Lists of freeware antirootkit

From CastleCopsWiki

Jump to: navigation, search
Caution The article below is currently in beta and has not been reviewed for factual errors.


Contents

[edit] Lists of freeware antirootkit

Currently (2006-2007), rootkits are the number 1 threat on most people's horizons. Surprisingly, most of the current offerings that specifically target rootkits are freeware or open source. This list includes mainly generic anti-rootkit tools that are capable of detecting unknown rootkits rather than detecting only specific rootkits using only signature methods. All antiviruses and antispyware can detect rootkits by signature (before the rootkit has infected the system), and many have incorporated the tools on this page (see standalone scanners by conventional antivirus companies) so they have a shot at detecting even rootkits that have started and infected the system.


Screenshots
Selection of Anti-rootkits snapshots:
(Click to enlarge)
Avast! AntiRootkit
Avast! AntiRootkit
AVG Anti-Rootkit Free
AVG Anti-Rootkit Free
Avira AntiRootkit
Avira AntiRootkit
DarkSpy
DarkSpy
F-Secure BlackLight
F-Secure BlackLight
GMER
GMER
IceSword
IceSword
McAfee Rootkit Detective Beta
McAfee Rootkit Detective Beta
Panda Anti-Rootkit
Panda Anti-Rootkit
RootkitRevealer
RootkitRevealer
Rootkit Buster
Rootkit Buster
Rootkit Unhooker
Rootkit Unhooker
Sophos Anti-Rootkit
Sophos Anti-Rootkit
UnHackMe
UnHackMe



[edit] Memory resident antirootkit

  1. Image:Vista.png AVZGuard - http://www.z-oleg.com/avz4.zip
  2. Helios - http://helios.miel-labs.com/ Helios Lite does not require installation
  3. Image:Vista.png GMER - http://www.gmer.net/files.php Image:Recommended.png
  4. See also Lists of freeware behavior blockers


These are antirootkits that claim to have a resident shield component. Not very common, and unlikely to be very different from HIPS

[edit] On demand antirootkit scanners

Note that, on demand anti-rootkits vary in terms of options for removal. Some will only show hidden files/drivers/processes/registry keys but will not remove them (e.g. RootkitRevealer). Others will show hidden files/drivers/processes/registry keys but will offer only remove known rootkits (this refers to mostly tools from antivirus companies), yet others will offer to remove everything or unhook everything (many advanced open source/free tools where users are expected to be expert).


[edit] Standalone scanners by conventional AV companies

  1. Image:Vista.pngavast! antirootkit tool (beta) - http://files.avast.com/files/beta/aswar.exe Image:new.gif
  2. AVG Anti-Rootkit Free - http://www.softpedia.com/get/Antivirus/AVG-Anti-Rootkit.shtml
  3. Avira AntiRootkit Tool - http://www.free-av.com/en/tools/4/avira_antirootkit_tool.html (now part of Avira AntiVir PersonalEdition Classic (nagware) as well)
  4. BitDefender Rootkit Uncover - http://www.majorgeeks.com/download.php?det=5157 (now part of BitDefender Free Edition 10 as well)
  5. Image:Vista.png F-Secure BlackLight - http://www.f-secure.com/security_center/ align=center
  6. McAfee Rootkit Detective - http://www.majorgeeks.com/download5447.html
  7. Panda Anti-Rootkit - http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx Image:Recommended.png
  8. RegRun Reanimator - http://www.greatis.com/security/download.htm
  9. RootAlyzer - http://forums.spybot.info/showthread.php?t=24185 Image:new.gif
  10. Rootkit Buster (Trend Micro) - http://www.trendmicro.com/download/rbuster.asp
  11. Sophos Anti-Rootkit - http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
  12. ThreatFire - http://www.threatfire.com/


Most of these stand alone anti-rootkit released by AV companies are relatively new (BlackLight is the oldest). Many will eventually be incorporated into future products to extend anti-rootkit abilities. Avira AntiRootkit Tool is already built into Avira AntiVir PersonalEdition Classic and similarly for BitDefender Rootkit Uncover in BitDefender 10 Free Edition. Because they have being slower to the game compared to independent developers (see next section), many are less effective but this is changing as they catch up. RootAlyzer is a new (March 08) plugin for Spybot - Search & Destroy, though it's unclear how good it is.

avast! antirootkit tool based on GMER is the latest entry.


ThreatFire is a behavior blocker that includes the option of a manual rootkit scan. RegRun Reanimator offers boot-time scans that can detect user-mode rootkits. It also has a database of known safe and dangerous applications.

[edit] Relatively well known and popular antirootkits

  1. DarkSpy - http://www.fyyre.net/~cardmagic/index_en.html align=center
  2. Image:Vista.png GMER - http://www.gmer.net/files.php Mirrorsite - http://www.majorgeeks.com/GMER_d5198.html align=center
  3. Image:Vista.png IceSword - http://www.antirootkit.com/software/IceSword.htm and IceSword 1.2 for Vista align=center
  4. RootkitRevealer - http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx align=center
  5. Image:Vista.png Rootkit Unhooker - align=center -> pulled by author on Nov. 3, 2007. alternative download
  6. System Virginity Verifier - http://invisiblethings.org/tools.html


These are rootkit scanners released by independent (none-AV) developers. RootkitRevealer was the original anti-rootkit that sparked off the recent arms race in this area. IceSword and DarkSpy (both from China) are excellent but development has slowed. GMER is probably the only current cutting edge tool that is still being actively developed. Rootkit Unhooker is as of end 2007 still a top tool, but the creators have gone to work for Microsoft, and development has stopped.


