Wednesday, October 18, 2006

Security: Rootkits Tools

There are several types of malware (viruses, Trojan horses, rootkits, etc.) that are in the wild on the Internet. Some types of malware will find and infect you if you're not running a firewall, others will disguise themselves in the form of an attachment. You can even get infected by visiting the wrong web site if your browser is vulnerable.


Rootkits are the type of malware that doesn't take no for an answer, they will try to exploit every trick they can to get administrator access to your computer. Then once they become an administrator they will deploy their payload.


Most anti-virus and anti-spyware scanners don't properly find rootkits, because they're generally very difficult to detect. Below are some anti-rootkit tools (some free, and others are fee based) that you can run to see if your system is infected by this type of malware.

  • Sysinternals: RootkitRevealer (free) - I have talked about this scanner before in a previous article. Although its still a good tool for detecting this type of malware, but it can't remove it.
  • F-Secure: BlackLight (free trial until 1/2007) - This application seeks out and tries to remove any rootkits it finds installed on your computer.
  • Sophos: Anti-Rootkit (free) - I have talked about this scanner before in a previous article. This application seeks out and tries to remove any rootkits it finds installed on your computer.

No comments: