Wikia

Freeware Catalog

Lists of freeware antirootkit

Talk0
292pages on
this wiki
Screenshots
Selection of Anti-rootkits snapshots:
(Click to enlarge)
Avgantirootkit
AVG Anti-Rootkit Free
LUAdded by LU
Aviraantirootkit
Avira AntiRootkit
LUAdded by LU
DarkSpy
DarkSpy
LUAdded by LU
Blacklight
F-Secure BlackLight
LUAdded by LU
Gmer
GMER
LUAdded by LU
Icesword
IceSword
LUAdded by LU
Rootkitdetective
McAfee Rootkit Detective Beta
LUAdded by LU
Pandaantirootkit
Panda Anti-Rootkit
LUAdded by LU
RootkitRevealer
RootkitRevealer
LUAdded by LU
Rootkitbuster
Rootkit Buster
LUAdded by LU
RootkitUnhooker
Rootkit Unhooker
LUAdded by LU
Sophosantirootkit
Sophos Anti-Rootkit
LUAdded by LU
Unhackmebeta
UnHackMe
LUAdded by LU


Lists of freeware antirootkit Edit

Currently (2006-2007), rootkits are the number 1 threat on most people's horizons. Surprisingly, most of the current offerings that specifically target rootkits are freeware or open source.

howerver,

nprotect Issue  (for Game Users)

call game guard  well     these are rootkit made by South Korea

so there is exception as below  We should get rid of it manually

For windows users


32bit (x86): %windir%\system32\ (ex: C:\Windows\system32\)


64bit (x64): %windir%\SysWOW64\ (ex: C:\Windows\SysWOW64\)

find these and get rid of


npptnt2.sys
nppt9x.vxd

and type regedit in start menu to open registry and find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPPTNT2\ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npggsvc\

npptnt2

npggsvc   

for me how to delete nprotect     it took a long time  5 years?

so I put in here..   prepare for law suits      lol      thanks

Memory resident antirootkit Edit

  1. AVZGuard - http://z-oleg.com/secur/avz/download.php (second download on the right avz4en.zip is English)
  2. Helios - http://helios.miel-labs.com/ Helios Lite does not require installation
  3. Vista GMER - http://www.gmer.net/files.php StarRecommended
  4. See also Lists of freeware behavior blockers


These are antirootkits that claim to have a resident shield component. Not very common, and unlikely to be very different from HIPS

On demand antirootkit scanners Edit

Standalone scanners by conventional AV companies Edit

  1. AVG Anti-Rootkit Free - http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0
  2. Avira AntiRootkit Tool - http://dl.antivir.de/down/windows/antivir_rootkit.zip
  3. BitDefender Rootkit Uncover - http://www.majorgeeks.com/download.php?det=5157
  4. Vista F-Secure BlackLight (beta) - http://www.f-secure.com/blacklight/ Star
  5. McAfee Rootkit Detective - http://www.majorgeeks.com/download5447.html
  6. Panda Anti-Rootkit - http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx Recommended
  7. Rootkit Buster (Trend Micro) - http://www.trendmicro.com/download/rbuster.asp
  8. Sophos Anti-Rootkit - http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html


Most of these stand alone anti-rootkit released by AV companies are relatively new (BlackLight is the oldest). Many will eventually be incorporated into future products to extend anti-rootkit abilities. Avira AntiRootkit Tool is already built into Antivir. Because they have being slower to the game compared to independent developers (see next section), they are probably not very effective.

Relatively well known and popular antirootkits Edit

  1. DarkSpy - http://www.fyyre.net/~cardmagic/index_en.html Star
  2. Vista GMER - http://www.gmer.net/files.php Mirrorsite - http://www.majorgeeks.com/GMER_d5198.html StarRecommended
  3. Radix - http://www.usec.at/
  4. Vista IceSword - http://www.antirootkit.com/software/IceSword.htm and IceSword 1.2 for Vista Star
  5. RootkitRevealer - http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx Star
  6. Vista Rootkit Unhooker - http://rkunhooker1. narod.ru/ StarRecommended
  7. System Virginity Verifier - http://invisiblethings.org/tools.html


These are rootkit scanners released by independent (none-AV) developers. RootkitRevealer was the original anti-rootkit that sparked off the recent arm's race in this area. IceSword and DarkSpy (both from China) are excellent but development has slowed. GMER and Rootkit Unhooker are cutting edge tools that are still being developed rapidly.

