Lists of freeware antirootkit []
Currently (2006-2007), rootkits are the number 1 threat on most people's horizons. Surprisingly, most of the current offerings that specifically target rootkits are freeware or open source.
howerver,
nprotect Issue (for Game Users)
call game guard well these are rootkit made by South Korea
so there is exception as below We should get rid of it manually
For windows users
32bit (x86): %windir%\system32\ (ex: C:\Windows\system32\)
64bit (x64): %windir%\SysWOW64\ (ex: C:\Windows\SysWOW64\)
find these and get rid of
npptnt2.sys
nppt9x.vxd
and type regedit in start menu to open registry and find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPPTNT2\ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npggsvc\
npptnt2
npggsvc
for me how to delete nprotect it took a long time 5 years?
so I put in here.. prepare for law suits lol thanks
Memory resident antirootkit[]
- AVZGuard - http://z-oleg.com/secur/avz/download.php (second download on the right avz4en.zip is English)
- Helios - http://helios.miel-labs.com/ Helios Lite does not require installation
- GMER - http://www.gmer.net/files.php
- See also Lists of freeware behavior blockers
These are antirootkits that claim to have a resident shield component. Not very common, and unlikely to be very different from HIPS
On demand antirootkit scanners []
Standalone scanners by conventional AV companies []
- AVG Anti-Rootkit Free - http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0
- Avira AntiRootkit Tool - http://dl.antivir.de/down/windows/antivir_rootkit.zip
- BitDefender Rootkit Uncover - http://www.majorgeeks.com/download.php?det=5157
- F-Secure BlackLight (beta) - http://www.f-secure.com/blacklight/
- McAfee Rootkit Detective - http://www.majorgeeks.com/download5447.html
- Panda Anti-Rootkit - http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx
- Rootkit Buster (Trend Micro) - http://www.trendmicro.com/download/rbuster.asp
- Sophos Anti-Rootkit - http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
Most of these stand alone anti-rootkit released by AV companies are relatively new (BlackLight is the oldest). Many will eventually be incorporated into future products to extend anti-rootkit abilities. Avira AntiRootkit Tool is already built into Antivir. Because they have being slower to the game compared to independent developers (see next section), they are probably not very effective.
Relatively well known and popular antirootkits []
- DarkSpy - http://www.fyyre.net/~cardmagic/index_en.html
- GMER - http://www.gmer.net/files.php Mirrorsite - http://www.majorgeeks.com/GMER_d5198.html
- Radix - http://www.usec.at/
- IceSword - http://www.antirootkit.com/software/IceSword.htm and IceSword 1.2 for Vista
- RootkitRevealer - http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx
- Rootkit Unhooker - http://rkunhooker1. narod.ru/
- System Virginity Verifier - http://invisiblethings.org/tools.html
These are rootkit scanners released by independent (none-AV) developers. RootkitRevealer was the original anti-rootkit that sparked off the recent arm's race in this area. IceSword and DarkSpy (both from China) are excellent but development has slowed. GMER and Rootkit Unhooker are cutting edge tools that are still being developed rapidly.
Note: While some of the anti-rootkit tools above are by well known developers (RootkitRevealer and System Virginity Verifier comes to mind) , others are by developers who have chosen to remain anonymous (or semi-anonymous), so there might be some suspicion . However the tools listed in this section are well known and have received quite a lot of scrutiny so they are unlikely to be malicious. Be wary of downloading any new anti-rootkit tool or claimed new version from unknown sources though.
Others []
- Process Revealer - http://www.logixoft.com/process-revealer-free-edition.html
- Archon Scanner (beta) - http://www.antirootkit.com/software/Archon-Scanner.htm
- Avzguard - http://z-oleg.com/secur/avz/download.php (second download on the right avz4en.zip is English)
- BreakPE - http://seconfig.sytes.net/breakpe
- Catchme - http://www.gmer.net/catchme.php
- Helios - http://helios.miel-labs.com/
- Hookexplorer - http://labs.idefense.com/files/labs/releases/previews/HookExplorer/
Processwalker - http://rku.xell.ru/?l=e&a=dl- RAIDE - http://www.rootkit.com/newsread.php?newsid=544
- RegReveal - http://www.geocities.jp/kiskzo/regreveal.html
- RKDetector v2.0 - http://www.rkdetector.com/
- Rustbfix - http://www.uploads.ejvindh.net/rustbfix.exe
- rootchk - http://www.uploads.ejvindh.net/rootchk.exe
- Rootkit Hook Analyzer - http://www.resplendence.com/hookanalyzer/
- SafetyCheck - http://yyuyao.googlepages.com/home (untested)
- Seems System Eyes & Ears Monitor - http://3psilon.info/-Seem-System-Eyes-and-Ears.html
- SysProt AntiRootkit - http://antirootkit.com/software/SysProt-AntiRootkit.htm
- UnHackMe (betaware and nagware) - http://greatis.com/unhackme/faq.htm
Rootchk (and Catchme) is sometimes used on HJT help forums. Most of the others are lesser known and/or in beta.
Others (mostly outdated)[]
- Detectproc - http://www.kd-team.com/
- Flister (outdated) - http://invisiblethings.org/tools.html
- modGREPER - http://invisiblethings.org/tools.html
- Klister - http://invisiblethings.org/tools.html
- Patchfinder II (outdated) - http://www.rootkit.com/project.php?id=15
- Vice (outdated)- http://www.rootkit.com/project.php?id=20
- See also Lists of freeware behavior blockers,Lists of freeware antivirus, Lists of freeware antispyware and Lists of freeware antitrojan that might detect rootkits using signatures etc.
Many of the tools listed here are probably out of date. Some are newer but in a beta or even alpha state or are simply unpopular.
Linux []
- chkrootkit - http://www.chkrootkit.org/
- OS X Rootkit Hunter - http://mac.softpedia.com/get/Security/OS-X-Rootkit-Hunter.shtml
- Rkscan - http://www.hsc.fr/ressources/outils/rkscan/index.html.en
- Rootkit Hunter - http://www.rootkit.nl/projects/rootkit_hunter.html
- Rootkit Profiler LX - http://www.trapkit.de/research/rkprofiler/rkplx/rkplx.html
- Rootkitty - http://www.ubcd4win.com/forum/index.php?s=b2064cb601a4694c6a7f4abe10422d54&showtopic=2424
- Unhide - http://www.security-projects.com/?Unhide:Download
- Zeppoo - http://www.zeppoo.net/
Information links []
- Review: Six Rootkit Detectors Protect Your System
- Sysinternal forums on rootkits
- PCmag's review of Panda Anti-Rootkit, AVG Anti-Rootkit and Sophos Anti-Rootkit
Freeware Anti-Viruses | Freeware Anti-Spyware | Freeware Anti-Trojans | Freeware Anti-Keyloggers | Freeware Anti-Rootkits | Freeware Firewalls | Freeware Behavior blockers | Freeware Sandboxes | Freeware Virtualization | Freeware Security analysis tools | Freeware Hardening tools | Freeware Blocklists | Freeware security services (excluding virus scanners) | Freeware Anti-Phishing | List of portable tools | List of unclassified tools Related : Lists of online scanners |