Freeware Catalog
Screenshots
Selection of Anti-rootkits snapshots:
(Click to enlarge)
Avgantirootkit

AVG Anti-Rootkit Free

Aviraantirootkit

Avira AntiRootkit

DarkSpy

DarkSpy

Blacklight

F-Secure BlackLight

Gmer

GMER

Icesword

IceSword

Rootkitdetective

McAfee Rootkit Detective Beta

Pandaantirootkit

Panda Anti-Rootkit

RootkitRevealer

RootkitRevealer

Rootkitbuster

Rootkit Buster

RootkitUnhooker

Rootkit Unhooker

Sophosantirootkit

Sophos Anti-Rootkit

Unhackmebeta

UnHackMe


Lists of freeware antirootkit []

Currently (2006-2007), rootkits are the number 1 threat on most people's horizons. Surprisingly, most of the current offerings that specifically target rootkits are freeware or open source.

howerver,

nprotect Issue  (for Game Users)

call game guard  well     these are rootkit made by South Korea

so there is exception as below  We should get rid of it manually

For windows users


32bit (x86): %windir%\system32\ (ex: C:\Windows\system32\)


64bit (x64): %windir%\SysWOW64\ (ex: C:\Windows\SysWOW64\)

find these and get rid of


npptnt2.sys
nppt9x.vxd

and type regedit in start menu to open registry and find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPPTNT2\ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npggsvc\

npptnt2

npggsvc   

for me how to delete nprotect     it took a long time  5 years?

so I put in here..   prepare for law suits      lol      thanks

Memory resident antirootkit[]

  1. AVZGuard - http://z-oleg.com/secur/avz/download.php (second download on the right avz4en.zip is English)
  2. Helios - http://helios.miel-labs.com/ Helios Lite does not require installation
  3. Vista GMER - http://www.gmer.net/files.php align=centerRecommended
  4. See also Lists of freeware behavior blockers


These are antirootkits that claim to have a resident shield component. Not very common, and unlikely to be very different from HIPS

On demand antirootkit scanners []

Standalone scanners by conventional AV companies []

  1. AVG Anti-Rootkit Free - http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0
  2. Avira AntiRootkit Tool - http://dl.antivir.de/down/windows/antivir_rootkit.zip
  3. BitDefender Rootkit Uncover - http://www.majorgeeks.com/download.php?det=5157
  4. Vista F-Secure BlackLight (beta) - http://www.f-secure.com/blacklight/ align=center
  5. McAfee Rootkit Detective - http://www.majorgeeks.com/download5447.html
  6. Panda Anti-Rootkit - http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx Recommended
  7. Rootkit Buster (Trend Micro) - http://www.trendmicro.com/download/rbuster.asp
  8. Sophos Anti-Rootkit - http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html


Most of these stand alone anti-rootkit released by AV companies are relatively new (BlackLight is the oldest). Many will eventually be incorporated into future products to extend anti-rootkit abilities. Avira AntiRootkit Tool is already built into Antivir. Because they have being slower to the game compared to independent developers (see next section), they are probably not very effective.

Relatively well known and popular antirootkits []

  1. DarkSpy - http://www.fyyre.net/~cardmagic/index_en.html align=center
  2. Vista GMER - http://www.gmer.net/files.php Mirrorsite - http://www.majorgeeks.com/GMER_d5198.html align=centerRecommended
  3. Radix - http://www.usec.at/
  4. Vista IceSword - http://www.antirootkit.com/software/IceSword.htm and IceSword 1.2 for Vista align=center
  5. RootkitRevealer - http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx align=center
  6. Vista Rootkit Unhooker - http://rkunhooker1. narod.ru/ align=centerRecommended
  7. System Virginity Verifier - http://invisiblethings.org/tools.html


These are rootkit scanners released by independent (none-AV) developers. RootkitRevealer was the original anti-rootkit that sparked off the recent arm's race in this area. IceSword and DarkSpy (both from China) are excellent but development has slowed. GMER and Rootkit Unhooker are cutting edge tools that are still being developed rapidly.

