Free Sophos Anti-Rootkit 1.0

Free Sophos Anti-Rootkit 1.0

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

http://img368.imageshack.us/img368/4595/mainmenuik0.jpg

EDIT: Download link removed to comply with the EULA.

 

Awesome! yet another anti-malware to add to everyones list.

 

Fast scanning speed, taking 1 min 33 secs only to scan running processes and the windows registry.

 

Excellent! Got to update my Security-Ops webpage

 

It appears that this is a full time program as opposed to a scan only. Is that true? I suppose it overlaps SnoopFree.
Is it intrusive?

Thanks,
Jerry

 

It operates on detecting rootkit rootkit like activity not the rootkit itself, aren't there some processes that mimicks rootkit like activity.

 

Excellent, one more soft in my Startup Menu

 

Nice app, especially for a freebie.

I guess it can regognize specific rootkits, because when it doesn't recognize it, removal/cleanup is not advised (see pic), although removal works fine.

So I guess there will be updates, it makes me wonder if the program will stay free .


nicM

 

Yes, that's it : Removal advice is based only on detection, although detection is independent from the database; hopefully !

So it allows to remove unknown rootkits even so .

Here is one known detection :

 

so this is real and not fake?

 

yes its a legitimate anti-rootkit.

being cautious can be good, but do u doubt every software?

 

after having some and hearing about the rouge ones im kinda cautious

 

Really nice and it is free!!

 

I read some review and if I remember correctly, it does not give an option to act upon each item of malware, but it is either keep or remove them all - all or nothing.
I am not sure that makes sense.
Anyone with the facts regarding the options when malware is detected?

Thanks,
Jerry

 

Sophos is a very famous antivirus company in the UK, targeting at the government sector and large corporations. Anti-rootkit detection is already included in the Sophos AntiVirus 6.0 series. Graham Cluley, Senior Technology Consultant at Sophos is a former Technology Consultant of the excellent Dr Solomon's AntiVirus Toolkit.

 

any FPs? also does it delete them if it finds them?

 

great thanx

No hidden items found by scan.

 

I get weird results from SAR... It detects a slew of registry keys that I can't find that key by any other means, including direct hive observation, with IceSword, or anything else. Many of them are under HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator. It also reports that I have HKEY_USERS\S-1-5-18\Software\Sygate Technologies, Inc. hidden. Weird!

Edit: I figured it out, after considerable trouble. The hive being flagged was C:\WINDOWS\system32\config\systemprofile\ntuser.dat. I have no idea why the entries show as "hidden", though, unless Windows does some sort of hive mirroring.

 

Installed this and had to explore to the program files to get the shortcut to start it!
It doesn't show up in Start>Programs either.

 

It's unpacked to root drive (usually C:\ )

 

No, u can delete selective items.

 

Ditto here re. the HKEY_USERS\S-1-5-18\etc. but in this case when I checked the Registry it appeared to be a left over from something. It was the only entry and does not appear to be nasty. Could not remove it anyway as the function did not offer the option.

What was good was the information provided by the application which allows you to investigate for yourself.

Did a full scan (all three options ticked) and it took some 33 minutes....which is lonegr than any of the other anit rootkit tools that I have tried but that may just mean that it is more thorough than the others (due to it checking the whole of the hard disk, which I do not think that the others have an option to do).

Nice application. Will probably keep it and evaluate further.

 

Thanks, Aigle. That makes sense.
Jerry

 

Excellent program. My opinion of Sophos just went up several notches.

 

scanned running processes & local hard drives in just under 6 min's for me,nothing found ,but would not scan the regestry.got this message-Warning failed to flush drive\\.\C registry.Regestry scan may produce invalid results.the process cannot access the file because it is being used by another process.- Any ideas what i can do to make a full scan?