LiveCD Enumerate Windows files then delete from outside Windows. Also the MS Strider page describes : UBCD4Win>Rootkitty is a tool that apparently automates this process.
gmer has a userland detector, catchme which can collect, delete and kill malicious files. BreakPE is a nice little tool.
ESET SysInspector. 32 & 64 bit. Having used many of those mentioned ... I'd say SysInspector is the most user friendly of the lot. Google is your best friend with these! Has a feature that can "exclude private, personal information from being saved in logs", though I am not entirely sure what and how it hides the info ... I am guessing file user names, etc. Quite handy if you're sending a system log to be analyzed by a stranger. http://www.eset.com/download/sysinspector.php
GMer , RootRepeal and Microsoft's Rootkit Revealer. On Windows 7 - GMers sometimes gives me BSOD , RootRepeal can't start at all and RootkitReleveal has problems displaying the messages. On Vista and XP - no problems . I am most pleased by GMer.
RootkitRevealer is not meant to be run on an OS above xp and 2003 (or on 64bit) it will not produce a coherent result - vista, 7 and 2008, and is also considered outdated. 7 has not been out long and some tools need to be worked on because of the differing structure of the OS. Also remember the ark will have to be run elevated - r/click run as administrator. Some problems with RootRepeal maybe due to individual system incompatibility. If anyone has a problem try moving the slider in Options and uncheck 'Use lowest level for MBR check.'
It was a "big fun" for me the first time it happened because generally if this happens , it might be a sign of a rootkit . I didn't have time to see the name of the guilty file (the first blue screen I got) . Later I noticed it , checked it and ensured myself the system was clean
New XueTr v3.0, works on 2000 to 2008 including 7 and comes with extra help in dealing with malware, check out settings...
NT Internals is putting a list together with the tools that deal with TDSS/TDL. TDL author/s have included some lines from Fight Club and Simpsons Movie into their rootkit see also here(tdl3_analysis_paper_ed.rar) They seem to be really busy with numerous builds...TDL4 soon?
Only just noticed the update. Rootkit Unhooker LE 3.8.386.588 SR1 I like the ease of this tool, the management the way it operates and appearance. Strong and always been stable for me.
GMER and Sophos but also IceSword, Rootkit Unhooker, RootkitRevealer, RootRepeal, and SpyDLLRemover. They never find anything. My realtime apps are Online Armor Prevx Sandboxie.
I don't use any of these tools. My current AV, Microsoft Security Essentials, already includes anti-rootkit features.
I generally do not use rootkit scanners for myself since I use on different computers ESET NOd32, GData antivirus or Avira as antivirus and a MalwareBytes' AntiMalware, Moosoft The Cleaner and A-Squared as antimalware which have rootkit removal ability. Windows is always up to date and so Sun Java JRE, Adobe Reader and Flash Player and my main browser. I practice a safe surfing and I always download and install software only from trusted sources. However if I have to clean infected systems I generally trust Gmer, MBAM and Trend Micro RootkitBuster (Well, it depends on what kind of Rootkit I have to clean: the most difficult to remove are MBR rookit in my opinion) Do anyone ever heard of Tizerâ„¢ Rootkit Razor? It is free, only free registration is needed. I'd like to know your opinion if possible, Thank you
Razor is mentioned in this thread and although it cannot see some of the modern rootkits they are working on it. Hmmm MBR rootkit imo is one of the 'easiest' to remove. MBAM has some v.good people that keep on top of the latest infections. RootkitBuster is worked on by old Darkspy antirootkit author. Its been said before but there isn't a best ark only up to date ones, and I can mention a few : Rootkit Unhooker Kernel Detective Root Repeal List of arks. I really must stay away from my machine on holiday
Think about TDL rootkit as an example, of course talking about an active rootkit, avs are not removing it - although its gotta get on in the first place. These anti-rootkit features aren't antirootkit.
Thank you Meriadoc... MBR Rootkit the easiest to remove? I'm pretty sure your help would greatly appreciated in several italian security forums I know, since it seems that you cannot get rid of a MBR rootkit simply formatting your HD (both high level and low level format) and there are some (Italian) users who are driving crazy Someone solved with zero-filling techique as far as I know. Generally I first try with Stealth MBR rootkit/Mebroot/Sinowal detector by Gmer and other similar tools. Well I'm not a security expert nor an hardware technician, I'm only interested in security stuffs, so I cannot tell more thank you again I'm going to have a look at the thread you linked Cheers [EDIT to add] I have just read your reply OMG, once again thank you (for the link provided too)
