A rootkit is a program that is designed to hide itself and other programs, data, and/or activity including viruses, backdoors, keyloggers and spyware on a computer system.
A Rootkit can keep itself, other files, registry keys and network connections hidden from detection and this is why they are so dangerous.
Rootkits are used to hide the existence of Spyware, Trojans, Keyloggers and other malware on computers. They are also commonly used by hackers to hide the backdoors they install on computers.
The rise in the use of Rootkits can be seen at the moment as more Spyware creators trying to hide their installation from the evolving Spyware scanners and virus writers trying to hide their existance.
Windows Anti-Rootkit Apps:
System Virginity Verifier
Rootkit Hook Analyzer
LavaSoft ARIES Rootkit Remover
Windows Rootkit Prevention Apps:
Defense Wall HIPS
AntiHook is a unique desktop-based Host Intrusion Prevention (HIP) product. AntiHook dynamically protects your privacy, operating system and applications from malicious software, such as Spyware, Rootkits, Keyloggers, Code Injection, and Trojans.
Exhaustive Real-time Protection
AntiHook is kernel mode protection that detects and prevents attacks in real-time. It can be trained to isolate malicious activity.
ARIES Rootkit Remover
The ARIES Rootkit Remover developed by Lavasoft provides the means to locate and permanently remove the Sony rootkit from the system and disable the rootkit's ability to run once more after reboot. This standalone tool is a reliable, trustworthy, and safe way of removing the rootkit–unlike Sony's own rootkit remover that has been known to cause blue screens.
This primarily protects consumers and ensures privacy. The tool is developed by Lavasoft in line with our common goals to steer computing environment towards better standards.
F-Secure BlackLight Rootkit Elimination Technology detects objects that are hidden from users and security tools and offers the user an option to remove them. The main purpose is to fight rootkits and all kinds of malware that use rootkits.
The F-Secure BlackLight Rootkit Elimination Technology works by examining the system at a deep level. This enables BlackLight to detect objects that are hidden from the user and security software.
F-Secure BlackLight can detect and eliminate active rootkits from the computer. Traditional antivirus scanners can't detect active rootkits.
On a normal system F-Secure BlackLight does not confront the user with a long list of suspected objects. This makes F-Secure BlackLight useful even for non-technical users.
F-Secure BlackLight Rootkit Elimination Technology can be used in the background during normal system operation. Other available scanners require a reboot during scan or may produce false positives if the system is used during scanning.
DefenseWall HIPS (Host Intrusion Prevention System) is the simplest and easiest way to protect yourself from malicious software (spyware, adware, keyloggers, rootkits, etc.) when you surf the Internet!
Using the next generation proactive protection technologies, sandboxing and virtualization, DefenseWall HIPS helps you achieve a maximum level of protection against malicious software, while not demanding any special knowledge or ongoing online signature updates.
GeSWall Personal Edition
GeSWall Personal Edition from Gentle Security who are based in Luxembourg have brought out a nice and FREE application that "dynamically isolates web browsers, e-mail, chat, P2P, IRC clients and other applications that may serve as entry points for malicious software or intrusions. Viruses, trojans, spyware and exploits cannot pass through an isolated application and so cannot cause any damage."
This application also protects the kernel which in turn stops rootkits from taking hold.
Gmer is a new hidden services, hidden registry, hidden file scanner and also other features.
It is a very nice piece of software and has a very nice user interface which makes it very easy for non technical people to use
GMER can detect….
hidden registry keys,
drivers hooking SSDT,
drivers hooking IDT,
drivers hooking IRP calls.
GMER also allows to monitor the following system functions:
HiddenFinder is a advanced security utility which instantly detects and kills the hidden processes and drivers. Hidden process and driver can be the result of sophisticated spyware, backdoor, rootkit and virus attack. HiddenFinder explorers the system in kernel level and shows all running processes and drivers including hidden. The termination of hidden process immediately stops the major portion of spyware, virus and Trojan attack.
