A list of Windows rootkit detection and removal tools

Question

A list of rootkit detection and/or removal tools from publicly trusted sources:

Name, Vendor, Latest release

RootkitRevealer, Sysinternals, November 1 2006

Rootkit Unhooker, ep_x0ff (now working at Microsoft according to Rootkit.com), December 2007

F-Secure Blacklight, F-Secure, Unknown

GMER, GMER, March 2009

Microsoft Malicious Software Removal Tool, Microsoft, April 2009

IceSword, Unknown, September 2005

Please add any trusted tools that you know of to the list.

score 3 · Answer 1 · answered May 08 '09 at 15:53

RootkitRevealer

RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys).

score 2 · Answer 2 · answered May 08 '09 at 22:17

2

F-secure blacklight (free, Windows)

answered May 08 '09 at 22:17

nedm

5,710

score 1 · Answer 3 · answered May 08 '09 at 07:59

1

GMER, GMER, March 2009

One of the most complete and updated scanner/fixer, I found that it could find the most rootkits, and has a steady stream of updates.

answered May 08 '09 at 07:59

Davy Landman

183

score 1 · Answer 4 · answered May 09 '09 at 20:08

I have had occasional success using the Ultimate Boot CD for Windows so that I can run an "offline" scan of the infected system. The Achilles Heel of most well-known root kit scanners is that the root kits know about them as well. See: http://www.microsoft.com/emea/itsshowtime/sessionh.aspx?videoid=359

score 0 · Answer 5 · answered May 30 '09 at 06:37

"ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode." -- www.threatexpert.com/default.aspx

"Our free software, Sophos Anti-Rootkit scans, detects and removes any rootkit that is hidden on your computer using advanced rootkit detection technology." -- www.sophos.com/products/free-tools/sophos-anti-rootkit.html

"SuperAntiSpyware. Detect and Remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products and many other types of threats." -- www.superantispyware.com/

('sorry, new users aren't allowed to add hyperlinks'. Can someone edit this and activate the links please)

score 0 · Answer 6 · answered May 08 '09 at 07:05

0

Rootkit Unhooker, ep_x0ff (now working at Microsoft), December 2007

answered May 08 '09 at 07:05

Mihai Limbăşan

3,091

score 0 · Answer 7 · answered May 08 '09 at 20:42

0

I like Prevx

answered May 08 '09 at 20:42

Carlos Lima

495

score 0 · Answer 8 · answered May 08 '09 at 22:01

0

For Linux:
chkrootkit, Pangeia Informatica (BSD Open Source) 12/17/2007
rkhunter, Rootkit.nl (GPL Open Source project) 12/31/2008

answered May 08 '09 at 22:01

gharper

5,535

A list of Windows rootkit detection and removal tools

8 Answers8

Linked