3 rootkit from Windows XP 32-bit machines that have either atapi.sys or iaStor.sys hard disk drivers. Screen shots of successful detection and cleaning are given on http://www.tizersecure.com/about_TDL3_rootkit_detect_remove.php.

Please note that the rootkit is safely removed only on reboot of the machine, as per the instructions on the dos screen.

This fourth product we have released is specifically for the TDL3 rootkit, which is a botnet. About 50-60 million computers worldwide are infected by botnets.

Download the free Tizer™ TDL3 Razor utility here.

Regards