A very dear friend of mine working deep in the coal mines of IT asked me this morning for a recommendation regarding the best commercial rootkit detection and removal tool, as they were having a problem with some of their systems. It seems that their current vendor’s product was able to detect a rootkit, but only with a generic heuristic detection, could not accurately name the infection, and thus could not remove it. I did a quick lookup on a couple of security tools databases and confirmed that my previous favorites were still in the game. (F-Secure BlackLight is no more?!)
I don’t think anyone sells just a rootkit removal tool anymore. Rootkits are considered just one more class of malware. Most current A/V vendor products have rootkit detection and removal capabilities. If they are not working for you, or you would just liek a second opinion, I recommend:
- Trend Micro is my first choice in rootkit detection and removal tools. Trend Micro is a commercial A/V and security vendor, but their RootkitBuster tool remains FREE. It is very good at what it does, and remains my first choice.
- Microsoft offers Rootkit Revealer which they acquired when they hired the author, Mark Russinovich. Check this one out and read the information about rootkits to learn more and understand why they are such a pain in the Master Boot Record. I find that it doesn’t play well in Vista, but XP is definitely covered.
- Near the top of the list is Sophos Anti-Rootkit. This program has a small but easy to use interface with no options other than choosing where you want to scan. This tool also remains free of charge.
- I have two final choices, for the more experienced and technical users. GMER and RootRepeal (beta) are very good tools, but it takes someone fairly knowledgeable about computer systems to interpret their results. Docs on both programs exist, but if you prefer simple results, you would be better served with either Trend, Sophos or Microsoft.
After this, I headed out to the kitchen for that first blast of coffee. Mmmm, ready for another cup!