Local Tech Repair: Rootkit Removal Tools By Wonky

Thursday, July 7, 2011

Rootkit Removal Tools By Wonky

When your computer gets a virus, that virus tries to spread, and eventually it will damage the host making it much easier to detect. A rootkit on the other hand is designed to hide certain elements such as files, processes, registry entries, or network connections, from the user and other programs thus making it very difficult to detect. This technology can be used for good as well as malicious purposes so it is important to be familiar with your computer to avoid deleting these legitimate objects. Within Windows rootkits are used to hide malware so that their execution goes unnoticed by your security applications. So imagine that a rootkit has been installed on your computer and that its purpose is to hide a virus, thus giving the malware time to complete its goal, steal your data, and damage your system all the while going undetected. Unfortunately, rootkits are extremely effective at this, which means that even though you may believe your PC to be totally clean, some of you could be infected right now.

Most of the anti-virus vendors have integrated anti-rootkit technology into their more recent products. However, this is not a fool proof solution against rootkits because just as the AV companies improve their products detection abilities, so the malware creators find new ways to avoid detection. So as security conscious users we must rely on third party tools to help us, and there are several free applications which specialize in the detection and removal of rootkits. Keep in mind that none of these products will detect every single problem, so it is always a good idea to keep more than one of them to hand.

here are a lot of anti-rootkit programs available, a lot of this software is very advanced and requires an experienced and technical minded user who is familiar with computers and operating systems. However, there are a couple of options that do not require much technical ability and are also very effective.

At the top of the list is Sophos Anti-Rootkit. The program has a small but easy to use interface with no options other than choosing where you want to scan. As it scans it opens up to a slightly larger interface where it lists the results of the scan and gives you information about each result as well as a recommendation for them. Additionally, a small help file is available that explains the program in a little more detail and gives directions on how to use the command line anti-rootkit tool which is also included. For all Windows users, Sophos offers an easy and very effective choice in rootkit removal, that is suitable even for beginners.

I have two top choices for all the experienced and technical users because I find it impossible to choose one over the other. GMER and RootRepeal are very popular applications, and they are definitely my favorites, but it takes someone pretty knowledgeable about computer systems to be able to interpret the results. You can find a lot of documentation on both programs but if you are the type of person who likes to click the scan button and simply wait for the results, you would be better served with either Sophos or F-Secure Blacklight.

F-Secure Blacklight Rootkit Eliminator is another great tool for rootkit removal. Unfortunately, support for it ended a couple of years ago or it might have been my top pick. However, you can still download it on the F-Secure web site and it is compatible with Windows Vista and XP.

Windows Vista and XP users should download a copy of this great program because even though it is not supported anymore, it is still one of the best rootkit removal applications available.

The next product that I looked at is one that I always keep in my toolkit. Dr. Web Cure It is not a standalone anti-rootkit tool like the other tools I recommended, rather it is a free malware scanner and removal tool that happens to be pretty effective at removing rootkits. It is always a good idea to have more than one tool capable of removal, so Dr. Web's freeware scanner is a great addition to anybody's arsenal because it removes more than just rootkits, and it does this very well.

Sometimes the only symptoms you will get from rootkits is an increase in network traffic, or a decrease in performance, and maybe an unknown process running. So with today's high bandwidth networks, and high performance computers it can be very hard to notice any signs. Prevention is always the best practice, but detection is just as important so make sure your AV has anti-rootkit capabilities, and make sure you have a good Firewall and HIPS combo. This and a combination of the tools I have mentioned are the best approach toward keeping your computer free of rootkits.

The free version of Prevx offers the same class leading real time detection of the full version, unfortunately it doesn't offer much more than this. Prevx Free is only capable of cleaning select infections, such as Adware, the ZEUS banking trojan, and MBR rootkits. When dealing with rootkits detection is definitely very important, so even if you can't clean all infections you might at least be alerted, enabling you to take further action and manually remove the rootkit or seek help in doing so. As hard as it is detect the newer, ever evolving rootkits and viruses, Prevx can be a very powerful and informative addition to your regular anti-virus software.

Additionally, Prevx Free can run customized scans from the context menu and also gives you the ability to schedule scans in the GUI to help assure that nothing has gotten by your normal security software. On my 320 GB hard drive a deep scan takes about three minutes on average. The free version also offers protection of stored cookies as well as protection for all of your saved credentials. There is also a browser protection component in the free version but it only offers custom protection on only one web site of your choice. It does however, give the full Prevx Safe Online protection, which includes anti-phishing, protection against hijacks, keyloggers, and cookie stealers for a number of popular websites such as PayPal, CleverBridge, or Amazon and of course the one website of your choice.

While the free version of Prevx can not clean a lot of rootkits, it can effectively warn you about new infections. Prevx is inherently built on their anti-rootkit technology, and has consistently been one of the first vendors to detect new rootkits. I believe that this application can play a very important role in keeping your computer clean of all infections, after all, you can't remove what you can not find.

Please note: Some of the free version component features in Prevx/SafeOnline are either restricted or disabled altogether. Users should read the vendor's description carefully for the version they are downloading before deciding if the program is suitable for their own needs.

Written by