Note: While some of the anti-rootkit tools above are by well known developers (RootkitRevealer and System Virginity Verifier comes to mind) , others are by developers who have chosen to remain anonymous (or semi-anonymous), so there might be some suspicion . However the tools listed in this section are well known and have received quite a lot of scrutiny so they are unlikely to be malicious. Be wary of downloading any new anti-rootkit tool or claimed new version from unknown sources though.

Others Edit

  1. Vista Process Revealer - http://www.logixoft.com/process-revealer-free-edition.html Recommended
  2. Archon Scanner (beta) - http://www.antirootkit.com/software/Archon-Scanner.htm
  3. Avzguard - http://z-oleg.com/secur/avz/download.php (second download on the right avz4en.zip is English)
  4. BreakPE - http://seconfig.sytes.net/breakpe
  5. Catchme - http://www.gmer.net/catchme.php Recommended
  6. Helios - http://helios.miel-labs.com/
  7. Hookexplorer - http://labs.idefense.com/files/labs/releases/previews/HookExplorer/
  8. Processwalker - http://rku.xell.ru/?l=e&a=dl
  9. RAIDE - http://www.rootkit.com/newsread.php?newsid=544
  10. RegReveal - http://www.geocities.jp/kiskzo/regreveal.html
  11. RKDetector v2.0 - http://www.rkdetector.com/
  12. Rustbfix - http://www.uploads.ejvindh.net/rustbfix.exe
  13. rootchk - http://www.uploads.ejvindh.net/rootchk.exe Recommended
  14. Rootkit Hook Analyzer - http://www.resplendence.com/hookanalyzer/
  15. SafetyCheck - http://yyuyao.googlepages.com/home (untested)
  16. Seems System Eyes & Ears Monitor - http://3psilon.info/-Seem-System-Eyes-and-Ears.html
  17. SysProt AntiRootkit - http://antirootkit.com/software/SysProt-AntiRootkit.htm
  18. Vista UnHackMe (betaware and nagware) - http://greatis.com/unhackme/faq.htm


Rootchk (and Catchme) is sometimes used on HJT help forums. Most of the others are lesser known and/or in beta.

Others (mostly outdated)Edit

  1. Detectproc - http://www.kd-team.com/
  2. Flister (outdated) - http://invisiblethings.org/tools.html
  3. modGREPER - http://invisiblethings.org/tools.html
  4. Klister - http://invisiblethings.org/tools.html
  5. Patchfinder II (outdated) - http://www.rootkit.com/project.php?id=15
  6. Vice (outdated)- http://www.rootkit.com/project.php?id=20
  7. See also Lists of freeware behavior blockers,Lists of freeware antivirus, Lists of freeware antispyware and Lists of freeware antitrojan that might detect rootkits using signatures etc.


Many of the tools listed here are probably out of date. Some are newer but in a beta or even alpha state or are simply unpopular.

Linux Edit

  1. chkrootkit - http://www.chkrootkit.org/
  2. OS X Rootkit Hunter - http://mac.softpedia.com/get/Security/OS-X-Rootkit-Hunter.shtml
  3. Rkscan - http://www.hsc.fr/ressources/outils/rkscan/index.html.en
  4. Rootkit Hunter - http://www.rootkit.nl/projects/rootkit_hunter.html
  5. Rootkit Profiler LX - http://www.trapkit.de/research/rkprofiler/rkplx/rkplx.html
  6. Rootkitty - http://www.ubcd4win.com/forum/index.php?s=b2064cb601a4694c6a7f4abe10422d54&showtopic=2424
  7. Unhide - http://www.security-projects.com/?Unhide:Download
  8. Zeppoo - http://www.zeppoo.net/

Information links Edit


This article is part of the Lists of Freeware Security Software: Malware Control series.

Freeware Anti-Viruses | Freeware Anti-Spyware | Freeware Anti-Trojans | Freeware Anti-Keyloggers | Freeware Anti-Rootkits | Freeware Firewalls | Freeware Behavior blockers | Freeware Sandboxes | Freeware Virtualization | Freeware Security analysis tools | Freeware Hardening tools | Freeware Blocklists | Freeware security services (excluding virus scanners) | Freeware Anti-Phishing | List of portable tools | List of unclassified tools

Related : Lists of online scanners

Around Wikia's network

Random Wiki