What are Rootkits?
Rootkits orginated on UNIX platform computers but have evolved and invaded Windows computers in the last few years. The term rootkit comes from the fact that the program would gain administrative priviledges (root access) on the UNIX system and then hide all traces of the program so it could work behind the scenes without being detected.
On Windows systems, rootkits are being used by spyware, adware, viruses, trojans, and other malware to hide the system processes are work undetected. Slow running computers, unwanted popup ads, redirection of websites and search can all be signs of a rootkit. However it takes special software to detect them. Since rootkits are designed to hide from users they also hide from most antivirus and antispyware software. This is why many of the antivirus makers and other companies have produced special rootkit removal tools in the last few years.
The general rule of thumb is if you are still having misc. issues including blue screens, system slowdowns, and other problems and none of your virus and spyware tools have detected a problem, you might have a rootkit.
Many of those electronic greeting card spams that you may have seen in the last few months have contained rootkits. The spam needing you to download "Microsoft Data Access" to view the electronic card contained a rootkit, and without special software to analyze the computer the rootkit stayed undetected. Sony had a terrible public relations fiasco with rootkits awhile back as well, and is still under scrutiny because of their MicroVault USM-F software used for fingerprint-reading flash drives.
So if you think you have been infected with a rootkit or simply want to scan your system for one use the list below to read about and download a rootkit removal tool.
Specialized Rootkit Removers
Lavasoft ARIES Rootkit Remover>>
CODE
http://download.lavasoft.com/utils/AriesRemoverInst.zip
Removes the rootkit used by Sony BMG to hide their digital rights management (DRM) software
Prevx Gromozon Rootkit Remover>>
CODE
http://aknow.prevx.com/zeroL/6285251.exe
The Gromozon Rootkit would install LinkOptimizer adware and occasionally the rogue antispyware program called Brave Sentry. It was named after the first known site that distributed the threat
Well-Known RootKit Removal Tools
DiamondCS ProcessGuard (free and paid versions)
A great tool that prevents system processes from attacking each other. It also can prevent the installation and infection of many rootkits
DarkSpy
From a Chinese computer security group. A favorite awhile back, although was difficult to track down for this article.
GMER
A great tool for finding rootkits
Helios from Miel e-Security
An Information Security firm based in India is responsible for this great rootkit remover.
IceSword
Another Chinese security site (translated with Altavista's Babelfish). An old school favorite for rootkit removal.
Microsoft SysInternals RootKit Revealer 1.71
SysInternals rootkit revealer that shows Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. A definite tool for every computer tech's toolbox.
Resplendence Software - RootKit Hook Analyzer
Security tool to check for kernel hooks in the operating system
RKDetector v. 2.0 (Beta)
Security analyzer and rootkit removal
UnHackMe by Greatis Software
One of the most user-friendly rootkit removal tools on the planet. Although you have to purchase it, its a fantastic tool
Rootkit Removal Tools by Major Antivirus Vendors
in alphabetical order
AVG Anti-Rootkit
From Grisoft, maker of AVG Antivirus, a free rootkit removal tool that shows alot of promise
BitDefender Antirootkit (beta)
Although I can't find a link from the BitDefender site, here is a direct link to the beta download of their antirootkit
F-Secure Blacklight
From the maker of F-Secure, one of the original and most used rootkit removal tools. Now integrated into their security suite.
McAfee's Rootkit Detective
One of the newest rootkit removal tools available by a trusted antivirus vendor Mcafee.
Microsoft Malicious Software Removal Tool
Definitely does not search for everything, but its better than nothing
Panda Software Anti-Rootkit
Although I couldnt find a link from the Panda Software website to this rootkit, there is a download available from Download.com. It has a great scan for rootkits.
Sophos Anti-Rootkit version 1.3.1
Standalone free rootkit removal tool
TrendMicro Rootkit Buster
From the maker of PC-Cillin and the online scanner Housecall
As with all antivirus, spyware, and other malware removal software, personal preference will dictate which of the above rootkit removal tools you may want to use. I wanted to include current links for all the rootkit removal tools I knew about. However, if you know of a rootkit removal tool I dont have listed, please email the name, URL, and other information about the tool to
CODE
pchell@gmail.com.
Recovery from a Rootkit Invasion
The problem with rootkits is the fact that they can take over a computer and download and install other software. One rootkit removal tool might find one rootkit while another might find something totally different. Its always a good idea to use multiple rootkit removal tools to inspect your computer, just as its a good idea to use multiple antivirus scanners to scan for problems. In many cases, the rootkit can be identified and removed, however on occasion the damage may be too great, or the private information residing on the computer may have been compromised too much. In these cases, you may have to resort to completely reformatting and reinstalling the operating system. Although this recommendation should be used as a last resort, it still remains a possibility when dealing with silent but deadly rootkits.
No comments:
Post a Comment