Posted by Steven Parker on 24 August 2006 - 09:09 · 7 comments & 4649 views
Enterprise anti-virus vendor Sophos on Aug. 23 released a free rootkit detection and removal tool alongside a warning that the stealthy malware threat is a legitimate security concern for businesses.

Sophos, of Lynnfield, Mass., said its rootkit cleaner offers an easy-to-use interface to scan all running processes, local hard drives and the Windows registry for rootkits.

The company joins a growing list of Internet security vendors adding rootkit-scanning capabilities to their product lines. Finnish anti-virus outfit F-Secure offers the BlackLight rootkit clean-up utility, while BitDefender and others are beta testing similar offerings.

Offensive rootkits, which are typically used by malicious attackers to hide malware on Windows machines, gained mainstream media prominence in November 2005 when it was discovered that Sony BMG used stealthy techniques on music CDs to hide a DRM (digital rights management) scheme.

Rootkits are programs that are used to give a remote user persistent access to a compromised system while avoiding detection from security scanners.

View: Full Article @ eWeek
Download: Rootkit Cleaner @ Sophos



There are 7 additional comments
Advertisement
(2 replies) Quote this comment Reply to this comment #1 Posted by Boz on 24 Aug 2006 - 09:25
I keep getting some can't flush C:// or some crap like that..I'm not using this
Quote this comment #1.1 Posted by skase on 24 Aug 2006 - 10:15
Yeh, same here..
Quote this comment #1.2 Posted by Mantu on 24 Aug 2006 - 11:35
"Sophos Anti-Rootkit will work on a Terminal Services or Remote Desktop
environment but may produce this warning which can be ignored:
'Unable to flush drive C: (already open by another process)'."

From readme file.
Quote this comment Reply to this comment #2 Posted by JamesCherrill on 24 Aug 2006 - 12:27
Claims it can't access my registry. Waste of time & space.
Quote this comment Reply to this comment #3 Posted by Ely on 24 Aug 2006 - 13:00
looks good, trying it right now.
Quote this comment Reply to this comment #4 Posted by mrbester on 24 Aug 2006 - 13:12
"Important information you need to know before installation" (from readme, which is called readsar.txt, so you'd have to guess you need to read it. And you don't.). I like Known Issue #2: "If the scan is performed while the computer is in use...". How does a scan get performed if the computer is not in use?

It's not exactly rocket science to use NSIS to actually be able to install the program. So there isn't any "installation". Plus, you have to have "installed" the program before you can read this file unless you routinely look inside sfxs with WinRAR or similar.

Supplying a SFX that extracts into a directory off the root by default is along the lines of a Dell driver ffs. And in any case, how is this better than SysInternals RootKit Revealer?
Quote this comment Reply to this comment #5 Posted by paxa on 26 Aug 2006 - 03:56
i'm not even going to try it....seems that it gives more problems than solutions
[1]

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.


Scroll to the Top
....
My Preferences
....
Communicating with server
Loading
Please Wait...
....
Loading
 X 
....