Panda Software releases Panda Anti-Rootkit - Codename Tucan
It was in the early hours of this morning that I wrote about McAfee releasing Rootkit Detective and lo and behold I got an email this afternoon informing me about Panda Software Anti-Rootkit codenamed Tucan a new Rootkit scanner from Panda Software.
It has just been released as a Public Beta.
Here is some info from Panda:
Panda AntiRootkit (Codename Tucan) shows hidden system resources, identifying known and unknown rootkits. Tucan analizes the following system components:
- Hidden drivers
- Hidden processes
- Hidden modules
- Hidden files
- Hidden registry entries
- SDT modifications
- EAT hooks
- Modification to the IDT
- Non standard INT2E
- Non standard SYSENTER
- IRP hooks
- And more…
The download file is a 219Kb rar file, quite small in comparison to McAfee’s Rootkit Detective.
It comes as a single file program and so there is no installation. Just unarchive the file and run it. When I first ran it, it came up with a suspected rootkit. It just gives a name but no details about whether it was a hidden process, hidden file, etc.. so it is hard to make a judgement on whether it is a false positive as so many rootkit scanners seem to come up with.
This product is still in Beta so I am sure the good people over at Panda Software will have it finely tuned before it is fully released. Download it and provide a bit of feedback to Panda about it.
More information can be found about the release from the Panda Software Research Team and there is some very good documentation on Panda Anti-Rootkit is available on the Panda Website.
Watch this space and we’ll see who is next to release a dedicated Rootkit scanner.
Keep Safe,
regards
Steo
rootkit