How to check your system for rootkits - gHacks Tech News

How to check your system for rootkits

Rootkits have been in the press lately and it's a good idea to be on the safe side and check your system from time to time to make sure it is not infected by a rootkit. I'm going to introduce two freeware utilities that scan your system and reveal rootkits if they are installed and running on your system.

The first tool is called rootkit hook analyzer, the second one rootkit revealer. Both are great tools and easy to use. You probably have to do some research on the web after you have scanned your system with the programs as you may need to find additional information about the findings to come to a conclusion. You either need to be knowledgeable on the subject, or search on the Internet to find out more about possible rootkits before you make any modifications to your systems and the files discovered.

Websites that can help you with this - other than search engines - are the Rootkit Revealer homepage which has a short introduction on interpreting the output or the rootkit.com website which has lots of information on the subject.

Update: Rootkit Hook Analyzer has not been updated for some time now. The developer website still states that it is only compatible with Vista and earlier versions of the Windows operating system, and that it is not compatible with 64-bit editions of Windows at all.

Rootkit Revealer has also not been updated since 2006, which makes it only compatible with Windows XP or Windows Server 2003, and not newer versions of the Microsoft Windows operating system.

A viable alternative is Kaspersky's TDSS Killer program which can scan a system for rootkits. Unlike the other two programs mentioned, it is fully compatible with the latest versions of the Microsoft Windows operating system.

tdsskiller

The program uses signatures to detect known rootkits, and comes with heuristics to check a system for suspicious activities. It is easy to use, especially if a known rootkit is found on the system. Additional research may be needed if it finds suspicious objects though.

To use it simply click on the start scan button in the program interface. A scan should not take longer than a couple of seconds on most computer systems. You can change some parameters before the scan. Here you can include loaded modules in the scan, and also have the program verify digital file signatures and detect TDLFS file systems. Note that the loaded modules scan requires a reboot the first time.  You can also click on report to access the last detailed scan report right in the program interface.

Another alternative is Malwarebyte's Anti-Rootkit which has been released recently as well.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.