McAfee release a new Rootkit Scanner -Rootkit Detective

How many new Rootkit Scanners were released in 2006?
I make it at least 11 give or take a few.

There is a big trend for the big Anti Virus companies to release dedicated rootkit scanners. In 2006 Sophos, AVG, Avira and Trend Micro were some of the big names who brought us dedicated rootkit scanners.

McAfee have now released their own rootkit scanner called Rootkit Detective and have made it freely available to from thier website. This is an interesting development as the page it can be downloaded from is the original Stinger page. It will make sure that McAfee get a lot of exposure as Stinger is one of the well known malware removers around.

Here is some info from the McAfee page on Rootkit Detective:

“McAfee Rootkit Detective Beta is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system.

McAfee Rootkit Detective should only be used by knowledgeable individuals at the direction of, and with the support of, a representative from McAfee Avert Labs or McAfee Technical Support. Improper usage of this tool could result in damage to your applications or operating system.”

Features

Following are the features of this program that are designed to proactively detect and clean rootkits from the system. This program is not dependent on any signatures and can proactively detect most of the existing and upcoming rootkits and allow the user to clean them.

Designed to proactively detect the system objects like processes, files and registry that are hidden to the user.
Provides information about all running processes in the system.
Provides information about various system hooks like SSDT(System Service Descriptor Table) hooks, user/kernel IAT/EAT(Import/Export Address Table) hooks.
Allows the user to clean/remove the malicious objects from the system by renaming/deleting the hidden files/registry.
Allows the user to terminate the malicious processes.
Users can submit samples using the submission feature present in the tool.
Users can also collect the samples manually after renaming them and submit to stinger@avertlabs.com for further analysis.

Rootkit Detective log file contains details of the hidden files. The files once renamed after reboot will have a .REN extension.

McAfee Rootkit Detective Front End

Once again this shows how big a threat the big anti virus companies see rootkits. Panda Software Pandalabs recently said in a report that they see rootkits as a bigger threat in 2007.

Keep Safe
regards
Steo

www.antirootkit.com

This entry was posted on Friday, January 5th, 2007 at 1:46 am and is filed under McAfee, News, Rootkit Scanners. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “McAfee release a new Rootkit Scanner -Rootkit Detective”

Tom Wilson says:

January 5, 2007 at 4:02 pm

I tried several rootkit scanners and for me Mc Afee’s Rootkit Detective is one of the best. It gives you opportunity to set the scan options that fit best for your needs. It is fast as a shark and produces no false-positives.
Also the logfile feature is unique.
Last but not least: I like the concise easy to use user interface.

After that said, I have to admit that non of the anti-rootkit tool I tested found a danger hidden process on any of my computers. So in the past rootkits were not a big threat for me but it’s good to be on the safe side with all these free tools.
steo says:

January 5, 2007 at 5:53 pm

Tom,
thanks for the comment. I do find the interface nice. It is also fast.

The one problem I found is that it cannot find some of the more hard to find rootkits like Rustock.B

It is a start though and hopefully after Beta it will be able to find more rootkits than it currently can.

regards

Steo

Anti Rootkit Blog