What is rootkit
Rootkits are used to hide the presence of a malicious object like Trojans, or Keyloggers on your computer. If a threat uses rootkit technology to hide, it is very hard to find.
Rootkit detectors give you the power to find and delete the rootkit, and to uncover the threat the rootkit is hiding.
If a virus with rootkit functionality makes its way onto your computer, its files and processes will be hidden in Explorer, the Task Manager, and other tools.
Generally, rootkit detectors are capable of the following type of scans, although not all scan or handle rootkits in precisely the same way.
· hidden processes
· hidden threads
· hidden modules
· hidden services
· hidden files
· hidden Alternate Data Streams
· hidden registry keys
· drivers hooking SSDT
· drivers hooking IDT
· drivers hooking IRP calls
· inline hooks
The following are a number of free rootkit detectors available for download.
If you think you might have hidden malware on your system, it’s prudent to run multiple rootkit detectors. Much like anti-spyware, no one program catches everything. Some antivirus software attempt to detect rootkits; others don’t. To be safe, I use each of the rootkit detectors listed below on my machines.
The AVG Anti-rootkit download is a tiny 414kb, and it installes quickly. Its straightforward, no-frills interface allows a regular search and an in-depth search. A standard scan took 12 minutes, while the in-depth search took just over an hour. Neither scan turned up any rootkits.
Download here: free.grisoft.com/doc/download-free-anti-rootkit/us/frt/0
Microsoft Rootkit Revealer
Microsoft Rootkit Revealer is an advanced root kit detection utility. It’s output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender.
Download here: www.download.com/RootkitRevealer/3000-2248_4-10543917.html
IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program.
Because of the great amount of information presented in the application, please note that IceSword was designed for more advanced users.
Download here: www.majorgeeks.com/Icesword_d5199.html
This freeware tool is essentially a combination of Sysinternals’s Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.
Download here: www.gmer.net/files.php