PDA

View Full Version : Good Rootkit detectors ??



1101
23-06-2011, 11:40 AM
Hi there.
Are any of the Rootkit detectors of much use, as an extra scanner (still use the usual AV & spyware scanners)
From what Ive read (very briefly) rootkits need to be scanned for via another PC or a Live Boot CD because of the way they hide themselves from detection when Win is running.

I'm testing out a few rootkit detectors, but they dont/can't tell you if the rootkit/detection is malware or legit: some rootkits are legit, (see what you've started SonyMusic :illogical )
Others like Kasperskies excellent Tdsskiller on scan for one specific rootkit only.


Cheers

kjaada
23-06-2011, 12:50 PM
you do not need one if you just go to trusted sites:
BUT if you go to suspect places then BEWARE even the "best"detectors could be suspect.
And what is the use of "detecting" the horse after it has bolted.

pctek
23-06-2011, 01:06 PM
I use one every now and then. Just in case...........

1101
23-06-2011, 01:52 PM
you do not need one if you just go to trusted sites:
BUT if you go to suspect places then BEWARE even the "best"detectors could be suspect.
And what is the use of "detecting" the horse after it has bolted.

most .. unhelpful .. arrogant .. reply .. ever .. ??

Speedy Gonzales
23-06-2011, 01:58 PM
If you have a rootkit, it may crash the system (then you'll know you have one). Thats where TDSSkiller comes in handy. Gmer and trojan remover can also remove rootkits. I think most of them know what and what isnt a rootkit

Even tho Sony's rootkit maybe legit, most programs probably class it as a rootkit. So they'll remove it, whether its legit or not

sarel
23-06-2011, 03:17 PM
Should one run a program like TDSKiller say once a month, just to be sure?

sarel

zqwerty
23-06-2011, 06:38 PM
http://www.gmer.net/

Speedy Gonzales
23-06-2011, 06:41 PM
Should one run a program like TDSKiller say once a month, just to be sure?

sarel

Unless your system crashes for no reason at all no. Dont think so

Agent_24
25-06-2011, 12:52 PM
I think most rootkits are detected by most antivirus programs (at least, if they're not running!) so a bootable live CD of an antivirus is a good place to start.

Bitdefender Rescue CD for example is a pretty good one

Agent_24
25-06-2011, 02:38 PM
This may also be useful:
http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/blacklight/

chumscrubber
27-06-2011, 02:18 PM
also nice one: http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx

and its free