Free Sophos Anti-Rootkit 1.0

Discussion in 'other anti-malware software' started by Chubb, Aug 23, 2006.

Thread Status:
Not open for further replies.
  1. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967

    Attached Files:

    Last edited: Aug 27, 2006
  2. A1SteakSauce

    A1SteakSauce Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    88
    Awesome! yet another anti-malware to add to everyones list.
     
  3. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    Fast scanning speed, taking 1 min 33 secs only to scan running processes and the windows registry.
     

    Attached Files:

  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Excellent! Got to update my Security-Ops webpage :)
     
  5. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    It appears that this is a full time program as opposed to a scan only. Is that true? I suppose it overlaps SnoopFree.
    Is it intrusive?

    Thanks,
    Jerry
     
  6. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    It operates on detecting rootkit rootkit like activity not the rootkit itself, aren't there some processes that mimicks rootkit like activity.
     
  7. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Excellent, one more soft in my Startup Menu :thumb:
     
  8. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Nice app, especially for a freebie.

    I guess it can regognize specific rootkits, because when it doesn't recognize it, removal/cleanup is not advised (see pic), although removal works fine.

    So I guess there will be updates, it makes me wonder if the program will stay free :doubt: .


    nicM
     

    Attached Files:

  9. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Yes, that's it : Removal advice is based only on detection, although detection is independent from the database; hopefully !

    So it allows to remove unknown rootkits even so :thumb: .

    Here is one known detection :
     

    Attached Files:

    Last edited: Aug 24, 2006
  10. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    so this is real and not fake?:doubt: o_O
     
  11. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    yes its a legitimate anti-rootkit.

    being cautious can be good, but do u doubt every software? :rolleyes:
     
  12. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    after having some and hearing about the rouge ones im kinda cautious
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Really nice and it is free!!
     
  14. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I read some review and if I remember correctly, it does not give an option to act upon each item of malware, but it is either keep or remove them all - all or nothing.
    I am not sure that makes sense.
    Anyone with the facts regarding the options when malware is detected?

    Thanks,
    Jerry
     
  15. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    Sophos is a very famous antivirus company in the UK, targeting at the government sector and large corporations. Anti-rootkit detection is already included in the Sophos AntiVirus 6.0 series. Graham Cluley, Senior Technology Consultant at Sophos is a former Technology Consultant of the excellent Dr Solomon's AntiVirus Toolkit.
     
  16. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    any FPs? also does it delete them if it finds them?
     
  17. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,276
    Location:
    Earth
    great thanx :D :D :D

    No hidden items found by scan.
     
    Last edited: Aug 25, 2006
  18. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I get weird results from SAR... It detects a slew of registry keys that I can't find that key by any other means, including direct hive observation, with IceSword, or anything else. Many of them are under HKEY_USERS\S-1-5-18\Software\Netscape\Netscape Navigator. It also reports that I have HKEY_USERS\S-1-5-18\Software\Sygate Technologies, Inc. hidden. Weird!

    Edit: I figured it out, after considerable trouble. The hive being flagged was C:\WINDOWS\system32\config\systemprofile\ntuser.dat. I have no idea why the entries show as "hidden", though, unless Windows does some sort of hive mirroring.
     
    Last edited: Aug 25, 2006
  19. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Installed this and had to explore to the program files to get the shortcut to start it!
    It doesn't show up in Start>Programs either.
     
  20. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    It's unpacked to root drive (usually C:\ )
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    No, u can delete selective items.
     
  22. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,301
    Location:
    South Wales, UK
    Ditto here re. the HKEY_USERS\S-1-5-18\etc. but in this case when I checked the Registry it appeared to be a left over from something. It was the only entry and does not appear to be nasty. Could not remove it anyway as the function did not offer the option.

    What was good was the information provided by the application which allows you to investigate for yourself.

    Did a full scan (all three options ticked) and it took some 33 minutes....which is lonegr than any of the other anit rootkit tools that I have tried but that may just mean that it is more thorough than the others (due to it checking the whole of the hard disk, which I do not think that the others have an option to do).

    Nice application. Will probably keep it and evaluate further.:)
     
  23. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Thanks, Aigle. That makes sense.
    Jerry
     
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Excellent program. My opinion of Sophos just went up several notches.
     
  25. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    scanned running processes & local hard drives in just under 6 min's for me,nothing found:D ,but would not scan the regestry.got this message-Warning failed to flush drive\\.\C registry.Regestry scan may produce invalid results.the process cannot access the file because it is being used by another process.- Any ideas what i can do to make a full scan?
     
Loading...
Thread Status:
Not open for further replies.