source : http://www.techsupportalert.com
Updated 6th February, 2007
Rootkits are a special kind of software tool used to hide trojans, viruses and other malware from your anti-virus scanner and other security products. Unfortunately, they are extremely effective which means that some of you reading this will be infected even though you believe your PC to be totally clean. Thankfully there is a new class of security product now available called rootkit detectors that use specialized techniques to detect these dangerous intruders.
Most of these detectors require quite a bit of technical skill to interpret the results but one of the simplest to use is also amongst the most effective. It's called BlackLight [1] and is currently available as a free beta from F-Secure. The beta will expire on the 1st of April, 2007 but you can use it freely up to then. I suggest everyone download this product and scan their PC. The chances of you being infected are small but for five minutes work it's not worth taking the risk.
BlackLight will detect most rootkits missed by AV scanners but is can't provide perfect detection; no rootkit detector can. That's why its' advisable to use more than product.
If you are an experienced user you should check out SysInternals RootkitRevealer [2]. It uses a totally different different technique to BlackLight so by using both products together you'll be getting excellent overall detection. RootkitRevealer is however, harder to use than BlackLight and is a bit prone to false positives so take care before deleting detected items. If in doubt, consult the SysInternals RootkitRevealer forum. [3]
Another useful rootkit detector for experienced users is GMER [4] though please read the documentation carefully before using. I like this product a lot but it's not for everyone. So if you are the type that simply likes to press the "scan" button then stick with BlackLight ;>)
Currently the biggest guns in the rootkit detection war are two free Chinese products called IceSword [5] and DarkSpy [6]. They are not really detectors like the other products rather they offer a set of tools that can help reveal the presence of a rootkit. These tools include a special process viewer, startup manager and port enumerator that are not fooled by rootkits. It's left to the user though, to interpret the results. In the hands of an skilled user, these are amazing tools but not much use to beginners. The Chinese download sites are slow so I've given local download links [5], [6].
The reality is that at the present time, full protection against rootkits may require the use of multiple products. For details see my article on rootkits [7].
[1] http://www.f-secure.com/blacklight/ Free beta, Windows 2000 and later, 808KB
[2] http://www.sysinternals.com/Utilities/RootkitRevealer.html Freeware, All Windows versions, 210KB
[3] http://www.sysinternals.com/Forum/default.asp
[4] http://www.gmer.net/ Freeware, Windows NT and later, 450KB
[5] http://majorgeeks.com/Icesword_d5199.html Freeware, Windows XP and later, 1.9MB
[6] http://www.softpedia.com/get/Antivirus/DarkSpy-Anti-Rootkit.shtml Windows 2000 and later, 626KB
[7] http://www.techsupportalert.com/rootkits.htm <= How to deal with the threat of rootkits
Comments