Archive for the ‘AVG Anti-Rootkit Free’ Category

AVG Anti-Rootkit Free – The Verdict

Wednesday, April 11th, 2007

Grisoft has released AVG Anti-Rootkit Free to the general public. The company well known for leading the way in free Anti Virus and Spyware software has had a beta available for a few months and it looks like they have it ready for general release. The verdict is below, but first lets have a look at the program and look at what it failed at later.

AVG Anti-Rootkit Free Frontend

 

 

 

 

 

 

 

 

 

 

I always wonder whether it is a good idea to give users a choice of scans. AVG Anti-Rootkit gives users a choice of “Search for Rootkits” or “Perform in-depth Search”. Surely if I think I have a rootkit then I would like to look everywhere for it.

Grisoft have made a few changes since the first beta like generating a random window name for the software when it is run.

The name it gives is not visible within the window but you can see it in the Taskbar.

AVG Anti Rootkit Free Taskbar Name

It also creates a new instance of an executable with a different executable name from the original and runs this new executable.

Before:
AVG File List 1
After:
AVG File List 2

We can see here that the Program avgarkt.exe has created a new program called 87A.exe. Anything to protect itself from being noticed from Rootkits is always a good thing.
AVG Anti-Rootkit Beta Frontend

 

 

 

 

 

 

 

 

 The beta version had the name AVG Anti-Rootkit Beta as the window title and this could have led the way for rootkit writers to disallow the program from running.

One item missing from the first Beta version is the “Save results in Log” option. This should have been left in so users could use the log to find out more about the rootkit, where it possibly came from and what defences need to increased.

There is no support with AVG Anti-Rootkit Free so if something goes wrong you are not going to get any help from Grisoft. If you do have a problem you can ask a question in our AVG Anti-Rootkit Forum.

AVG Anti-Rootkit Free is only available in English.

Details about AVG Anti-Rootkit Free from Grisoft.

  • Powerful cleaning due to advanced cleaning driver
  • Easy to use interface
  • Fast and efficient detection (even for NTFS-ADS objects)
  • Special interface for visually impaired people

System Requirements:

  • MS Windows 2000 (32-Bit) or MS Windows XP (32-Bit)

    •  

    The Verdict…….

    I ran BadRKDemo from Cardmagic on an XP SP2 PC ( not a virtual machine ) and here we can see it sending output which can be viewed in DebugView. An entry can be seen ——-Rootkit is alive!——-

    BadRKDemo Debugview

    Then I ran AVG Anti-Rootkit Free after rebooting the PC and the scan showed up nothing. I say what else can it not find?

    We also tried BadRKDemo with Rootkit Unhooker and Icesword among other from our software page which was able to “see” it.

    Update: 22 April 2007
    Some people say BadRKDemo is not a “real” Rootkit and that therefore AVG Antirootkit should not find it. I’d say that if a Program like Rootkit Unhooker can find a hidden driver called BadRKDemo.sys I would have more trust in it than one that doesn’t see it. Maybe this is a very simplistic way of looking at it but programs that find hidden things on computers should try and find all hidden things.

    I am very short of time at the moment but I do owe it to the guys and gals over at AVG Antirootkit to give this a really good test and compare it to other anti rootkit programs. Check back soon.

    Keep Safe
    regards

    Steo
    www.antirootkit.com

    Posted in AVG Anti-Rootkit Free, News, Rootkit Scanners | 2 Comments »