I have been trying Sophos Anti-Rootkit. This scanner is similar to F-Secure Rootkit Eliminator, except that it finds more hidden files and advises whether what it finds is malicious. Still not an installed program, and a very spartan interface. But both get the job done, although in my case, there's no job to do. Threatfire, Avast and Comodo with Defense+, plus using Firefox with its NoScript add-on, all seem to do the job of blocking rootkits (and nearly everything else) before they ever get to my hard drive. That is much preferable to removing the nasty things after they set up housekeeping in Windows XP.
Malwarebytes (free version) is now my second-opinion scanner. Super Antispyware's updater started failing with the MS09-035 ATL Patch, and so far, the SAS software engineers are just sitting there scratching their ***(heads)**. (Fill in your own substitute word.) The good news is that Windows Vista and Windows 7 are not affected by the SAS Updater bug. I still like SAS Free as a second-line scanner, but it no longer works on my Windows XP Pro laptop. Malwarebytes Free does work on my computer, so that's what I am using, for the time being. Just about everybody has reviewed MBAM, so it has passed the sniff test in terms of effectiveness.
Also note: Windows 64-bit versions and all versions of Windows 7 do not have any known in the wild rootkit attacks. So if you have one of those versions, all this rootkit stuff need not concern you. Still, what harm can it do to run Sophos AR once in awhile. After all, it is not an active program.
As always, I am solely responsible for the content of this blog. Facts as represented here about products and services are my own observations, based on my experience on my laptop. Your mileage can vary. I have no financial interest in any of the statements made here. When in doubt, do your own research, as I often provide links to reliable resources. I am not compensated, financially nor in any other way, for posting items in this blog.
-- LittleWolf -- Wed., Aug. 12, 2009 -- 12:00 Noon, CDT (USA) --
Edited Sun., Dec. 6, 2009, 2:48 PM CST (USA) by LittleWolf .
