Category Archives: rootkits

14 Free Tools To Help You Hunt Down And Destroy Tough Malware

imageChoosing and using the right tool, which has been designed specifically for the job at hand, is obviously a levelheaded approach. Still, I’ll wager that you can conjure up more than one occasion when you’ve encountered the “one tool for all purposes” mindset – the so-called “Birmingham Screwdriver” effect (sorry Michael   Smile) – “If it doesn’t work – hit it. If it still doesn’t work, use a bigger hammer.”

The Birmingham Screwdriver approach, taken by many AV solutions, may not always be the most appropriate approach to eradicating a tough malware problem – a specially designed application which targets specific classes of malware may be a better solution.

The following tools have been specifically designed to help skilled users better identify malware infections and then, eradicate those specific infections. These tools require advanced computer knowledge – unless you feel confident in your diagnostic skills, you should avoid them.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

Emsisoft HiJackFree

The program operates as a detailed system analysis tool that can help you in the detection and removal of Hijackers, Spyware, Adware, Trojans, Worms, and other malware. It doesn’t offer live protection but instead, it examines your system, determines if it’s been infected, and then allows you to wipe out the malware.

Runscanner

If you’re a malware hunter, and you’re in the market for a free system utility which will scan your system for running programs, autostart locations, drivers, services and hijack points, then Runscanner should make your shortlist. The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

HijackThis

HijackThis is a free utility which heuristically scans your computer to find settings that may have been changed by homepage hijackers, spyware, other malware, or even unwanted programs. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

The program doesn’t target specific programs, but instead it analyses registry and file settings, and then targets the methods used by cyber-crooks. After you scan your computer, HijackThis creates a report, and a log file (if you choose to do so), with the results of the scan.

RKill

RKill is a program developed at BleepingComputer.com – “It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.”

Emsisoft BlitzBlank

BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, Registry entries and drivers at boot time before Windows and all other programs are loaded.

McAfee Labs Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

Specialty Removal Tools From BitDefender

Eight special removal tools including Conficker Removal Tool

Microsoft Malicious Software Removal Tool

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

NoVirusThanks

NoVirusThanks Malware Remover is an application designed to detect and remove specific malware, Trojans, worms and other malicious threats that can damage your computer. It can also detect and remove rogue security software, spyware and adware. This program is not an Antivirus and does not protect you in real time, but it can help you to detect and remove Trojans, spywares and rogue security software installed in your computer.

Norton Power Eraser

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Rootkit Tools:

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

Tizer Rootkit Razor

Tizer Rootkit Razor, will allow you to identify and remove Rootkits from your computer. I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

17 Comments

Filed under 64 Bit Software, Anti-Malware Tools, downloads, Freeware, Geek Software and Tools, rootkits, Software, Windows Tips and Tools

With Kaspersky’s Free TDSSKiller You’ll Have A Fighting Chance To Kill Rootkits

imageThere’s malware, and then – there’s MALWARE. In other words, all malware is not created equal. For example, Rootkits are not your common everyday piece of malware.

Rootkits are often designed to overwrite the Hard Drive’s MBR (master boot record), the first sector – Sector 0 – where the code to boot the operating system following BIOS loading, resides.

As a consequence, Rootkit files and processes will be hidden in Explorer, Task Manager, and other detection tools. It’s easy to see then, that if a threat uses Rootkit technology to hide, it is going to be difficult to find.

And yes, I’m aware that major AV application developers are fond of pointing out that their products will flag and remove Rootkits. Users are expected to believe those claims – DON”T!

From a previous article (June 2011) –

Microsoft is telling Windows users that they’ll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine’s boot sector. A new variant of a Trojan Microsoft calls “Popureb” digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration.

Scanning for Rootkits occasionally, is good practice and by scanning with the right tools, Rootkits can be hunted down and eradicated (maybe) – but  personally, I would never trust that any detection/removal application has successful removed a Rootkit.

If you have detected that your system has become infected by a Rootkit, I recommend that you first wipe the drive –  using a free tool such as Darik’s Boot And Nuke, reformat, and only then – reinstall the operating system.

