This anti-rootkit tool by NoVirusThanks is free for non commercial use and is recommended to be used by experienced users because the program shows a lot of technical information especially code hooks although the less experienced users can still run a quick scan on the Quick Report tab to find any process that runs hidden and is labeled as suspicious. The “Files” tab where you can access your files from in an Explorer-like interface also doesn’t seem to show files and folders that are hidden by rootkits. We found that GMER is more of an analyzer rather than a tool to remove antirootkits because you can only kill process but without an option to delete running processes, modules, registry keys and autostart items. An advantage in GMER is it will automatically start a quick scan upon running to find system modification which might have been caused by rootkit activity. GMER has been around since 2006 and is still being actively developed today with full 64-bit support. As good as it is, AntiSpy is short of a low-level file browser to view hidden files and folders. The registry, service and autostart tab is worth looking at because you are able to delete protected registry keys that cannot be done from regedit.exe, view hidden services that don’t show up in services.msc and reveal hidden items that autostart with Windows. Running the executable file will open up a window with a couple tabs allowing you to view both visible and hidden items.Īs you can see from the AntiSpy screenshot above, a process colored in red is found to be suspicious and right clicking on the item provides many options to investigate or take action such as kill and delete file. The official website is in Chinese but the program is fully in English. Other than using them to detect rootkits, it can also be used to find other malware such as trojan, rogueware, worms and viruses.ĪntiSpy is a new portable tool that the first version was released early 2013 and a new version has been released every month. Unlike the previous list of antirootkit detection tools which is meant for average computer users to automatically recognize rootkit infections and offer to remove them, the 5 free utilities below are meant for advanced users to manually analyze hidden processes, drivers, registry keys, files, startup entries, services, scheduled tasks, ring0 and ring3 hooks, etc and self determine if the items are safe or malicious.
0 Comments
Leave a Reply. |