Anti Rootkit Blog

Panda Software, one of the world’s leading Internet Security companies has officially released it’s Anti Rootkit Product called Panda Antirootkit. It was released in Beta in December 2005 and has had over 20000 downloads to date.

“Panda AntiRootkit is a free utility that performs in-depth scans of your computer in search for hidden resources, identifying and disinfecting known and unknown rootkits. Unlike other rootkit utilities which merely “reveal” hidden objects, Panda AntiRootkit positively identifies known and unknown rootkits and gives the option of removing them, including their associated registry entries, processes and files.

In addition Panda AntiRootkit has an Exhaustive Scan Monitor (requires reboot) capable of monitoring drivers and processes loading at boot time. It’s unique technology does this at a lower level than any other AntiRootkit utility, therefore revealing all hiding techniques used by the latest generation rootkits.

Panda AntiRootkit discovers hidden files, registry entries, drivers, processes, modules, SDT modifications, EAT hooks, modifications to IDT, non-standard INT2E, non-standard SYSENTER, IRP hooks, and much more. Among many things we have added an extended .CSV report which can be exported for consulting detailed information of hidden objects found, and some interface process refinements.

Panda AntiRootkit runs on Windows 2000 SP4 and Windows XP and above. For a version that runs on servers please contact your local Panda Technical Support office. Keep in mind that Panda AntiRootkit is not an antivirus solution nor does it provide real-time protection. If Panda AntiRootkit has detected and disinfected a rootkit from your system, we still recommend that you run a complete AV scan afterwards to delete any malicious files that might be left over.”

Panda Antirootkit can also be run from a commandline with certain switches so that it can be run from Login Scripts across the corporate network.

Antirootkit.com – Panda Antirootkit
Panda Research Blog

regards
Steo
www.antirootkit.com

It was in the early hours of this morning that I wrote about McAfee releasing Rootkit Detective and lo and behold I got an email this afternoon informing me about Panda Software Anti-Rootkit codenamed Tucan a new Rootkit scanner from Panda Software.

It has just been released as a Public Beta.

Here is some info from Panda:

Panda AntiRootkit (Codename Tucan) shows hidden system resources, identifying known and unknown rootkits. Tucan analizes the following system components:

- Hidden drivers
- Hidden processes
- Hidden modules
- Hidden files
- Hidden registry entries
- SDT modifications
- EAT hooks
- Modification to the IDT
- Non standard INT2E
- Non standard SYSENTER
- IRP hooks
- And more… 

The download file is a 219Kb rar file, quite small in comparison to McAfee’s Rootkit Detective.

It comes as a single file program and so there is no installation. Just unarchive the file and run it. When I first ran it, it came up with a suspected rootkit. It just gives a name but no details about whether it was a hidden process, hidden file, etc.. so it is hard to make a judgement on whether it is a false positive as so many rootkit scanners seem to come up with.

This product is still in Beta so I am sure the good people over at Panda Software will have it finely tuned before it is fully released. Download it and provide a bit of feedback to Panda about it.

More information can be found about the release from the Panda Software Research Team and there is some very good documentation on Panda Anti-Rootkit is available on the Panda Website.

Watch this space and we’ll see who is next to release a dedicated Rootkit scanner.

Keep Safe,
regards
Steo

www.antirootkit.com