What RootKit Detection Software Do You Use?

I've been using GMER for several years now. What are some other good rootkit detectors and removers?

 

EMSISOFT A-SQUARED and SANITYCHECK

 

I've always found GMER to be really buggy.

I don't know what formal method approach he uses in developing but for years now I've known gmer can fail and be easily crashed, - a lesson in assertion testing and fuzzing would also help.

FYI - ark list at KernelMode.info

A nice tool that shows promise and actively developed is the Tuluka Kernel Inspector ark. Tools from that list I would normally recommend for today's rootkits are RkU, Kernel Detective and RootRepeal. Mandiant Memoryze is a tool I like to use on that list also and VBA32 ark shows a lot.

 

i guess this question has been raised over and over again
here is a list like KM list
http://www.ntinternals.org/anti_rootkits.php
BTW, there is a cool tool by mandiant called "memoryze" ...i heard that can be used against rootkits

 

XueTr

 

Signature and HitmanPro, Sophos AR and SpyDLL Remover.

 

I use various tools like GMER, Tizer Anti-Rootkit, Hitman Pro and many more.. Though i have never got infected with Rootkit.

 

RootRepeal.

 

I have seen claims that Antivirus type Rescue CD's (i.e., AVIRA, Kaspersky, AVG, Panda, DrWeb, etc.) do a better job at detecting rootkits since Windows is not running when the scan is performed. Does anyone have feedback on Rescue CD performance at detecting and removing rootkits?

Thanks in Advance.

 

Nothing, because I consider it a waste of time and resources. A simple default deny approach in an lua environment is sufficient. It mystifies me why root kits and keyloggers in particular are viewed as some sort of black magic malware to be so feared that additional steps are seen by some as crucial in defending against them. I do use free MBAM on demand anti-malware to scan my downloads obtained from known, trusted sites, and if something about the installation of a downloaded were to seem suspicious, I would simply revert to a recent clean image.

 

The likelihood of your exposure is probably next to nil and if anything bad happens as you said you'll re-image but many many people are duped daily especially with something like a strong pay per install campaign such as dogma with tdss bundled and its very well reported how poor antivirus was at detecting and removing it.

 

EAM only

 

Thank you to everyone for all the responses to this post! For me the most important thing is preventing rootkits, and detecting them. Its not that big a deal to remove them if you keep an up to date clean backup image on an external drive. Just knowing that an infection has occurred is all that is needed for those prepared for the worse. What you don't want is an infection to go undetected, and have your data exposed any longer than it has to be. Rolling back your system to an earlier time will always be the best option other than preventing them. Like much of use already know Prevention is better than the cure. So i'm looking for the best tools for detecting them, and not concerned so much for its ability to remove them though that is a plus.

 

Do rootkits spread easy on a network? If they do then it could be a nightmare cleaning them from a network if the rootkit prevented the use of some rollback image software.

 

Another list of Anti-Rootkits

 

thanks franklyn

 

Thanks Franklin for list of Anti-Rootkis

 

i think this is the most sensible approach.

i don't bother with rootkit detectors since none of them are 100% effective in detection.
why bother?

 

Use NIS 2011 + Mamutu (If see something unusual, just block) and I also use W7 X64, so this helps me to prevent keylogger.

 

Avira set to scan for rootkits first, Hitman Pro, TDSS Killer, Malwarebytes and SUPERAntiSpyware. I have also used GMER before.