[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 493
  • Last Modified:

Root Kit

How can you scan and locate root kits?

0
Jack_son_
Asked:
Jack_son_
  • 3
  • 3
  • 2
  • +2
7 Solutions
 
HellmarkCommented:
Microsoft has Rootkit Revealer, and Avast Antivirus also can detect rootkits. Both are free.
0
 
Neil RussellTechnical Development LeadCommented:
Be aware that there are root kits that VERY FEW AV packages find, they are getting cleverer by the day
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
I wrote an article about rootkits and the various software freely available to scan with.  Check it out here.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
younghvCommented:
That EE Article by tzucker has helped a lot of our members solve problems.

You should also take a look at:
TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
and
FixTDSS.exe from Symantec:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe

Malwarebtes and ComboFix are two of the most popular tools as described here:
Stop-the-Bleeding-First-Aid-for-Malware
0
 
Jack_son_Author Commented:
Great articles!  I did use Sophos earlier, it found a few things in the OS files, but cant tell whether they are legitimate or not.  How can I tell?  I will also try these other scanners perhaps they are better.
0
 
younghvCommented:
My personal favorite for evaluating individual files is here:
http://virusscan.jotti.org/en

Just 'browse' to the file on your system and let Jotti evaluate it.
0
 
Jack_son_Author Commented:
TDS killer did not find anything, will this find most root kits?  Also, how does someone get one on their laptop?
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Generally, a rootkit gets onto a machine by visiting a malware ridden website, clicking a suspect link in an email, or connecting an infected USB device to the computer when the computer has not been protected against USB vector virii.

In the first case, 1-don't visit suspect websites 2-use a link checker in your browser like Web Of Trust (WOT - mywot.com) or linkextender (FF) or just use Chrome (I use chrome and WOT).

In the second case, NEVER click links in emails.  I generally type the link into my browser to make sure it is going where it says it is going.  Alternately you can use a link checker (f-secure has an online one) to check if there is malware on the site before you visit it.  You just enter the URL and let the tester test it for you.

In the last case, you should be using something like USB-Set or USB firewall to inoculate and protect yourself from this possibility.

About TDSSKiller - it is aimed primarily at TDSS type rootkits.  It will find many others, but not necessarily all.
0
 
Jack_son_Author Commented:
Great, thanks.  So which tool do you think would be best to find a root kit that no anti-virus can find?  Is there any higher strength products that can get me this?
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Almost all of the rootkit tools are specifically designed to find rootkits that AV doesn't.  Your average AV solution and most endpoint solutions will not find aggressive rootkits. (or if they do they will not be able to get rid of them).  Rootkit Revealer is fairly strong and likely to find any rootkit.  On the other hand the F-Secure tool unless run in deep scan mode as a startup item will not find much.

I tried to designate which products were more llikely to find a rootkit and help you get rid of it in my article.  GMER is fairly powerful, but if this is the first time you are using it you may want to post the GMER log before taking action.
0
 
HellmarkCommented:
It should also be noted that Avast is based on GMER.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now