What program do you all consider to be the best anti-rootkit?

Discussion in 'other anti-malware software' started by WilliamP, Dec 3, 2006.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    What program do you all consider to be the best anti-rootkit? I have gmer on my computer but I have read good things about IceSword. I feel that it may be easier to get support for gmer.
     
  2. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I use Ice Sword in addition to Gmer.
    I have used Ice Sword longer so I am more familiar with it.Only ran Gmer once.

    It probably is easier to get support for Gmer.

    Which one is best?
    I prefer Ice Sword,but I can't really say either is the "best".
     
  3. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    BOClean and RKUhooker. You did say "the best" !


    StevieO
     
  4. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Well Stevieo I tried BOClean once and I know it is a good program ,but I had problems. Was told it was NOD32. So I got rid of BOClean. From what I understand about RKUhooker it doesn't like SSM . I do. So I guess I'll have to settle for second best.
     
  5. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Blacklight seems to work alright. I like it because it just tells me whether it has detected a rootkit or not. Nothing fancy, it just scans and lets me know. I believe the current beta will expire Jan 1st. But it always renews, or has thus far, anyway.

    http://www.f-secure.com/blacklight/
     
  6. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
    BOClean.
     
  7. controler

    controler Guest

    For Power users you do not need an AV, FW or AT
    Power users now days use an restore program and do it daily.
    This however might not be usable for buisness but it is sure usable for home users today.

    Most power useers will have some sort of backup program. Such as ATI, Ghost, ect. But the real hard cors will reformat from scratch every week.
    They will have all the nessary files needed so it is not a long process.


    controler
     
  8. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Reload every week? I have backup ready ,but my gosh ,I don't think I would want to spend the time reloading. I keep a Ghost image on an external drive and make a new image the first of the month. I have an Archived FDISR snapshot on another external drive that I update about every third day.
     
  9. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    At this moment, GMER and NOD32 Anti-Stealth :)
     
  10. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Currently, F-Secures Blacklight.
     
  11. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    GMER is pretty good, and so is IceSword. They each overlap, but have their own unique things. However, my view is to DBAN the drive once something suspicious (as in rootkit) is happening, but that is just my opinion (a little extreme, I know)

    Cheers,

    Alphalutra1
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    A Linux bootable CD.
    Mrk
     
  13. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    Hi

    Authors of anti-rootkit ( including me ) still have a lot of work to do.
    Look at my last sample: http://www.gmer.net/news.php

    Regards
     
  14. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    So, even NOD32 cannot detect it...
    Right?
     
  15. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    Does NOD32 search for the hidden files ?
     
  16. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    anti stealth technlogy is in 2.7 and that can find hidden rootkits.
    lodore
     
  17. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
  18. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    They all have atributes and are all being improved apon so I don't like saying which is best. What would I reach for first, I'd probably look at windows from linux, although I very much like and use in no particular order, DarkSpy, IceSword, SVV, Rootkit Revealer, RkU and Gmer.

    Blacklight is good also and user friendly.
    I could be biased and say some of my own tools :D but that would be stupid as only a handful have tested them - a cross between say DeviceTree/SVV/unhooker if they come together as one unit.

    Tested avz against rootkits with some good results.
     
    Last edited: Dec 7, 2006
  19. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    I understand but it only hides its file, nothing else.
     
  20. sara15

    sara15 Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    6
    Hi Controler -
    You said:
    Probably becaue I'm not a Power User, not quite sure what you're suggesting, or what "they have all the necessary files.." means. Do you mean using something like ATI daily to go back to a snapshot with DataAnchoring, so data intact? Or another type of program? Or reloading fresh OS? Sorry if specifics of what you're recommending escaped me; trying to learn.
    Thanks if you have a moment to expand. I've got XP, 100gb drive, OS & apps on C:, data on E: partition.

    sara15
     
    Last edited by a moderator: Dec 7, 2006
  21. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    But detects rootkits after they are installed...
    Even if the file isn't malicous, NOD32 reports it to the user decide want to do...

    So, if you can see how good NOD32 in this area...
     
  22. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Thanks for all the replies. I now have gmer and IceSword in addition to NOD34. I have used NOD for years. Now I have a question about gmer and IS. When a new version comes out how do you go about updating ?
     
  23. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I can tell you with all honesty what is going "to be" the best rootkit detector. Just ran the beta again and Avira has encompassed the same stringent standards into their rootkit detector as their antivirus products.
     
  24. EASTER.2010

    EASTER.2010 Guest

    @GMER

    You make this open claim but where is sample for us to test ourself and verify it's genuine.
     
  25. gmer

    gmer Developer

    Joined:
    May 8, 2006
    Posts:
    86
    It's available for every AV vendor.
     
Loading...
Thread Status:
Not open for further replies.