Windows XP systems are more prone to being infected with rootkits as Microsoft's latest operating system Windows 7. That's the result of a study conducted by Avast that surveyed more than 600,000 Windows PCs. Reasons for this higher infection rate are systems that are running the now unsupported service pack 2 and better protection of the Windows 7 operating system, and there especially the 64-bit versions.
While one could argue that the figures are also explainable by the factors time and the fact that most rootkits target 32-bit systems, it is undeniable that rootkits pose a serious security risk.
The two free rootkit scanners Avast aswMBR and Sophos Anti-Rootkit can be used to scan a PC system for rootkits. There are other tools that can be used for the purpose, like the previously reviewed Codewalker, AVG Anti-Rootkit Free or the incredibly useful TDSSKiller by Kaspersky.
Avast aswMBR is a portable program for Windows. The program offers to download the latest antivirus definitions from Avast servers on first start. Those definitions are then used to scan and identify potentially dangerous files that have been discovered by the rootkit scanner.
A click on the Scan button starts the scan of the system. Potentially dangerous files are highlighted in yellow and red colors on the screen. Suspicious or infected files are declared as those directly in the interface. The Fix or Fix MBR buttons are used to disinfect the system and remove the rootkit from it. Avast aswMBR can be downloaded directly from the Avast website. The rootkit module is part of all Avast antivirus solutions.
Sophos Anti-Rootkit is another portable rootkit scanner for Windows. The download becomes available after filling out a two page form on the Sophos website. The rootkit scanner comes as a rar archive that you need to unpack on the system. The program displays a minimalistic interface on startup. The Windows Registry and local hard drives are automatically selected for the scan next to the running processes. A click on Start Scan opens a new window that highlights the scan progress.
The anti-rootkit software lists all suspicious or unknown hidden files in the log. Not all those files are rootkits, and it pays to scan the listed files with another rootkit scanner or an online scanner such as Virus Total.
Both rootkit scanners are portable and free for personal use. This makes them ideal for a admin toolset on DVD or USB stick.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.