A rootkit is a malware program, or a combination of malware programs, designed to take low level control of a computer system. Often, they are Trojans or Keyloggers as well.
Techniques used to hide rootkits include, concealing running processes from monitoring programs, and hiding files or system data from the operating system. In other words, the rootkit’ files and processes will be hidden in Explorer, Task Manager, and other detection tools.
It’s easy to see then, that if a threat uses rootkit technology to hide, it is going to be very difficult to find.
All power to the major anti-malware companies though; many have come up with a free serviceable solution to rootkits. Enter the Rootkit detector which will give you the tool to find and delete rootkits, and to uncover the threat rootkits may be hiding.
Generally, rootkit detectors are capable of the following type of scans, although it is important to note that not all scan, or handle rootkits, in precisely the same way.
· hidden processes
· hidden threads
· hidden modules
· hidden services
· hidden files
· hidden Alternate Data Streams
· hidden registry keys
· drivers hooking SSDT
· drivers hooking IDT
· drivers hooking IRP calls
If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything. To be safe, I use each of the rootkit detectors listed below on my machines.
The following are a number of free rootkit detectors available for download.
The AVG Anti-rootkit download is a tiny 414kb, and it installs quickly. Its straightforward, no-frills interface allows a regular search and an in-depth search.
Download here: www.free.grisoft.com
Microsoft Rootkit Revealer
Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.
Download here: www.download.com
IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.
Download here: www.majorgeeks.com
This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.
Download here: www.gmer.net/files.php
2 responses to “Rootkits – Kernel Mode Trojans – Are You Protected?”
Pingback: Los “rootkits”, el malware silente « Prisma Digital
Pingback: Spyware » Rootkits - Kernel Mode Trojans – Are You Protected?