Sophos Anti-Rootkit
Sophos Anti-Rootkit will find and remove any rootkit


Sophos Anti Rootkit description
Sophos Anti-Rootkit eliminates hidden applications and processes
Removing rootkits without compromising system integrity is particularly challenging and needs to be done with care.

Sophos Anti-Rootkit will find and remove any rootkit that is hidden on your computer.

The term rootkit is used to define a Trojan (or technology) used to hide the presence of a malicious object (process, file, registry key, network port) from the computer user or administrator.

Here are some key features of "Sophos Anti Rootkit":

Scans running processes, windows registry and local hard drives for rootkits.
Identifies known rootkits and selects, by default, files for removal which will remove the rootkit component of the malware without compromising OS integrity.
Allows users to remove unidentified hidden files, but does not allow removal of essential system files when hidden by an identified rootkit.
Once the user has run a scan, the screen prompts the user through the necessary steps until every rootkit has been removed.
Users can switch between the GUI and command-line functionality.
Both context sensitive and command-line help are available.

Win 2000/XP/2003/Vista/7

RootRepeal
Rootkit Detector

RootRepeal is a new rootkit detector currently in public beta. It is designed with the following goals in mind:

Easy to use - a user with little to no computer experience should be able to use it.
Powerful - it should be able to detect all publicly available rootkits.
Stable - it should work on as many different system configurations as possible, and, in the event of an incompatibility, not crash the host computer.
Safe - it will not use any rootkit-like techniques (hooking, etc.) to protect itself.

Currently, RootRepeal includes the following features:
Driver Scan - scans the system for kernel-mode drivers. Displays all drivers currently loaded, and shows if a driver has been hidden, and whether the driver's file is visible on-disk.
Files Scan - scans any fixed drive on the system for hidden, locked or falsified* files.
Processes Scan - scans the system for processes. Displays all processes currently running, and shows if a processes is hidden or locked.
SSDT Scan - shows whether any of the functions in the System Service Descriptor Table (SSDT) are hooked.
Stealth Objects Scan - attempts to determine if any rootkits are active by looking for typical symptoms.
Hidden Services Scan - scans for hidden system services.
Shadow SSDT Scan - counterpart to the SSDT Scan, but deals mostly with graphics and window-related functions.

Win 2000/XP/2003/Vista/7

Kaspersky TDSSKiller

It is possible to disinfect a system infected with malware family Rootkit.Win32.TDSS using the utility TDSSKiller.exe.
The utility has GUI.

The utility TDSSKiller.exe supports 32-bit and 64-bit operation systems.

Disinfection of an infected system
Download the file TDSSKiller.zip and extract it (use archiver, for example, WInZip) into a folder on the infected (or potentially infected) PC.
Execute the file TDSSKiller.exe.
Wait for the scan and disinfection process to be over. It is necessary to reboot the PC after the disinfection is over.

Win 2000/XP/2003/XP/Vista/7

IceSword

IceSword - A very useful rootkit scanner and system information utility
IceSword is a very powerful software application that will scan your computer for rootkits.

IceSword also displays all the hidden processes and resources of your system that you would never find in any other Windows Explorer like program.

IceSword will protect your computer against rootkits and won't allow them to infect your system.

Due to the great amount of information presented in the application, you can easily realize that IceSword was designed for more advanced users and advanced rootkit removal.

Win 2000/XP/2003

Panda Anti-Rootkit

Panda Anti-Rootkit is a program that uses latest generation technology to detect and remove rootkits
Panda Anti-Rootkit was designed to be a small application that will use the latest generation technology to detect and remove rootkits on your system. Rootkits are programs designed to hide processes, files or Windows Registry entries.

This type of software is used by hackers to hide their tracks or to insert threats surreptitiously on compromised computers. There are types of malware that use rootkits to hide their presence on the system.

Rootkits use sophisticated techniques to avoid being detected by antivirus solutions. To combat this new threat Panda Software has developed Panda Anti-Rootkit.

Win 2000/XP

McAfee Rootkit Detective

McAfee Rootkit Detective will proactively detect and clean rootkits that are running on the system.
McAfee Rootkit Detective Beta is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system.