Rootkit detectors can be difficult to work with and consequently, my good buddy Michael C., following the last post on Rootkit detection – Got A Rootkit Infection? – Find Out With These Four Free Rootkit Detectors – posed the following question: “Just wondering if there is a rootkit detector for us “average users” that doesn’t require a MIT degree.”

And, there is.

Kaspersky Labs has developed the free TDSSKiller utility which is designed to detect and remove common Rootkits. Specifically, Rootkits in the Rootkit.Win32.TDSS family (TDSS, Sinowal, Whistler, Phanta, Trup, Stoned) – in addition to regular Rootkits (now, there’s a misnomer), as well as Bootkits.

Usage instructions:

Download the TDSSKiller.zip archive and extract it into a folder on the infected (or possibly infected) computer with an archiver (free 7-Zip, for example).

Run the TDSSKiller.exe file.

The utility can detect the following suspicious objects:

Hidden service – a registry key that is hidden from standard listing.

Blocked service – a registry key that cannot be opened by standard means.

Hidden file – a file on the disk that is hidden from standard listing.

Blocked file – a file on the disk that cannot be opened by standard means.

Forged file – when read by standard means, the original content is returned instead of the actual one.

BackBoot.gen – a suspected MBR infection with an unknown bootkit.

The interface (as shown below) is clean and simple. Click on any of the following graphics to expand.

image

A scan in progress.

image

The completed scan shows the system is clean and free of Rootkit infections. You’ll note that the scan finished in 10 seconds.

image

Following the scan, you will have access to a full report – if you choose.

image

System requirements: Win 7, Vista, XP (both 32 and 64 bit systems).

Download at: Kaspersky

Since the false positive issue is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

If you need help in identifying a suspicious file/s, you can send the file/s to VirusTotal.com so that the suspicious file/s can be analyzed.

To read a blow by blow description of just how difficult it can be to identify and remove a Rootkit, you can checkout this Malwarebytes malware removal forum posting.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

13 Comments

Filed under 64 Bit Software, Anti-Malware Tools, downloads, Free Anti-malware Software, Freeware, Kaspersky, Malware Removal, Malwarebytes’ Anti-Malware, Recommended Web Sites, Rootkit Revealers, rootkits, Software, System Security, Utilities, Windows Tips and Tools

Norman Malware Cleaner –Another Free Tool To Remove Tough Malware

Just like the 14 free specialty malware removal tools I wrote on earlier this year, Norman Malware Cleaner has been designed to identify tough malware infections, including specific malware, and then help you eradicate those infections.

Since this particular application is a stand alone executable, it does not require installation (perfect for a Flash Drive). Since scanning with the most recent definition database is a must, you will need to download a new version of the application on a per use basis.

On execution, you will be presented with the following end user agreement. This may be the shortest end user agreement I’ve ever seen.

image

Despite the fact that this is a powerful application, setting the options is fairly straightforward.

image

For the first test, I ran a simple Quick scan as illustrated in the following two screen captures.

image

image

This scan completed in less than four minutes, and indicated that no infections were present.

image

I then changed two critical group policies which duplicated common malware attacks – no access to the Task Manager, and restricted access to Windows Explorer (show hidden files).

As you can see in the following screen shot, Norman Malware Cleaner had no difficulty picking up on, and cleaning, these registry changes on a scan rerun.

image

A scan results log file is saved to the desktop, as illustrated.

image

Fast facts:

Detect and Remove malware (viruses, Rootkit’s, FakeAV, worms and more)

Utilize advanced Anti-Rootkit technology

Quarantine module

Scanning and cleaning including Norman patented Norman SandBox technology

Supports Quick- Normal- Full- Custom Scan mode

Command line function for better tailor scanning across several machines (businesses)

Daily signature updates available

Systems requirements: Windows 2000, XP, 2003, Vista, 2008 and Win 7.

Download at: Norman

Registration is required.

Note: This application is for use when you are dealing with a machine you know is infected. It is not a replacement for a real-time AV.

