Which Rootkit Removal Tool do you use?

Discussion in 'polls' started by Brian_12, Nov 21, 2009.

?

Which Rootkit Removal Tool do you use?

  1. Panda Anti-Rootkit

    7 vote(s)
    8.3%
  2. TrendMicro RootkitBuster

    6 vote(s)
    7.1%
  3. GMER

    31 vote(s)
    36.9%
  4. F-Secure Blacklight

    7 vote(s)
    8.3%
  5. Sophos Anti-Rootkit

    12 vote(s)
    14.3%
  6. McAfee Rootkit Detective

    4 vote(s)
    4.8%
  7. SysProt AntiRootkit

    1 vote(s)
    1.2%
  8. UnHackMe

    3 vote(s)
    3.6%
  9. RootRepeal

    10 vote(s)
    11.9%
  10. Other

    38 vote(s)
    45.2%
Multiple votes are allowed.
  1. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,440
    Location:
    U.S.A.
    the Tester & geohac, you're both welcome! Take care.

    JR
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    LiveCD

    Enumerate Windows files then delete from outside Windows.


    Also the MS Strider page describes :
    UBCD4Win>Rootkitty is a tool that apparently automates this process.
     
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    gmer has a userland detector, catchme which can collect, delete and kill malicious files.

    BreakPE is a nice little tool.
     
  4. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    ESET SysInspector.

    32 & 64 bit.

    Having used many of those mentioned ... I'd say SysInspector is the most user friendly of the lot. Google is your best friend with these!

    Has a feature that can "exclude private, personal information from being saved in logs", though I am not entirely sure what and how it hides the info ... I am guessing file user names, etc. Quite handy if you're sending a system log to be analyzed by a stranger.

    http://www.eset.com/download/sysinspector.php
     
  5. ASpace

    ASpace Guest

    GMer , RootRepeal and Microsoft's Rootkit Revealer.

    On Windows 7 - GMers sometimes gives me BSOD , RootRepeal can't start at all and RootkitReleveal has problems displaying the messages.

    On Vista and XP - no problems .

    I am most pleased by GMer.
     
  6. progress

    progress Guest

    I noticed this behaviour too :(
     
  7. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    RootkitRevealer is not meant to be run on an OS above xp and 2003 (or on 64bit) it will not produce a coherent result - vista, 7 and 2008, and is also considered outdated.

    7 has not been out long and some tools need to be worked on because of the differing structure of the OS. Also remember the ark will have to be run elevated - r/click run as administrator.

    Some problems with RootRepeal maybe due to individual system incompatibility. If anyone has a problem try moving the slider in Options and uncheck 'Use lowest level for MBR check.'
     
  8. ASpace

    ASpace Guest

    It was a "big fun" for me the first time it happened because generally if this happens , it might be a sign of a rootkit . I didn't have time to see the name of the guilty file (the first blue screen I got) . Later I noticed it , checked it and ensured myself the system was clean :)
     
  9. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
  10. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    New XueTr v3.0, works on 2000 to 2008 including 7 and comes with extra help in dealing with malware, check out settings...
     

    Attached Files:

  11. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    NT Internals is putting a list together with the tools that deal with TDSS/TDL.

    TDL author/s have included some lines from Fight Club and Simpsons Movie into their rootkit:D see also here(tdl3_analysis_paper_ed.rar) They seem to be really busy with numerous builds...TDL4 soon?
     
    Last edited: Dec 2, 2009
  12. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
  13. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
  14. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,589
    Location:
    UK
    My vote for sophos AR never used frequently though.
     
  15. progress

    progress Guest

    It seems to be compatible with Win 7 but I got several 'FP' ... :rolleyes:
     
  16. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Only just noticed the update.

    Rootkit Unhooker LE 3.8.386.588 SR1

    I like the ease of this tool, the management the way it operates and appearance. Strong and always been stable for me.
     
  17. Saint Satin Stain

    Saint Satin Stain Registered Member

    Joined:
    Feb 16, 2004
    Posts:
    222
    Location:
    Huntsville, AL and Greenwich Village, NYC
    GMER and Sophos but also IceSword, Rootkit Unhooker, RootkitRevealer, RootRepeal, and SpyDLLRemover. They never find anything. My realtime apps are
    Online Armor
    Prevx
    Sandboxie.
     
  18. ameyap

    ameyap Registered Member

    Joined:
    Feb 16, 2010
    Posts:
    87
    luckily for me since i started using vista i never had to use a rootkit for removing anything
     
  19. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    ComboFix and GMer
     
  20. Brian_12

    Brian_12 Guest

    64bit?
     
  21. guest

    guest Guest

    I don't use any of these tools. My current AV, Microsoft Security Essentials, already includes anti-rootkit features.
     
  22. leofelix

    leofelix Registered Member

    Joined:
    Sep 6, 2009
    Posts:
    175
    Location:
    Italy
    I generally do not use rootkit scanners for myself since I use on different computers ESET NOd32, GData antivirus or Avira as antivirus and a MalwareBytes' AntiMalware, Moosoft The Cleaner and A-Squared as antimalware which have rootkit removal ability.
    Windows is always up to date and so Sun Java JRE, Adobe Reader and Flash Player and my main browser.
    I practice a safe surfing and I always download and install software only from trusted sources.

    However if I have to clean infected systems I generally trust Gmer, MBAM and Trend Micro RootkitBuster (Well, it depends on what kind of Rootkit I have to clean: the most difficult to remove are MBR rookit in my opinion)

    Do anyone ever heard of Tizer™ Rootkit Razor?
    It is free, only free registration is needed.

    I'd like to know your opinion if possible,

    Thank you
     

    Attached Files:

  23. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Razor is mentioned in this thread and although it cannot see some of the modern rootkits they are working on it.

    Hmmm MBR rootkit imo is one of the 'easiest' to remove.

    MBAM has some v.good people that keep on top of the latest infections. RootkitBuster is worked on by old Darkspy antirootkit author.
    Its been said before but there isn't a best ark only up to date ones, and I can mention a few :

    Rootkit Unhooker
    Kernel Detective
    Root Repeal

    List of arks.

    I really must stay away from my machine on holiday:D
     
  24. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Think about TDL rootkit as an example, of course talking about an active rootkit, avs are not removing it - although its gotta get on in the first place. These anti-rootkit features aren't antirootkit.
     
  25. leofelix

    leofelix Registered Member

    Joined:
    Sep 6, 2009
    Posts:
    175
    Location:
    Italy
    Thank you Meriadoc...

    MBR Rootkit the easiest to remove?:)
    I'm pretty sure your help would greatly appreciated in several italian security forums I know, since it seems that you cannot get rid of a MBR rootkit simply formatting your HD (both high level and low level format) and there are some (Italian) users who are driving crazy:D
    Someone solved with zero-filling techique as far as I know.

    Generally I first try with Stealth MBR rootkit/Mebroot/Sinowal detector by Gmer and other similar tools.
    Well I'm not a security expert nor an hardware technician, I'm only interested in security stuffs, so I cannot tell more

    thank you again I'm going to have a look at the thread you linked

    Cheers

    [EDIT to add]

    I have just read your reply

    OMG, once again thank you (for the link provided too)
     
    Last edited: Feb 26, 2010
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.