Rootkit Removers | Rootkit Detectors
Rootkits are somewhat more sophisticated than the average run of the mill virus. Rootkits will compromise or replace trusted system files with a version that serves the original purpose plus their own purposes. They will also run processes that are hidden from task manager and do what they can to remain unnoticed on the system.
As you might imagine this makes the detection and removal of these rootkits something that calls for specialized tools. It can be tricky, but there are about three tools that are of great use as I write this.
Root Repeal – I have had good success with root repeal. Although it’s in public beta – it seems stable and is quick and effective at finding hidden tasks, and other obscure baddies.
Rootkit revealer was originally created by sysinternals and now is owned by Microsoft – great tool and really (if I’m not mistaken) the first of it’s kind for finding hidden processes.
GMER is billed as a rootkit detector and remover as well. Among the things it searches for are:
# hidden processes
# hidden threads
# hidden modules
# hidden services
# hidden files
# hidden Alternate Data Streams
# hidden registry keys
# drivers hooking SSDT
# drivers hooking IDT
# drivers hooking IRP calls
# inline hooks
I have used this one, but have had stability problems with it. (It crashed out the 2 or three times I’ve tried it. As the software develops I will give it another try.