Uncover Kernel Mode Trojans or Rootkits

Check for Rootkits with free detectors.

rootkits 2 A Rootkit (a Kernel Mode Trojan), is a malware program, or a combination of malware programs, designed to take low level control of a computer system. Often, they are Keyloggers as well.

Techniques used to hide rootkits include; concealing running processes from monitoring programs, and hiding files, or system data, from the operating system.

In other words, the rootkit files and processes will be hidden in Explorer, Task Manager, and other detection tools.

It’s easy to see then, that if a threat uses rootkit technology to hide, it is going to be very difficult to find.

Kudos to the major anti-malware companies though; many have come up with a free serviceable solution to rootkits. Enter the Rootkit detector which will provide you with the tool to find and delete rootkits, and to uncover the threats rootkits may be hiding.

Generally, rootkit detectors are capable of the following type of scans, although it is important to note that not all detectors scan, or handle rootkits, in precisely the same way.

  • hidden processes
  • hidden threads
  • hidden modules
  • hidden services
  • hidden files
  • hidden Alternate Data Streams
  • hidden registry keys
  • drivers hooking SSDT
  • drivers hooking IDT
  • drivers hooking IRP calls

Rootkits If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors.

Much like anti-spyware programs, no one program catches everything. To be safe, I use each of the rootkit detectors listed below on my machines.

The following are a number of free rootkit detectors available for download. To download any tool, just click on the highlighted name.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

5 Comments

Filed under Anti-Keyloggers, Anti-Malware Tools, Don't Get Hacked, Freeware, Geek Software and Tools, Malware Advisories, Manual Malware Removal, rootkits, Software, Spyware - Adware Protection, System Security, trojans, Viruses, Windows Tips and Tools, worms

5 responses to “Uncover Kernel Mode Trojans or Rootkits

  1. The kernel-level rootkit.. the nastiest of nasties.

    I would like to underscore, and re-emphasize your caution about “advanced users”, though you mention it in the IceSword paragraph, it can easily be applied (IMHO) to the other two as well.

    If you use these tools, the output (results) is (are) not “one-click simple” to decipher — there is no “fix now” or “clean selected” buttons, as we have become conditioned to expect.

    I’m not saying that people shouldn’t download and run these tools (and, hopefully, get clean results) but that they should be aware of concepts like “false positives”, “set a Restore Point”, and should watch some tutorials on YouTube.

    • Bill Mullins

      Paul,

      Yes, you’re quite right, the programs reviewed should be used by only
      advanced users. If a user is not capable of using and interpreting an
      application such as HiJackThis, it is unlikely that using any of the
      programs discussed in this article, would prove beneficial.

      Thank you for pointing this out.

  2. Pingback: Uncover Kernel Mode Trojans or Rootkits « Jerry620’s Blog

  3. Rootkits clearly the worst thing you can get on your machine. I know a few technicians that just shake their head and reformat, reinstall. I used to use AVG’s free rootkit tool as well F-Secure’s Blacklight. I’ll check out these new tools you mentioned, I have used the Sysinternals program and found it a little above my pay grade, so to speak.

    • Bill Mullins

      Hey Mark,

      Good to hear from you.

      Looking forward to any new articles you’d like to publish.

      Bill