HookExplorer is a small utility designed to scan a target process and identify any user land hooks that may be installed by unknown code.
Detects IAT and detours style hooks, and allows the user to define an 'ignore list' to help cut through results.
IceSword has a Windows Explorer-like interface but displays hidden processes and resources that Windows Explorer would never show. It isn't a "click-here-to-delete-rootkits" product but a sophisticated discovery tool that can protect against sinister rootkits if used before they infect a machine.
Neoava Guard using Malware Action Detection and Protection (MADP) technology helps you protect your computer against malicious softwares. Neoava Guard allows you to completely control any suspicious action in your computer.
The only things you should do is to help Neoava Guard identify useful applications in your computer, so there will be very little wrong alerts. Also you can disable/enable the filters and change the level of security the Neoava Guard.
By the way, Neoava is the first program that use this unique technique to control your computer against malicious software.
ProcessGuard is a powerful new cutting-edge program that greatly increases
the security of your computer by preventing processes from being able to attack
each other. It is considered by experts to be a must-have program for all users
of Windows, and is the only program available that can prevent the
infection of all known rootkit trojans.
Process Master is an advanced utility for hidden processes detection and killing. It successfully detects the presence of such famous rootkits as HackerDefender and Fu. Even if your favourite anti-virus or anti-spyware program can not detect hidden process, you have the chance to detect it manually using Process Master. It is a necessary tool for every advanced user.
Advanced viruses, spyware and rootkits work by changing API results. Process Master compares the API results with the results of advanced low-level system technics.
It is theoretically possible for viruses, spyware and rootkits to hide from Process Master. But Backfaces Team is continuously researching new methods of hidden processes detection
Rootkit Hook Analyzer
RootKit Hook Analyzer is a security tool which will check if there are any rootkits installed on your computer which hook the kernel system services. Kernel RootKit Hooks are installed modules which intercept the principal system services that all programs and the operating system rely on. If any of these system services are intercepted and modified it means that there is a possibility that the safety of your system is at risk and that spyware, viruses or malware are active.
RootkitRevealer is an advanced patent-pending root kit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at http://www.rootkit.com/, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys).
Zero-day exploits are traded online for financial reward. International cyber-gangs cruise the web, constantly on the lookout for software vulnerabilities to exploit. Actively seeking to make money by defrauding computer users, these gangs lurk behind the scenes on legitimate websites and use drive-by download techniques to deliver their poisonous payloads - without your knowledge or permission.
Software vulnerabilities are a fact of life. What's needed is a way to prevent the bad guys from exploiting the risk window — the time between discovery and patching of a vulnerability. This risk window is getting wider as the criminals get smarter — zero-day exploits can be in circulation within minutes of a vulnerability being announced, while software companies take an average of two months to distribute a fully-tested patch.
SocketShield stops exploits from getting on to computers during the risk window. Easy to use, it protects vulnerable systems against drive-by-downloads and other web-based zero-day exploits. Developed by the people behind PestPatrol and ZoneAlarm, SocketShield delivers the first truly effective protection against zero-day exploits
System Virginity Verifier
The idea behind SVV is to check important Windows System components, which are usually altered by various stealth malware, in order to ensure system integrity and to discovery potential system compromise.
is specially designed to detect and remove Rootkits.
The intruder installs a rootkit on a computer using a user action or by exploiting a known vulnerability or cracking a password. The rootkit installs a backdoor giving the hacker a full control of the computer. It hides their files, registry keys, and process names, and network connections from your eyes.
Your antivirus could not detect such programs because they use compression and encryption of its files. The sample software is Hacker Defender rootkit.
UnHackMe allows you to detect and remove Rootkits.
With Zeppoo you can detect if a rootkit is installed on your system. It also allows you to detect hidden tasks, modules, syscalls, some corrupted symbols and also hidden connections.
For that, Zeppoo uses mainly /dev/kmem to inspect directly the kernel memory and when it's possible /dev/mem.
Download: 42 Mb