Note: While some of the anti-rootkit tools above are by well known developers (RootkitRevealer and System Virginity Verifier come to mind), others are by developers who have chosen to remain anonymous, so there might be some suspicion. The tools listed in this section are well known and have received much scrutiny so they are unlikely to be malicious. Be wary of downloading any new anti-rootkit tool or claimed new version from unknown sources though.

[edit] Others

  1. Archon Scanner (beta) - http://www.antirootkit.com/software/Archon-Scanner.htm
  2. Avzguard - http://www.z-oleg.com/secur/avz/download.php (second download on the right avz4en.zip is English)
  3. BreakPE - http://seconfig.sytes.net/breakpe
  4. Catchme - http://zert.castlecops.com/gmer/catchme.php Image:Recommended.png
  5. DeepMonitor - http://orkblutt.free.fr/deepmonitor-ff.php Image:new.gif
  6. Helios - http://helios.miel-labs.com/
  7. Hookexplorer - http://labs.idefense.com/files/labs/releases/previews/HookExplorer/
  8. OSAM: Autorun Manager - http://www.online-solutions.ru/en/osam_autorun_manager.php
  9. Processwalker - http://rku.xell.ru/?l=e&a=dl
  10. RAIDE - http://www.rootkit.com/newsread.php?newsid=544
  11. RegReveal - http://www.geocities.jp/kiskzo/regreveal.html
  12. RKDetector v2.0 - http://www.rkdetector.com/
  13. Rootkitdetect (beta)- http://www.rootkit.com/vault/uty/NIAPAntiRootkitTools.rar Image:new.gif
  14. Rootquest - http://comsentry.com/?page=rootquest Image:new.gif
  15. Rustbfix - http://www.uploads.ejvindh.net/rustbfix.exe
  16. rootchk - http://www.uploads.ejvindh.net/rootchk.exe Image:Recommended.png
  17. Rootkit Hook Analyzer - http://www.resplendence.com/hookanalyzer/
  18. SafetyCheck - http://yyuyao.googlepages.com/home (untested)
  19. Seems System Eyes & Ears Monitor - http://3psilon.info/-Seem-System-Eyes-and-Ears.html
  20. SysProt AntiRootkit - http://antirootkit.com/software/SysProt-AntiRootkit.htm
  21. Image:Vista.png UnHackMe (betaware and nagware) - http://greatis.com/unhackme/faq.htm


Rootchk (and Catchme) is sometimes used on HJT help forums. Most of the others are lesser known and/or in beta. As of Jan 08, the latest antirootkit to be released is Rootkitdetect

[edit] Others (mostly outdated)

  1. Detectproc - http://www.kd-team.com/
  2. Flister (outdated) - http://invisiblethings.org/tools.html
  3. modGREPER - http://invisiblethings.org/tools.html
  4. Klister - http://invisiblethings.org/tools.html
  5. Patchfinder II (outdated) - http://www.rootkit.com/project.php?id=15
  6. Vice (outdated)- http://www.rootkit.com/project.php?id=20
  7. See also Lists of freeware behavior blockers,Lists of freeware antivirus, Lists of freeware antispyware and Lists of freeware antitrojan that might detect rootkits using signatures etc.


Many of the tools listed here are probably out of date. Some are newer but in a beta or even alpha state or are simply unpopular.

[edit] Linux

  1. chkrootkit - http://www.chkrootkit.org/
  2. OS X Rootkit Hunter - http://mac.softpedia.com/get/Security/OS-X-Rootkit-Hunter.shtml
  3. Rkscan - http://www.hsc.fr/ressources/outils/rkscan/index.html.en
  4. Rootkit Hunter - http://www.rootkit.nl/projects/rootkit_hunter.html
  5. Rootkit Profiler LX - http://www.trapkit.de/research/rkprofiler/rkplx/rkplx.html
  6. Rootkitty - http://www.ubcd4win.com/forum/index.php?s=b2064cb601a4694c6a7f4abe10422d54&showtopic=2424
  7. Unhide - http://www.security-projects.com/?Unhide:Download
  8. Zeppoo - http://sourceforge.net/projects/zeppoo

[edit] Macintosh OS X

  1. OS X Rootkit Hunter - http://www.christian-hornung.de/

[edit] Information links

This article is part of the Lists of Freeware Security Software: Malware Control series.

Freeware Anti-Viruses | Freeware Anti-Spyware | Freeware Anti-Trojans | Freeware Anti-Keyloggers | Freeware Anti-Rootkits | Freeware Firewalls | Freeware Behavior blockers | Freeware Sandboxes | Freeware Virtualization | Freeware Security analysis tools | Freeware Hardening tools | Freeware Blocklists | Freeware security services (excluding virus scanners) | Freeware Anti-Phishing | Freeware URL scanners | freeware security suites | List of unclassified tools

Related : Lists of online scanners

While reasonable attempts have been made to avoid the listing of any malicious or ineffective software, an entry listed here should not be taken as a mark of approval from CastleCops. The selection of freeware (see definition) here is more inclusive, to provide more experienced users scope for experimentation and not just the usual half dozen or so freeware security software that are often mentioned. While there are many gems in the list, some are in beta and unstable or require fair amounts of skill to use. Less experienced users should probably refer to Roll your own Free Security Suite for a shorter list of popular and safer freeware.
edit this template
Retrieved from "http://wiki.castlecops.com/Lists_of_freeware_antirootkit"
Personal tools