A rootkit is a malware program, or a combination of malware programs, designed to take low level control of a computer. In other words, system operations that are generally outside the control of the user. Frequently, they are Trojans or Keyloggers as well.
Techniques used to hide rootkits include concealing running processes from monitoring programs, and hiding files or system data from the operating system. In other words, the rootkit’ files and processes will be hidden in Explorer, Task Manager, and other detection tools.
It’s easy to see then, that if a malware threat uses rootkit technology to hide, it is going to be very difficult to find.
A number of major anti-malware companies though have developed free functional solutions to rootkits. Enter the Rootkit detector which will provide you with the tools to find and delete rootkits, and to help you uncover additional threats rootkits may be hiding.
Generally, rootkit detectors are capable of the following type of scans, although it is important to note that not all scan, or handle rootkits, in precisely the same way.
· hidden processes
· hidden threads
· hidden modules
· hidden services
· hidden files
· hidden Alternate Data Streams
· hidden registry keys
· drivers hooking SSDT
· drivers hooking IDT
· drivers hooking IRP calls
If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything. To be safe, I use each of the free rootkit detectors listed below on my machines.
Microsoft Rootkit Revealer
Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.
Download here: www.download.com
IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.
Download here: www.majorgeeks.com
This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.
Download here: www.gmer.net/files.php