Anti-RootKit Software - Your Favorite?

Discussion in 'other anti-malware software' started by jpcummins, Dec 31, 2007.

Thread Status:
Not open for further replies.
  1. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    420
    Location:
    Terre Haute, IN
    Given the choice of AVG Anti-Rootkit or RootKitRevealer, based on your experience, which one would be your choice. I am using both occasionally but to date AVG is finding nothing while RKR is. This is becoming a bit disconcerting to me. May mean absolutely nothing but I am doubtful. Unfortunately, RKR does not have a manual or guide that helps us, with little experience, to determine what the log is telling us. Fortunately, RKR has a forum for people with little experience and knowledge to seek help from those with this knowledge. I have heard good things about both GMER and Sophos but they both confuse me. And, believe me it doesn't take much to do that. As always I thank you for all your replies.
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Re: RootKit Software - Your Favorite?

    Are these tests you are running, or real exploits you have been hit with?


    ----
    rich
     
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Re: RootKit Software - Your Favorite?

    Did you check out the stickies at Sysinternals Forums before you posted there?

    Personal recommendation is to look from outside of Windows.
     
  4. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Re: RootKit Software - Your Favorite?

    Hi

    In my limited experience, you have to be a bit careful of anti-rootkit software detectors. Touch nothing while it's scanning for one. Some are very, very sensitive to other software that's hooking the kernel.
     
  5. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Re: RootKit Software - Your Favorite?

    jpc, I'm probably in a similar sort of knowledge area. I've tried Icesword, AVG ARK, Rootkit Revealer, and Sophos. Don't know enough about them- the programs or rootkits in general- to confidently interpret the results.
    So I don't.
    While learning, the Sysinternals forum proved helpful, and was able to relegate the 2 entries I had to FP's.
    My impression of the AVG tool is that it's for the average user, and that RKR is a bit more advanced. Ditto Icesword, and GMER.
    My feeling, based on a little reading here and around the W, is that anything designed by Mark Russinovich is likely to be a fairly superior product.
     
  6. jpcummins

    jpcummins Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    420
    Location:
    Terre Haute, IN
    Re: RootKit Software - Your Favorite?

    I should of been more exact in my original posting. What started this is that I had scanned my system with ThreatFire and it detected 2 registry items. I followed that scan with RKR and it found the 2 registry items found by ThreatFire plus 5 others. I then looked with Regedit at the entries found by ThreatFire and RKR and did not see anything suspicious, at least not in my mind. But not relying on my rather limited knowledge I posted the entries found by the two programs to the RKR forum. I received a reply by one of the moderators that addressed each entry and I was told that I had no reason for concern. After all of this I didn't understand why AVG AntiRootKit never detected anything. Either AVG AntiRootKit is such a good program it knew there was not a problem with the entries or perhaps it should of detected the entries and didn't. I just was afraid I was placing too much confidence in the program. Other RootKit postings I have seen has mentioned Sophos, GMER, RootKitRevealer and I believe one or two others but I don't recall seeing AVG AntiRootKit. I guess my question is should I or should I not rely on AVG AntiRootKit? Most likely this is not a yes or no question.
     
  7. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Re: RootKit Software - Your Favorite?

    I would prefer RKR.Especially if their forum has been helpful.
    AVG's antirootkit is probably similar to antirootkits from av vendors,designed for ease of use.Don't know about effectiveness though.

    I had a site bookmarked that had reviews for antirootkit scanners as well as download links for many scanners.Don't have it anymore and can't find it on a Google Search.
     
  8. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Re: RootKit Software - Your Favorite?

    Nearly all, Rootkit Revealer is really outdated and tends to mass fp´s.

    Yes and you should use it because it is actually nr.1.
     
  9. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Re: RootKit Software - Your Favorite?

    This one?
    Thanks for the advice.It's one of those applications downloaded a while back that I hadn't followed up on. Now found the online FAQ/help form, let the learning begin!
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Re: RootKit Software - Your Favorite?

