free anti-rootkit suggestions - split from thread: Re: Panda Anti-Rootkit

Discussion in 'other anti-malware software' started by Someone, Jun 27, 2008.

Thread Status:
Not open for further replies.
  1. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    Can you recommend a free anti-rootkit with better detection that is easy to use (scan and remove, not analysis)?

    When I run it on my computer it detects nothing, so I'm guessing the FP rate isn't too high.

    Thanks
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Re: Panda Anti-Rootkit

    I suppose the av company arks fall into scan and remove, not analysis, but seriously I find it hard to recommend any of them at the moment. Here is a list in no particular order :

    AVG Anti-Rootkit free - AVG. perhaps try this one
    Blacklight/fsbl.exe - F Secure.
    Rootkit_Detective - McAfee.
    Rootkit Buster - Trend.
    Avira Rootkit Detection - Avira.
    Avast aswar.exe - Avast.
    Sophos.
    Rootkit Uncover - Bit Defender.
    RootAlyzer - Safer Networking maker of antispyware Spybot.
    of course Panda pavark.

    but I would recommend the arks : RkU, rktrap, RootRepeal, IceSword, gmer plus a few more...

    here is something really easy and reliable for rootkit files.
     
  3. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Re: Panda Anti-Rootkit

    Hi

    Thanks for the list.

    I know Rku, Gmer, Icesword, Darkspy, etc are really good, but I have no idea what is malware and what isn't, so it is useless to me.

    I downloaded RootKitty from http://ezpcfix.net/dload/RootKitty.exe. Is this the right link? Because my AntiVir free said it was TR/Dropper.Gen.

    Thanks
     
  4. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Re: Panda Anti-Rootkit

    How about getting to know the programs treating it as a learning curve you'll probably learn quite alot - I've already given you the link to using IceSword.
    I quickly opened an antivirus virtual machine and your right avira flags it. Probably f/p - that is the correct link. I recently built an up to date UBCD4Win CD and included Rootkitty.

    edit: Ikarus, Webwasher, GData and Avast flag it also.
     

    Attached Files:

    Last edited: Jun 27, 2008
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Re: Panda Anti-Rootkit

    I ran RootkitRevealer on a clean WinXPproSP2 (nothing else), which has never been online, not even for activation (done by phone) and it found 3 rootkits :

    HKLM\SECURITY\Policy\Secrets\SAC* 0 bytes Keyname contains embedded nulls
    HKLM\SECURITY\Policy\Secrets\SAI* 0 bytes Keyname contains embedded nulls
    HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 80 bytes Data mismatch between Windows API and raw hive data

    Talking about false positives. Pffft.

    Than I ran it on my off-line image, which I use to create my off-line snapshot.
    No security softwares, no internet software installed because it has no internet connection.
    It found 4 rootkits :

    HKLM\SECURITY\Policy\Secrets\SAC* 0 bytes Keyname contains embedded nulls
    HKLM\SECURITY\Policy\Secrets\SAI* 0 bytes Keyname contains embedded nulls
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVerion\Installer\UserData\S-1-5-18\Products\
    7775F2120911FED4E8D4B6F213B3547E\Usage\PerfectDisk
    4 bytes Data mismatch between Windows API and raw hive data
    HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 0 bytes Access denied

    Where is the 3th rootkit of my first scan ? Suddenly another Windows ?
    The last one sptd\Cfg is related to Alcohol120 (ISO burner) confirmed in this thread :
    https://www.wilderssecurity.com/showthread.php?t=145763

    If I would spend more time on this, only God knows what I would discover more. :)
     
    Last edited: Jun 27, 2008
  6. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Re: Panda Anti-Rootkit

    This one is new and was mentioned before by Meriadoc.
    It is a newer tool that is very useful. You can run a report scan if you would like some one to help you out or use the kill process feature to terminate threats.

    http://rootrepeal.googlepages.com/home
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Re: Panda Anti-Rootkit

    I ran it, a long report, that didn't make me any wiser. :)
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Re: Panda Anti-Rootkit

    I ran Rootkit Detective of McAfee. Didn't make me any wiser. You have to be a detective yourself to read that report.
     
  9. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
  10. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Re: Panda Anti-Rootkit

    Remember the organized internet mafia (e.g. ruDJ and his "spider murphy gang") scans against all known arks,
    so for targeted attacks antirootkit tools are not reliable. The same is valid for AVs and wellknown Firewalls in worst case they only enforce pseudo-security feeling.
    Related to Panda, look at my test results... it is far below average.
     
    Last edited: Jun 27, 2008
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Re: Panda Anti-Rootkit

    It's logical that RR didn't detect any rootkits on a fresh installed WinXPproSP2. I don't need to be an expert to know this.
    To average users, rootkit scanners like that, are useless, they are only good for knowledgeable users (the minority).
    I need a rootkit scanner that detects real rootkits and that's what every average user wants.
    As always the security industry doesn't know what average users need. :(
     
  12. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Re: Panda Anti-Rootkit

    SJ, Scandle in the restricted area, I told you...you have to keep taking the pills:D
    Agree.
     
  13. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Re: Panda Anti-Rootkit

    First of all I have to drink the coffee with Mrkvonic .:D :cool:
     
  14. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  15. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    Well in that test F-Secure Anti-Virus 2008, Norton Antivirus 2008 and Panda Security Antivirus 2008 seemed very good in Vista.
     
Loading...
Thread Status:
Not open for further replies.