As with most tools in this class, advanced computer knowledge is required. Unless you feel confident in your diagnostic skills, you would be better off avoiding this application.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under Anti-Malware Tools, downloads, flash drive, Free Anti-malware Software, Freeware, Geek Software and Tools, Malware Removal, Portable Applications, Rogue Software Removal Tips, rootkits, Software, USB, Windows Tips and Tools, worms

Got A Rootkit Infection? – Find Out With These Four Free Rootkit Detectors

Earlier this week, in my Daily Net News column, I posted the following –

Microsoft is telling Windows users that they’ll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine’s boot sector. A new variant of a Trojan Microsoft calls “Popureb” digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration.

That’s truly scary stuff – rootkits are not your common everyday piece of malware. As a reminder to regular readers that rootkits can be hunted down and eradicated, I’m reposting an edited version of an article first published in December of last year.

imageRootkits use any number of techniques to hide, including concealing running processes from monitoring programs, and hiding files, and system data, from the operating system.

In other words, the rootkit files and processes will be hidden in Explorer, Task Manager, and other detection tools. It’s easy to see then, that if a threat uses rootkit technology to hide, it is going to be difficult to find.

So, scanning for Rootkits occasionally, is good practice, and if you have the necessary skills to interpret the results of a Rootkit scan, Tizer Rootkit Razor, appears to be a good choice to help you do this. I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

Since the false positive issue, is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

Here’s a reasonable test to determine if you have the skills necessary to use this application effectively. If you’re not capable of using, and interpreting, an application such as HiJackThis for example, it is unlikely that using this program would prove to be beneficial. On the other hand, if you can interpret the results of a  HiJackThis scan, you’re probably “good to go”.

The user interface is dead simply – functional and efficient, as the following screens from my test system indicate. BTW, no Rootkits were found during this test. Or, after scanning with the additional tools listed below.

Tizer 1

Tizer 3

Tizer 4

Fast facts:

Main Screen: This page displays information related to your operating system and memory usage.

Smart Scan: This feature automatically scans all the critical areas in the system and displays hidden objects, making things easier for the user.

NOTE: The user is provided with a feature to fix the hidden object (if any).

Process Scan: This module scans processes currently running on the machine. A process entry will be highlighted in red if it is a hidden rootkit. The user can click on an individual process to display any hidden modules loaded by the process.

NOTE: The user is provided with the option to terminate processes and delete modules.

Registry Scan: This module scan is for hidden registry objects.

Smart Scan: A smart scan will scan the critical areas of the registry.

Custom View: This module provides a virtual registry editor view, hence enables the user to navigate through the registry and check for hidden keys or values. (Hidden keys/values will be highlighted)

Kernel Module Scan: This module scans for loaded drivers in the memory. A module entry will be highlighted in red if it is hidden.

NOTE: The user is provided with a feature to unload and delete a driver module from memory.

Services Scan: This module scans all installed services on the local machine. A particular service entry will be highlighted if it is hidden.

NOTE: The user is provided with start, stop, pause, and resume features. They may also change the startup type of service.

SPI Scan: This module lists all the LSPs installed in the system. This is read only information.

NOTE: The user can check for any unauthorized LSP installed.

SSDT Scan: This module scans for any altered value in the System Service Descriptor Table (SSDT). The process of alteration is termed as “Hooking.”

NOTE: The user can restore the altered value to its original value.

Ports Scan: This module will scan all open TCP and UDP ports. A particular port entry will be highlighted if it is hidden.

NOTE: The user is provided with the option to terminate the connection.

Thread Scan: This module will enumerate all running processes. The user can click on a particular process to view and scan all threads running in context of that process. Any hidden threads will be highlighted in red.

NOTE: The user is provided with the option to terminate a thread.

File/Object Scan: This module will scan for any hidden files in the system. The user selects a location on the computer to scan.

Click here to read about Tizer Rootkit Razor’s features, in comparison with other anti-rootkit applications.

System requirements: Windows XP, Vista, Win 7

Download at: Tizer Secure

Note: registration required.

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything. To be safe, I occasionally use each of the rootkit detectors listed below, on my machines.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under Anti-Malware Tools, Cyber Crime, Cyber Criminals, downloads, Free Anti-malware Software, Freeware, Geek Software and Tools, Malware Removal, Rootkit Revealers, rootkits, Software, Utilities, Windows Tips and Tools

Emsisoft Mamutu – Free (Save $30) Until Sunday, May 1, 11:59 PM PDT

Regular reader, and my good Aussie friend, John W., has just given me a heads up on a pretty cool offering from Emsisoft. Emsisoft is noted for developing some of the better antimalware applications, so you might want to consider giving  Mamutu a try.