    Hello,
    Any bootable CD, rootkitty.
    Mrk
     
  11. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Re: RootKit Software - Your Favorite?

    @Targ: cool link collection
     
  12. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA
    Re: RootKit Software - Your Favorite?

    any word on Rootkit Unhooker?


    i thought this used to be the best, dont know what happened, bought out or something...
     
  13. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Re: RootKit Software - Your Favorite?

    Discontinued:'(
     
  14. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Re: RootKit Software - Your Favorite?

    IceSword's my personal favorite :)
    ... although I haven't had much experience with many rootkits, but I've found it far quicker to remove active rootkits using IceSword than using other tools (in my experience)
     
  15. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Re: RootKit Software - Your Favorite?

    Personally I prefer Sony. Buy the music and they throw in the root kit for free.
     
  16. Maksman

    Maksman Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    4
    Location:
    USA
    Re: RootKit Software - Your Favorite?

    AKR 2.007 from safe-protect for me, not famous, but very useful..
     
  17. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA
    Re: RootKit Software - Your Favorite?


    come on, they just quit?? no big payday? thats lousy...
     
  18. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Re: RootKit Software - Your Favorite?

    See December 23, 2007 blog at:
    http://www.antirootkit.com/blog/
     
  19. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA
    Re: RootKit Software - Your Favorite?

    thats great...i read some blogger a while back who was trying to say RKU developers were crooked, glad to see thats not true....hope they making a ton of $$$ from Microsoft...that EP_XOFF mentions EASTER and fcukdat for thanks on his site, so there are some people on here who app. really know their stuff
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Personally I don´t really have a favorite, but I keep hearing that RkU, IceSword and GMER, are the best. I only use them when my system is acting weirdly and I start to get all paranoid again.

    I see that the topic title has changed, good point. :D
     
  21. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Out-of-Date and not finished but still a nice tool of a unique kind, except those massive bsods that can happen.

    Some final words to the notorious aggressiveness that RkU Authors had against Gmer (and now they playing down the whole story to distort the truth (remember the sheep and wolf story, first the wolves and suddenly the sheeps?)): One attacks only the one, who owns the ball. So Gmer they only raised the hat to you. I also say "chapeau" for the last revelation of stealth mbr, that is the right direction.

    If you get directly/massively attacked no matter in what way then this is a sign that you must be damn good
    or/and you must have revealed something deeply hidden that wasn´t intended to be found. :) :) :) (or maybe you woke up a beast from a deep sleep because you brought some rays of light into its darkness;-))
     
    Last edited: Jan 5, 2008
  22. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    Re: RootKit Software - Your Favorite?

    It is sold to Microsoft & the development team is going to work for billyboy.

    There’s nothing that money can’t buy :eek: :eek: :eek:
     
  23. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    I show you the toplist based on usefulness, removal and information if system is infected:
    (vs ads rootkit, vs fu rootkit, vs fu+hidden)

    1. Gmer
    2. Radix
    3. RkUnhooker
    ------------------------
    4. IceSword
    5. McAfee RkDetector
    6. AVG
    7. Sophos
    8. A Tools
    9. NIAP Rootkit Detect
    10. Blacklight
    11. Avira
    12. Trend Micro
    13. Sysprot
    14. Helios
    15. Panda
    16. RkRevealer

    Corrections: 4 tools capable of removing ads streams. IceSword belongs to the top 4.
     
    Last edited: Feb 3, 2008
  24. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    IceSword can whack ADS:D :thumb:

    Rustock B used for illustration purposes.

    Main IceSword GUI select file option.left click on local disk(C: ) to highlight and the right click and select *Enum ADS(include subdir)* option.
    Next if you get a suspicious ADS entry you highlight and select copy to bring the binary out of ADS for inspection or alternatively if it is a known badboy then highlight the line and delete :D

    Rustock ADS.jpg
     
    Last edited: Feb 3, 2008
  25. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
Loading...
Thread Status:
Not open for further replies.