Note: While some of the anti-rootkit tools above are by well known developers (RootkitRevealer and System Virginity Verifier comes to mind) , others are by developers who have chosen to remain anonymous (or semi-anonymous), so there might be some suspicion . However the tools listed in this section are well known and have received quite a lot of scrutiny so they are unlikely to be malicious. Be wary of downloading any new anti-rootkit tool or claimed new version from unknown sources though.

Others []

  1. Vista Process Revealer - http://www.logixoft.com/process-revealer-free-edition.html Recommended
  2. Archon Scanner (beta) - http://www.antirootkit.com/software/Archon-Scanner.htm
  3. Avzguard - http://z-oleg.com/secur/avz/download.php (second download on the right avz4en.zip is English)
  4. BreakPE - http://seconfig.sytes.net/breakpe
  5. Catchme - http://www.gmer.net/catchme.php Recommended
  6. Helios - http://helios.miel-labs.com/
  7. Hookexplorer - http://labs.idefense.com/files/labs/releases/previews/HookExplorer/
  8. Processwalker - http://rku.xell.ru/?l=e&a=dl
  9. RAIDE - http://www.rootkit.com/newsread.php?newsid=544
  10. RegReveal - http://www.geocities.jp/kiskzo/regreveal.html
  11. RKDetector v2.0 - http://www.rkdetector.com/
  12. Rustbfix - http://www.uploads.ejvindh.net/rustbfix.exe
  13. rootchk - http://www.uploads.ejvindh.net/rootchk.exe Recommended
  14. Rootkit Hook Analyzer - http://www.resplendence.com/hookanalyzer/
  15. SafetyCheck - http://yyuyao.googlepages.com/home (untested)
  16. Seems System Eyes & Ears Monitor - http://3psilon.info/-Seem-System-Eyes-and-Ears.html
  17. SysProt AntiRootkit - http://antirootkit.com/software/SysProt-AntiRootkit.htm
  18. Vista UnHackMe (betaware and nagware) - http://greatis.com/unhackme/faq.htm


Rootchk (and Catchme) is sometimes used on HJT help forums. Most of the others are lesser known and/or in beta.

Others (mostly outdated)[]

  1. Detectproc - http://www.kd-team.com/
  2. Flister (outdated) - http://invisiblethings.org/tools.html
  3. modGREPER - http://invisiblethings.org/tools.html
  4. Klister - http://invisiblethings.org/tools.html
  5. Patchfinder II (outdated) - http://www.rootkit.com/project.php?id=15
  6. Vice (outdated)- http://www.rootkit.com/project.php?id=20
  7. See also Lists of freeware behavior blockers,Lists of freeware antivirus, Lists of freeware antispyware and Lists of freeware antitrojan that might detect rootkits using signatures etc.


Many of the tools listed here are probably out of date. Some are newer but in a beta or even alpha state or are simply unpopular.

Linux []

  1. chkrootkit - http://www.chkrootkit.org/
  2. OS X Rootkit Hunter - http://mac.softpedia.com/get/Security/OS-X-Rootkit-Hunter.shtml
  3. Rkscan - http://www.hsc.fr/ressources/outils/rkscan/index.html.en
  4. Rootkit Hunter - http://www.rootkit.nl/projects/rootkit_hunter.html
  5. Rootkit Profiler LX - http://www.trapkit.de/research/rkprofiler/rkplx/rkplx.html
  6. Rootkitty - http://www.ubcd4win.com/forum/index.php?s=b2064cb601a4694c6a7f4abe10422d54&showtopic=2424
  7. Unhide - http://www.security-projects.com/?Unhide:Download
  8. Zeppoo - http://www.zeppoo.net/

Information links []


This article is part of the Lists of Freeware Security Software: Malware Control series.

Freeware Anti-Viruses | Freeware Anti-Spyware | Freeware Anti-Trojans | Freeware Anti-Keyloggers | Freeware Anti-Rootkits | Freeware Firewalls | Freeware Behavior blockers | Freeware Sandboxes | Freeware Virtualization | Freeware Security analysis tools | Freeware Hardening tools | Freeware Blocklists | Freeware security services (excluding virus scanners) | Freeware Anti-Phishing | List of portable tools | List of unclassified tools

Related : Lists of online scanners