Trend Micro ships free 'rootkit buster'

Summary:Trend Micro has quietly released a rootkit scanning/cleaning utility, belatedly joining the list of anti-vendors pushing out free standalone tools to nab the stealthy computer threats.

Trend Micro has quietly released a rootkit scanning/cleaning utility, belatedly joining the list of anti-vendors pushing out free standalone tools to nab the stealthy computer threats.

Trend Micro's new RootkitBuster offers the ability to scan for hidden files, registry entries, processes, drivers and hooked system service. It also includes a cleaning capability for hidden files and registry entries.

The anti-virus company never announced the release of the tool, but a quick scan of the usual rootkit discussion forums provides hints that it has been available for a few months.

Trend Micro Rootkit Buster

I haven't had a chance to pit RootkitBuster against the many rootkits available for download at rootkit.com but, affording to this reviewer, it holds up fairly well to scrutiny:

Simple as it is, RootkitBuster actually doesn't do a bad job. The program runs as-is (no installation needed) and scans five areas: file system, Registry, running processes, drivers, and any operating system-level service hooks. The results are automatically exported to a log file, and if anything's detected you can opt to have it deleted (with a forced reboot afterward to insure deletion).

The release of standalone rootkit-cleanup tools from anti-virus vendor is a direct result of Mark Russinovich's expose of Sony's use of rootkit functionalities in its controversial DRM scheme.

At the time, anti-virus vendors were largely clueless about the extent of rootkit infections. In the minds of many, the Sony rootkit episode was an indictment of the incompetence of a computer security sector that stood idly by while dangerous rootkits were being hidden on millions of machines.

Since then, with an exception or two, there has been a mad scramble to add rootkit detection to existing products and roll out free standalone tools but, as recent survey (PDF) by Roger Thompson shows, most are not very good.

As the security vendors struggle to keep pace, researchers are plowing ahead with advanced forms of offensive rootkits. The new Unreal.A is a perfect example. The demo rootkit uses a series of tricks to bypass all modern anti-rootkit tools, including the highly rated RootkitRevealer from Microsoft's Sysinternals unit, and illustrates clearly just how much catching up is left to do.

Topics: Malware

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.