This application appears, in many respects, to run along the same lines of ThreatFire – an antimalware application I recommend as a formative part of a layered security approach. See – ThreatFire Version 4.7.0 – Free Protection Against Zero Day Malware, on this site.

From the developer:

Today, we bring you this special offer on Emsisoft Mamutu. From now until Sunday, we are giving away a free copy of Mamutu. Not only does it monitor all active programs for dangerous behavior, but it also blocks malicious activities in real time.

Its Behavior Blocking and Zero-Day-Attacks technology recognizes new and unknown Trojans, backdoors, keyloggers, worms, viruses, spyware, adware, and rootkits without the need of daily signature updates, protecting you long before the signature databases have been updated.

So, where does this funny-sounding name come from? The word Mamutu is composed of two words: “Malware” and “Mutu,” which comes from the Maori language. It means “stop,” so we were told that the developers of Mamutu wanted to describe exactly what the program does: terminate all types of Malware.

In summary, here is a quick rundown of Emsisoft Mamutu’s features:

  • It monitors all active programs for dangerous behavior real-time
  • Recognizes new and unknown Trojans, worms, and viruses
  • Protects your PC without weighing down its resources, so it does not slow you down

This free offer is good until Sunday, May 1, 11:59 p.m. PDT, so grab your free copy while you can and give it a try.

Note: registration required.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Anti-Keyloggers, Anti-Malware Tools, Don't Get Hacked, downloads, Giveaways, Malware Protection, rootkits, System Security, Windows Tips and Tools

Free Rootkit Revealers – Tizer Rootkit Razor, Plus Three More

imageRootkits use any number of techniques to hide, including concealing running processes from monitoring programs, and hiding files, and system data, from the operating system.

In other words, the rootkit files and processes will be hidden in Explorer, Task Manager, and other detection tools. It’s easy to see then, that if a threat uses rootkit technology to hide, it is going to be difficult to find.

So, scanning for Rootkits occasionally, is good practice, and if you have the necessary skills to interpret the results of a Rootkit scan, Tizer Rootkit Razor, appears to be a good choice to help you do this. I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

Since the false positive issue, is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

Here’s a reasonable test to determine if you have the skills necessary to use this application effectively. If you’re not capable of using, and interpreting, an application such as HiJackThis for example, it is unlikely that using this program would prove to be beneficial. On the other hand, if you can interpret the results of a  HiJackThis scan, you’re probably “good to go”.

The user interface is dead simply – functional and efficient, as the following screens from my test system indicate. BTW, no Rootkits were found during this test. Or, after scanning with the additional tools listed below.

Tizer 1

Tizer 3

Tizer 4

Fast facts:

Main Screen: This page displays information related to your operating system and memory usage.

Smart Scan: This feature automatically scans all the critical areas in the system and displays hidden objects, making things easier for the user.

NOTE: The user is provided with a feature to fix the hidden object (if any).

Process Scan: This module scans processes currently running on the machine. A process entry will be highlighted in red if it is a hidden rootkit. The user can click on an individual process to display any hidden modules loaded by the process.

NOTE: The user is provided with the option to terminate processes and delete modules.

Registry Scan: This module scan is for hidden registry objects.

Smart Scan: A smart scan will scan the critical areas of the registry.

Custom View: This module provides a virtual registry editor view, hence enables the user to navigate through the registry and check for hidden keys or values. (Hidden keys/values will be highlighted)

Kernel Module Scan: This module scans for loaded drivers in the memory. A module entry will be highlighted in red if it is hidden.

NOTE: The user is provided with a feature to unload and delete a driver module from memory.

Services Scan: This module scans all installed services on the local machine. A particular service entry will be highlighted if it is hidden.

NOTE: The user is provided with start, stop, pause, and resume features. They may also change the startup type of service.

SPI Scan: This module lists all the LSPs installed in the system. This is read only information.

NOTE: The user can check for any unauthorized LSP installed.

