Read this article in Spanish (Español)Introduction
A lot of anti-rootkit programs are available but most of them are very advanced and require an experienced and technical minded user who is familiar with computers and operating systems. However, there are a couple of options that do not require much technical ability and are also very effective.
Below are several programs that we have rated and could recommend with the best of these as good as any commercial product in this category.
Rated Products
Platforms/Download: Windows (Desktop) |
Version reviewed: n/a
Gizmos Freeware
| Our Rating: 5/5 |
|
Read more...
Platforms/Download: Windows (Desktop) |
Version reviewed: n/a
Gizmos Freeware
| Our Rating: 4/5 |
Read more...
Platforms/Download: Windows (Desktop) |
Version reviewed: n/a
Gizmos Freeware
| Our Rating: 4/5 |
Read more...
Platforms/Download: Windows (Desktop) |
Version reviewed: n/a
Gizmos Freeware
| Our Rating: 3/5 |
Read more...
Other Rootkit Scanners and Removers
Sophos Anti-Rootkit has a small but easy to use interface with no options other than choosing where you want to scan. As it scans it opens up to a slightly larger interface where it lists the results of the scan and gives you information about each result as well as a recommendation for them. Additionally, a small help file is available that explains the program in a little more detail and gives directions on how to use the command line anti-rootkit tool which is also included. This would be a great tool if it was kept up-to-date but in my testing it failed to find or remove any of the modern threats I tested.
F-Secure Blacklight is another great tool for rootkit removal. Unfortunately, support for it ended a couple of years ago. However, you can still download it on the F-Secure web site and it is compatible with Windows Vista and XP.
Still works well for older rootkits but gives "Incompatible" error if ran on Windows 7. Blacklight is also unable to detect most modern rootkits and therefore, I recommend one of the other tools for now.
Related Products and Links
You might want to check out these articles too:
- Best Free Antivirus Software
- Best Free Adware/Spyware/Scumware Remover
- Best Free Trojan Scanner/Trojan Remover
- Best Free Firewall
- Best Free Intrusion Prevention and Detection Utility for Home Use (HIPS)
- Best Internet Safety Freeware
- Best Free Process Viewer
- Safe Computing in Under an Hour
Editor
This software category is in need of an editor. If you would like to give something back to the freeware community by taking it over, check out this page for more details. You can then contact us from that page or by clicking here.
Back to the top of the article
We are looking for people with skills or interest in the following areas:
Comments
Kaspersky TDSSKiller has moved (Your links go to: 404)
http://support.kaspersky.com/viruses/disinfection/5350
Sophos Anti-Rootkit is not available at the link provided.
Right, but I believe they are different products. Sophos Virus Removal Tool seems to be a more general purpose tool (and a much larger download), and I don't know if its anti-rootkit technology is comparable to that of Sophos Anti-Rootkit. Sophos Anti-Rootkit is available at http://www.majorgeeks.com/files/details/sophos_anti_rootkit.html.
TDSSKiller is now at version 3.0.0.44 (2015.01.21) - http://usa.kaspersky.com/downloads/TDSSKiller or http://www.bleepingcomputer.com/download/tdsskiller/ .
Malwarebytes Anti-Rootkit is now at version 1.09.1.1004 Beta (2015.02.09) - https://www.malwarebytes.org/antirootkit/ .
my understanding is that avast's uses the gmer engine. since it clearly identifies the detections with no user interpretation, i prefer it. plus, you can download the avast antivirus signatures with it to use as a demand scanner.
TDSSKiller has been updated to v3.0.0.14 (2013.10.15)
Malwarebytes Anti-Rootkit has been updated to v1.07.0.1007-Beta (2013.10.07).
1) How can we know if some process is downloading something in the background silently ?
2)How to Identify which Process is downloading something in the background ?
3) How to track at what locations what files are being downloaded (other than the one which we choose to download at a particular location or the ones that we can usually see in the download managers etc.)
4) We can use the software like OpenedFilesView(http://www.nirsoft.net/utils/opened_files_view.html) which can give us an insight of which files are actively locked and being changed with the size, but one needs to be an expert to track what is happening.
So is there any software which can give us a realtime view of which process is downloading what thing from which site and downloading it to what location? (I feel Firewall does not give indepth information). This can help us find the Trojan/rootkit activities or the malicious softwares updating itself in the background or adding up space on our harddisk silently in the background without our notice.
Any Expert input on this will be highly appreciated.
Thanks in Advance :)
Dr.Web CureIt! 8 on-demand virus scanner has been released - http://www.freedrweb.com/cureit/?lng=en . A favorable review by Martin Brinkmann at Ghacks.net can be found at http://www.ghacks.net/2013/04/06/dr-web-cureit-8-on-demand-virus-scanner... .
TechRepublic have published an article many will find worthwhile, "Rootkit coders beware: Malwarebytes is in hot pursuit" (2013.03.18) -- http://www.techrepublic.com/blog/security/rootkit-coders-beware-malwareb... .
Though Malwarebytes Anti-Rootkit is still in beta, an updated version has been released -- http://www.malwarebytes.org/products/mbar/ .
Malwarebytes have released the first beta version of their dedicated stand-alone anti-rootkit application, Malwarebytes Anti-Rootkit (MBAR) -- http://www.malwarebytes.org/products/mbar/. They have a detailed discussion at http://blog.malwarebytes.org/news/2012/11/meet-malwarebytes-anti-rootkit/ .
Ghacks.net also have a brief discussion -- http://www.ghacks.net/2012/11/11/malwarebytes-anti-rootkit-beta-is-out/?....