Rootkits are a special kind of software tool used to hide trojans, viruses and other malware from your anti virus scanner and other security products. Unfortunately, they are extremely effective, which means that some of you who are reading this will be infected, even though you believe your PC to be totally clean. Thankfully, there is a new class of security product now available, called "rootkit detectors", that use specialized techniques to detect these dangerous intruders.
Most of these detectors require quite a bit of technical skill to interpret the results, but two of the simplest to use are also amongst the most effective. The first is called Panda Anti Rootkit. It's my top recommendation for average users because it's not only good at detecting rootkits, but it's also quite effective at removing them. As a bonus, it's small and doesn't require installation, although you do have to register at the Panda website before you can download it. I suggest that all of you download this product and scan your PCs. The chances of you being infected are small, but for five minutes work it's well worth eliminating the risk.
Panda Anti Rootkit will detect most rootkits missed by AV scanners, but it can't provide perfect detection; no rootkit detector can. That's why I suggest you use more than one.
Recommended products:
If you are an experienced user, you should check out Sysinternals RootkitRevealer. It uses a totally different technique than Panda Anti Rootkit and BlackLight, and by using all three products together you'll be getting excellent overall detection. RootkitRevealer is more complex to use than BlackLight, and is a bit prone to false positives, so take care before you delete detected items.
For experienced users, my top recommendation is GMER, although you will need to read the documentation carefully before using this one. I like this product a lot but it's not for everyone. So if you are the type that simply likes to press the "scan" button, then stick with Panda Anti Rootkit ;>)
Currently, two of the biggest guns in the rootkit detection war are the free Chinese products IceSword and DarkSpy. They are not really detectors like the other products, Rather, they offer a set of tools that can help reveal the presence of a rootkit. These tools include a special process viewer, startup manager and port enumerator that are not fooled by rootkits. It's left to the user, though, to interpret the results. In the hands of a skilled user, these are powerful tools, but are not of much use to beginners. The Chinese download sites are slow, so I've given local download links [4], [5].
The reality is that at the present time, full protection against rootkits may require the use of multiple products, and complete removal may require a system rebuild. For more details, see my introductory article on rootkits [6].
Product Specifications:
Panda Anti Rootkit
Website: http://www.pandasecurity.com/homeusers/downloads/docs/product/help/rkc/en/rkc_en.htm
Download link: http://www.download.com/Panda-Anti-Rootkit/3000-8022_4-10717196.html
Author: Panda Software
Date: 04/28/2008
Version:1.08
Download File size: 304KB
License: Freeware
Operating systems supported: Windows 2000 - XP2
64 Bit Capable: no
Portable version available: no
Other languages supported: no
Additional Software Required: no
RootkitRevealer
Website: http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx
Author: Bryce Cogswell and Mark Russinovich
Date: 04/28/2008
Version:1.71
Download File size:231KB
License: Freeware
Operating systems supported: All Windows versions
64 Bit Capable: no
Portable version available: no
Other languages supported: no
Additional Software Required: no
GMER
Website: http://www.gmer.net/index.php
Author: GMER
Date: 04/28/2008
Version:1.0.14
Download File size: 740KB
License: Freeware
Operating systems supported: Windows NT - Vista
64 Bit Capable: no
Portable version available: no
Other languages supported: no
Additional Software Required: no
IceSword
Website: http://antirootkit.com/software/IceSword.htm
Author: XFocus
Date: 04/28/2008
Version:1.22
Download File size: 2.1MB
License: Freeware
Operating systems supported: Windows 2000, XP, Vista (version 1.20)
64 Bit Capable: no
Portable version available: yes
Other languages supported: yes
Additional Software Required: no
DarkSpy
Website: http://www.softpedia.com/get/Antivirus/DarkSpy Anti Rootkit.shtml
Author: CardMajic
Date: 04/28/2008
Version:1.0.5
Download File size: 626KB
License: Freeware
Operating systems supported: Windows 2000, XP, 2003
64 Bit Capable: no
Portable version available: no
Other languages supported: no
Additional Software Required :no
[6] Dealing with the Rootkit Threat
Website: http://www.techsupportalert.com/rootkits.htm