• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

6 Rootkit Detector Programs reviewed & compared: INTERESTING READ!

A

Alec§taar

New Member
Joined
May 15, 2006
Messages
4,677 (0.67/day)
Location
Someone who's going to find NewTekie1 and teach hi
System Specs
Processor DualCore AMD Athlon 64x2 4800+ (o/c 2801mhz STABLE (Ketxxx, POGE, Tatty One, ME))
Motherboard ASUS A8N-SLI Premium (PCIe x16, x4, x1)
Cooling PhaseChange Coolermaster CM754/939 (fan/heatsink), Thermalright heatspreaders + fan built on (RAM)
Memory 512mb PC-3200 DDR400 (set DDR-33 for o/c) by Corsair (matched pair, 2x256mb) 200.1/200mhz
Video Card(s) BFG GeForce 7900 GTX OC 512mb GDDR3 ram (o/c manually to 686 core/865 memory) - PhaseChange cooled
Storage Dual "Raptor X" 16mb 10krpm/RAID 0 Promise EX8350 x4 PCIe 128mb & Intel IO chip/CENATEK RocketDrive
Display(s) SONY 19" Trinitron MultiScan 400ps 1600x1200 75hz refresh 32-bit color
Case Antec Super-LanBoy (aluminum baby-tower w/ lower front & upper rear cooling exhaust fans)
Audio Device(s) RealTek AC97 onboard mobo stereo sound (Altec Lansing ACS-45 speakers - 10 yrs. still running!)
Power Supply Antec 500w ATX 2.0 "SmartPower" powersupply
Software Windows Server 2003 SP #1 fully patched, & massively tuned/tweaked to-the-max (plus latest drivers)
Last edited by a moderator:
Nice find, I'll look through it. I already use Sophos Rootkit scanner and Rootkit Revealer, but if any are better I'll take a look.
 
Here, I keep this list of them around:

Sophos AntiRootkit
BitDefender AntiRootkit
FSecure Blacklight
McAfee AntiRootkit
Rootkit Buster
Rootkit Revealer
Rootkit Unhooker
GMER
Rootkit Hook Analyzer

:)

* Some more of them that are NOT in the list tested above are in that list... they are 'bolded' for your references...

APK
 
Rootkit buster found about seven things it couldn't delete, either nice job Trend Micro (sarcastic) or I need to format Windows.
 
zekrahminator said:
Rootkit buster found about seven things it couldn't delete, either nice job Trend Micro (sarcastic) or I need to format Windows.
Click to expand...

Most of the things I used to find with rootkit revealer were nothing... the Vista Beta would create hidden files on my main drive, things like Daemon tools and Alcohol 120% create suspicious files to stay hidden. I'm going to do my scans tomorrow and see what I find.
 
How interesting, I have sptd.sys detected as possible rootkit activity. Google dismisses it as a part of Daemon tools....when I've never installed it. I heard that it's also a part of Alcohol 120, which I DID use once. I want to just remove it, BUT it's in the Windows drivers folder, and if it's not a part of Daemon tools or a rootkit, it's required for Windows startup...ugh.

Suggestions?
 
I booted into safemode and got rid of it myself, the two rootkit detectors I'm using detect nothing hooked by sptd.sys. It passed itself off as a SCSI driver in the drivers folder, chances are it was :). But whatever, I'm not taking the chance of having a rootkit, and can't remember the last time I used a SCSI device anyways.
 
I know how you feel - my PC sometimes has a problem booting if Daemon tools has an image mounted, and I could only boot into safemode. The only way to solve it was to get rid of sptd.sys and remove all traces of alcohol 120 and daemon tools. That wasn't fun, uninstallers don't work properly from safemode. :(
 
zekrahminator said:
How interesting, I have sptd.sys detected as possible rootkit activity. Google dismisses it as a part of Daemon tools....when I've never installed it. I heard that it's also a part of Alcohol 120, which I DID use once. I want to just remove it, BUT it's in the Windows drivers folder, and if it's not a part of Daemon tools or a rootkit, it's required for Windows startup...ugh.

Suggestions?
Click to expand...

Yes...

Run Devmgmt.msc, & use its VIEW menu, Show Hidden devices submenu, & this will put a NEW item onto the device tree named "Non Plug and Play Devices"...

From there, USUALLY, you can disable various drivers that 3rd party tools might install, that you WON'T SEE in the device manager tree items listings.

APK

P.S.=> It ought to do the job, fairly easily, w/ 3rd party drivers that various programs install, & even for AntiRootkit tools (like GMER) that use specialized filtering drivers to do their job (but, just be SURE you don't cut off any needed ones while you're in there)... apk
 
Rootkits cab be nasty little buggers. I ran the Rootkitbuster one and found several hooks(all zone alarms[vsdatant.sys]) and also found several picture in two different formats .jpeg and .bmp .. These were pics that were unable to be viewed or even seen by an advanced search, however RootkitBuster found these files pretty fast , I did delete the images ..lol , pretty good find >>RootkitBuster=FREE fully functional download(legal):toast:

Well I'm off to test some more of these:) ......Please any one who has never used one of these kind of apps "ALWAYS RESEARCH WHAT YOU DELETE BEFORE YOU DELETE THEM!!"

DO NOT DELETE THE FILES FOUND WITH THESE APPS UNTIL YOU HAVE RESEARCHED WHAT YOU ARE DELETING!!!!!
 
DRDNA said:
DO NOT DELETE THE FILES FOUND WITH THESE APPS UNTIL YOU HAVE RESEARCHED WHAT YOU ARE DELETING!!!!!
Click to expand...

Well, most of them find quite a few entries, but I've narrowed down all of them to being either AVG anti-spyware, Daemon Tools/Alcohol or reminants from when I had Vista on this system. Nothing needing deleting here :D

Plus, I had no viruses and no adware, which is nice. Then again, I never have it anymore. :)
 
Rootkit unkooker always starts with a parasite warning, within itself, and the after a scan it detects nothing.



But after running a VM chaeck sometimes I get 117 or 134 then it drops to 14 or so.



I checked with VMware, and it shows that there is nothing running.


The only real worrysome thing was four files on my Vista installation in my temp folder that were only to be opened by another process. But I deleted them and there we no problems.
 
You must log in or register to reply here.
Back
Top