McAfee Rootkit Detective should only be used by knowledgeable individuals at the direction of, and with the support of, a representative from McAfee Avert Labs or McAfee Technical Support. Improper usage of this tool could result in damage to your applications or operating system.

Here are some key features of "McAfee Rootkit Detective":

Designed to proactively detect the system objects like processes, files and registry that are hidden to the user
Provides information about all running processes in the system
Provides information about various system hooks like SSDT(System Service Descriptor Table) hooks, user/kernel IAT/EAT(Import/Export Address Table) hooks
Allows the user to clean/remove the malicious objects from the system by renaming/deleting the hidden files/registry

Allows the user to terminate the malicious processes
Users can submit samples using the submission feature present in the tool
Users can also collect the samples manually after renaming them and Avert Labs for further analysis.

Win 2000/XP/2003/Vista

Lavasoft ARIES Rootkit Remover

The ARIES Rootkit Remover was desgined tolocate and permanently remove the Sony rootkit from the system
The ARIES Rootkit Remover was desgined to locate and permanently remove the Sony rootkit from the system and disable the
rootkit's ability to run once more after reboot.

This standalone tool is a reliable, trustworthy, and safe way of removing the rootkit--unlike Sony's own rootkit remover that has been known to cause blue screens.

This primarily protects consumers and ensures privacy. The tool is developed by Lavasoft in line with our common goals to steer computing environment towards better standards.

Win 95/98/Me/NT/2000/XP

F-Secure BlackLight
Rootkit Elimination

F-Secure BlackLight Rootkit Elimination Technology detects objects that are hidden from users and security tools and offers the user an option to remove them. The main purpose is to fight rootkits and all kinds of malware that use rootkits.

The F-Secure BlackLight Rootkit Elimination Technology works by examining the system at a deep level. This enables BlackLight to detect objects that are hidden from the user and security software.

What are the key benefits of F-Secure BlackLight Rootkit Elimination Technology?
F-Secure BlackLight can detect and eliminate active rootkits from the computer. Traditional antivirus scanners can't detect active rootkits.
On a normal system F-Secure BlackLight does not confront the user with a long list of suspected objects. This makes F-Secure BlackLight useful even for non-technical users.
F-Secure BlackLight Rootkit Elimination Technology can be used in the background during normal system operation. Other available scanners require a reboot during scan or may produce false positives if the system is used during scanning.

For whom is F-Secure BlackLight intended?
F-Secure BlackLight is intended for all computer users who want additional security by checking their system for rootkits. F-Secure BlackLight is suitable for use in both home and business environments.

Win 2000/XP/2003/Vista

SanityCheck

SanityCheck is an advanced rootkit and malware detection tool for Windows which thoroughly scans the system for threats and irregularities which indicate malware or rootkit behavior

By making use of special deep inventory techniques, this program detects hidden and spoofed processes, hidden threads, hidden drivers and a large number of hooks and hacks which are typically the work of rootkits and malware.

It offers a comprehensible report which gives a detailed explanation of any irregularities found and offers suggestions on how to solve or further investigate any situation.

Win 2000/XP/Vista/7

Rootkit Hunter

Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

MD5 hash compare
Look for default files used by rootkits
Wrong file permissions for binaries
Look for suspected strings in LKM and KLD modules
Look for hidden files
Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

Linux and BSD

RootkitRevealer

RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.

RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!

The reason that there is no longer a command-line version is that malware authors have started targetting RootkitRevealer's scan by using its executable name.
We've therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service.
This type of execution is not conducive to a command-line interface.

Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version's behavior.

Win 2000/XP/2003

OS X Rootkit Hunter

OS X Rootkit Hunter is based on Michael Boelen`s "rootkit hunter" but little modified for easier/better usability on Mac OS X.

OS X Rootkit Hunter is scanning tool to detect nasty tools on your Mac. This tool scans for rootkits, backdoors and local exploits by running tests like:

MD5 hash compare
Look for default files used by rootkits
Wrong file permissions for binaries
Look for suspected strings in LKM and KLD modules
Look for hidden files
Optional scan within plaintext and binary file

Mac OS X 10.4 or later