Monday, November 2, 2009

Rootkit detectors

I work at a cancer center as the IT guy.  One of the things I run into regularly is infected computers.  Many times these infections are NOT minor, so I've collected a slew of tools to deal with them.  One type of infection is the Rootkit.  I have a bunch of FREE tools I use to clean these.  These are portable tools, so that you don't have install anything on the computer in question.

A rootkit is a program or programs designed to make it so the user does not relize the system is infected in some way.  Rootkits are tenacious, they tend to install themselves in system files and rewrite themselves into other files when they are attempted to be cleaned by normal methods.  There are many methods by which infection occurs and that is another blog.  Because of the way a rootkit works it makes it very difficult to get rid of.

F-Secure CorporationImage via Wikipedia

F-Secure has an excellent program called Blacklight.  It is very easy to use, just accept the caveats and click scan.

Sophos also makes a great application.  Their anti-rootkit program does require you to supply some basic information before downloading here, but it is worth it.  The sophos software is relatively easy to use just choose the type of scan and click scan.

Panda anti rootkit, Run Pavark.exe.  Accept the first screen, check deep scan, click scan, this will schedule a scan the next time your system restarts (you can restart right away or later).

Spybot Search & Destroy 1.6.2,  has a rootkit section.  Note that you must choose "advanced" from the mode menu, then choose rootkit scan.

Gmer is a more complicated application.  It is extremely good, but is aimed at the information Technology professional or at least someone more conversant with computers.  The GUI (Graphical User Interface) is not as easy to use as the other programs.

With anti-rootkits you should run at least 3 before feeling safe.  Some of these applications will identify false positives - things that seem like rootkits but are not - so be careful.  After running your anti-rootkit programs, if you found something, be sure to run an antivirus /malware application with up to date virus definition file to be sure to get rid of any vestiges that were left behind.
Reblog this post [with Zemanta]

No comments:

Post a Comment