Best Free Rootkit Scanner/Remover Updated December 7, 2007

Rootkits are a special kind of software tool used to hide trojans, viruses and other malware from your anti-virus scanner and other security products. Unfortunately, they are extremely effective which means that some of you reading this will be infected even though you believe your PC to be totally clean. Thankfully there is a new class of security product now available called rootkit detectors that use specialized techniques to detect these dangerous intruders.

Most of these detectors require quite a bit of technical skill to interpret the results but two of the simplest to use are also amongst the most effective. The first is called Panda Anti-Rootkit [1]. It’s my top recommendation for average users because it not only good at detecting rootkits it also quite effective at removing them. As a bonus it’s small and doesn’t require installation though you do have register at the Panda website before you can download it. I suggest everyone download this product and scan their PC. The chances of you being infected are small but for five minutes work it’s not worth taking the risk.

Panda Anti-Rootkit will detect most rootkits missed by AV scanners but it can’t provide perfect detection; no rootkit detector can. That’s why I suggest you use more than one.

If you are an experienced user you should check out SysInternals RootkitRevealer [2]. It uses a totally different different technique to Panda Anti-Rootkit and BlackLight so by using all three products together you’ll be getting excellent overall detection. RootkitRevealer is however, harder to use than BlackLight and is a bit prone to false positives so take care before deleting detected items. If in doubt, consult the SysInternals RootkitRevealer forum. [3]

For experienced users my top recommendation is GMER [4] though you will need to read the documentation carefully before using this one. I like this product a lot but it’s not for everyone. So if you are the type that simply likes to press the “scan” button then stick with Panda Anti-Rootkit ;>)

Currently two of the biggest guns in the rootkit detection war are the free Chinese products IceSword [5] and DarkSpy [6]. They are not really detectors like the other products rather they offer a set of tools that can help reveal the presence of a rootkit. These tools include a special process viewer, startup manager and port enumerator that are not fooled by rootkits. It’s left to the user though, to interpret the results. In the hands of an skilled user, these are powerful tools but not much use to beginners. The Chinese download sites are slow so I’ve given local download links [6], [6].

The reality is that at the present time, full protection against rootkits may require the use of multiple products and complete removal may require a system rebuild. For more details see my introductory article on rootkits [7].


[1] Freeware, Windows 2K, XP.353KB
[2] Freeware, All Windows, 231KB
[4] Freeware, Windows NT/ 2K/XP/Vista, 450KB
[5] Freeware, Windows NT/2K/XP, 2.1MB
[6] Windows 2K/XP/2003, 626KB
[7] <= How to deal with the threat of rootkits

Sumber. The 46 Best-ever Freeware Utilities