What RootKit Detection Software Do You Use?

Discussion in 'other anti-malware software' started by Cutting_Edgetech, Oct 22, 2010.

Thread Status:
Not open for further replies.
  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    I've been using GMER for several years now. What are some other good rootkit detectors and removers?
     
  2. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    I've always found GMER to be really buggy.

    I don't know what formal method approach he uses in developing but for years now I've known gmer can fail and be easily crashed, - a lesson in assertion testing and fuzzing would also help.

    FYI - ark list at KernelMode.info

    A nice tool that shows promise and actively developed is the Tuluka Kernel Inspector ark. Tools from that list I would normally recommend for today's rootkits are RkU, Kernel Detective and RootRepeal. Mandiant Memoryze is a tool I like to use on that list also and VBA32 ark shows a lot.
     
  4. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    i guess this question has been raised over and over again
    here is a list like KM list
    http://www.ntinternals.org/anti_rootkits.php
    BTW, there is a cool tool by mandiant called "memoryze" ...i heard that can be used against rootkits
     
  5. CiX

    CiX Registered Member

    Joined:
    Feb 22, 2010
    Posts:
    404
    XueTr :thumb:
     
  6. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Signature and HitmanPro, Sophos AR and SpyDLL Remover.
     
  7. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    I use various tools like GMER, Tizer Anti-Rootkit, Hitman Pro and many more.. Though i have never got infected with Rootkit.
     
  8. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
    RootRepeal.
     
  9. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I have seen claims that Antivirus type Rescue CD's (i.e., AVIRA, Kaspersky, AVG, Panda, DrWeb, etc.) do a better job at detecting rootkits since Windows is not running when the scan is performed. Does anyone have feedback on Rescue CD performance at detecting and removing rootkits?

    Thanks in Advance.
     
  10. wat0114

    wat0114 Guest

    Nothing, because I consider it a waste of time and resources. A simple default deny approach in an lua environment is sufficient. It mystifies me why root kits and keyloggers in particular are viewed as some sort of black magic malware to be so feared that additional steps are seen by some as crucial in defending against them. I do use free MBAM on demand anti-malware to scan my downloads obtained from known, trusted sites, and if something about the installation of a downloaded were to seem suspicious, I would simply revert to a recent clean image.
     
  11. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    The likelihood of your exposure is probably next to nil and if anything bad happens as you said you'll re-image but many many people are duped daily especially with something like a strong pay per install campaign such as dogma with tdss bundled and its very well reported how poor antivirus was at detecting and removing it.
     
  12. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    EAM only :D :thumb:
     
  13. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Thank you to everyone for all the responses to this post! For me the most important thing is preventing rootkits, and detecting them. Its not that big a deal to remove them if you keep an up to date clean backup image on an external drive. Just knowing that an infection has occurred is all that is needed for those prepared for the worse. What you don't want is an infection to go undetected, and have your data exposed any longer than it has to be. Rolling back your system to an earlier time will always be the best option other than preventing them. Like much of use already know Prevention is better than the cure. So i'm looking for the best tools for detecting them, and not concerned so much for its ability to remove them though that is a plus.
     
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Do rootkits spread easy on a network? If they do then it could be a nightmare cleaning them from a network if the rootkit prevented the use of some rollback image software.
     
  15. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    thanks franklyn:thumb:
     
  17. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Thanks Franklin for list of Anti-Rootkis :)
     
  18. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i think this is the most sensible approach.

    i don't bother with rootkit detectors since none of them are 100% effective in detection.
    why bother?
     
  19. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,115
    Use NIS 2011 + Mamutu (If see something unusual, just block) and I also use W7 X64, so this helps me to prevent keylogger. :thumb:
     
  20. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    Avira set to scan for rootkits first, Hitman Pro, TDSS Killer, Malwarebytes and SUPERAntiSpyware. I have also used GMER before.
     
Loading...
Thread Status:
Not open for further replies.