FreewareVista Great Freeware
Freeware and free trials, tips and resources
Rootkits
Sophisticated design and function plus unique challenges in detection thus merit placing this new form of computer threat in its own distinct category - the Rootkit.
As the Rootkit problem has been less widespread than common viruses or spyware the topic has not garnered the general notice afforded its well-publicized predecessors. Information Technology Professionals and Security Software Developers, however, have indeed taken note and security products are fast emerging which incorporate Rootkit protection.
Rootkits take two general forms, the Kernel Level and Application Level Rootkits. The general premise of either type is to usurp the usual intended code and replace it with code that functions to hide the presence of malware. Rootkits thus present a unique difficulty since common security measures often rely on the integrity of the very code the Rootkit compromises.
Anti-Hook - intrusion protection operates on the Windows Kernel level. Protects against rootkits, keyloggers, spyware, trojans, and viruses based on code behavior
CounterSpy (Free Trial) - new version 2 has an all new detection engine designed for todays blended malware threats including rootkits, boot time detection roots out deeply embedded malware before Windows loads
Malicious Software Removal Tool - from Microsoft, now detects the WinNT/F4IRootkit and child variants, a kernal-mode rootkit associated with copy protection on some Sony BMG CD's
F-Secure Backlight - detect Rootkits (specialized code which can hide malware)
F-Secure (Free Trial)- offering stand-alone anti-virus or security suite, quality all-around malware protection including zero-day and rootkit defense
Spysweeper (Free Trial) - time honored and polished performer, high spy detection rate, detects rootkits. Select from 16 spy shields to provide real-time protection; including IE Favorites shield, IE Security Shield, IE Tracking Cookies shield, IE Hijack shield, IE Home Page shield, IE Search Page shield, Common Ad Sites shield, Hosts File shield, Memory shield, Spy Installation shield, ActiveX shield, Alternate Data Stream Execution (ADS) shield, Windows Messenger Service shield, Spy Communication shield, Startup shield, Browser Helper Object (BHO) shield.
Rootkit Hook Analyzer - from Resplendence Software, click the 'analyze' button to see what kernel hooks are active on your system
RootkitRevealer - detects Registry to file system API discrepancies. Make sure you understand scan results thoroughly before acting on them as not all items found indicate the presence of a rootkit.
Sana Security Primary Response Safe Connect (Free Trial) - provides an added layer of security in addition to traditional signature-based scanners. Uses Sana Security proprietary technology (active MDT) to detect a wide variety of threats including spyware, rootkits, trojans, hijackers, phishing, et. al.
Sophos Anti-Rootkit - straightforward free product, installs to SOPHTEMP on your main drive, find the executable there to start. As with all rootkit identification tools discretion needs to be used when evaluating scan results, items found are not necessarily rootkits.
IceSword - an advanced diagnostic tool for expert use only, the much discussed Chinese Rootkit detector. For use in evaluating system inconsistencies indicating the presence of a Rootkit or for deleting items located through other rootkit diagnostic tools. IceSword looks deep into a PC and provides access to hidden processes and resources some of which are not typically accessible through Windows. It is NOT a one-click detection or correction type of application but rather displays items so that an expert user can then evaluate. Provides access to Processes, Ports, Kernel Module, Startup, Win32 Services, SPI, BHO's, SSDT, Message Hooks, Registry Items.
UnHackMe (Free Trial) - from Greatis, per the Greatis website the software will continue to function after the trial period but with a registration reminder. Beta 3.0 removes Hacker Defender Rootkit, AFX Rootkit, Vanquish Rootkit, FU Rootkit Hidden Processes, Elite Keylogger, HackTool Rootkit, Appros Adware Rootkit. Fast scan plus real-time monitoring.