Root-kits

Is Avast! working to find root-kits and removability?

Shortly, not.

To Rootkits, get:
AVG Anti-Rootkit 1.0.0.13 Beta
BitDefender Antirootkit Beta2
F-Secure BlackLight 2.2.1050 Beta
GMER 1.0.11.11390
RootKit Hook Analyzer 1.01
Sophos Anti-Rootkit
IceSword 1.18
DarkSpy Anti-Rootkit 1.0.5
RootkitRevealer 1.7

A Google search or a downloads site will let you to them.

Awesome, appreciate it!

Hi thegreatyo,

I have tested out the Polish GMER program, very extensive. Also use programs to see dependencies, and checking with via another OS on the comp gives the rootkits away.
People should also experiment with power programs like APISpy and AttackSpy to get a understanding of what goes on at kernel level (not for the meek). Launch up a compiler or re-compiling program, and learn to analyze the registry in and out.
But even better still, analyze in which ways rootkits are being placed onto a computer. and prevent that (SafeXP, not running services not needed, allow scripts only after the script has been analyzed (Script Blocking), use in-browser security.

polonus

Prevention is ultimately better than cure, stop them getting established, once they are established they hide their components making it had to detect and remove. The initial file isn’t the rootkit but once executed you can be in trouble.

They, the original file before execution is likely to be placed in system folders and have registry keys, etc. this requires permission. Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

Cool, thanks for the info Polonus and David! I will check the info out.