SSDT Scan: This module scans for any altered value in the System Service Descriptor Table (SSDT). The process of alteration is termed as “Hooking.”

NOTE: The user can restore the altered value to its original value.

Ports Scan: This module will scan all open TCP and UDP ports. A particular port entry will be highlighted if it is hidden.

NOTE: The user is provided with the option to terminate the connection.

Thread Scan: This module will enumerate all running processes. The user can click on a particular process to view and scan all threads running in context of that process. Any hidden threads will be highlighted in red.

NOTE: The user is provided with the option to terminate a thread.

File/Object Scan: This module will scan for any hidden files in the system. The user selects a location on the computer to scan.

Click here to read about Tizer Rootkit Razor’s features, in comparison with other anti-rootkit applications.

System requirements: Windows XP, Vista, Win 7

Download at: Tizer Secure

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything. To be safe, I occasionally use each of the rootkit detectors listed below, on my machines.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Anti-Malware Tools, Don't Get Hacked, downloads, Free Security Programs, Freeware, Geek Software and Tools, Malware Removal, Rootkit Revealers, rootkits, Software, System Security, Utilities, Windows Tips and Tools

Specialty Malware Removal Tools For Killing Tough Malware

imageLooking at recent estimates provided by a large number of Internet security providers, the consensus seems to be that there are over 20,000,000 malware programs currently circulating on the Internet. So, if you should become infected by malware, it might not be any consolation – but, rest assured; it can happen to any one of us. We are, after all, facing overwhelming odds.

Much of today’s malware can be extremely difficult to identify and remove –despite a user relying on frontline antimalware applications to do the job. If you’re struggling with the reality of this statement, take a look at “Testing of antiviruses for the treatment of active infections” from Anti-malware Test Lab.

The following tools have been specifically designed to help users better identify malware infections, and then eradicate those specific infections. These tools require advanced computer knowledge, and unless you feel confident in your diagnostic skills, you should avoid them.

Here’s a reasonable test to determine if you have the skills necessary to use these application effectively. If you’re not capable of using, and interpreting, an application such as HiJackThis for example, it is unlikely that using these applications will prove to be beneficial. On the other hand, if you can interpret the results of a  HiJackThis scan, you’re probably “good to go”.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

A-squared HiJackFree

The program operates as a detailed system analysis tool that can help you in the detection and removal of Hijackers, Spyware, Adware, Trojans, Worms, and other malware. It doesn’t offer live protection but instead, it examines your system, determines if it’s been infected, and then allows you to wipe out the malware.

Runscanner

If you’re a malware hunter, and you’re in the market for a free system utility which will scan your system for running programs, autostart locations, drivers, services and hijack points, then Runscanner should make your shortlist. The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

HijackThis

HijackThis is a free utility which heuristically scans your computer to find settings that may have been changed by homepage hijackers, spyware, other malware, or even unwanted programs. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

The program doesn’t target specific programs, but instead it analyses registry and file settings, and then targets the methods used by cyber-crooks. After you scan your computer, HijackThis creates a report, and a log file (if you choose to do so), with the results of the scan.

RKill

RKill is a program developed at BleepingComputer.com – “It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.”

Emsisoft BlitzBlank

BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, Registry entries and drivers at boot time before Windows and all other programs are loaded.

McAfee Labs Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

Specialty Removal Tools From BitDefender

Eight special removal tools including Conficker Removal Tool

Microsoft Malicious Software Removal Tool

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

NoVirusThanks

NoVirusThanks Malware Remover is an application designed to detect and remove specific malware, trojans, worms and other malicious threats that can damage your computer. It can also detect and remove rogue security software, spyware and adware. This program is not an Antivirus and does not protect you in real time, but it can help you to detect and remove trojans, spywares and rogue security software installed in your computer.

Norton Power Eraser

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Rootkit Tools:

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

Tizer Rootkit Razor

Tizer Rootkit Razor, will allow you to identify and remove Rootkits from your computer. I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

Since the false positive issue, is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under Anti-Malware Tools, Computer Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Malware Removal, Manual Malware Removal, Microsoft, Rogue Software Removal Tips, Rootkit Revealers, rootkits, scareware, Scareware Removal Tips, Software, Windows Tips and Tools