Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: ONT on March 18, 2010, 07:31:23 AM

Title: Antirookit Tool
Post by: ONT on March 18, 2010, 07:31:23 AM

Hi

I need Avast Antirootkit Tool download link.Does anyone have?


Regards

Title: Re: Antirookit Tool
Post by: Pondus on March 18, 2010, 07:42:40 AM

List of Rootkit tools
http://www.kernelmode.info/forum/viewtopic.php?f=11&t=10

Title: Re: Antirookit Tool
Post by: ONT on March 18, 2010, 07:59:55 AM

Oh, there are lots of antirootkit tools, but which of them have

1)Best detection rate
2)Detects rootkits on all partitions (Some of them scan only System Drive e.g Avast)
3)Less Scan Time

Title: Re: Antirookit Tool
Post by: Tarq57 on March 18, 2010, 08:28:42 AM

You should also be concerned with false positives.
This is a bit of a misnomer (not really a false positive) because many valid applications might have components which some anti-rootkits will detect.
What ever you use, check with someone who knows how to interpret the result before removing anything.
 

Title: Re: Antirookit Tool
Post by: Asyn on March 18, 2010, 11:50:46 AM

Quote from: ONT on March 18, 2010, 07:31:23 AM

Hi

I need Avast Antirootkit Tool download link.Does anyone have?


Regards

i think some kind of antirootkit is implemented in avast.
am i wrong?

Title: Re: Antirookit Tool
Post by: ONT on March 19, 2010, 08:58:45 AM

I've used Avast antirootkit tool, but I am facing a problems

1)When I select "Hidden Registry Keys and Values" option and when the tool starts scanning registry values, it crashes and stopped. The crash text file is attached.If I uncheck "Hidden Registry Keys and Values"


2)Also how do I scan partitions other than C Drive from this tool?

Title: Re: Antirookit Tool
Post by: Tarq57 on March 19, 2010, 10:00:00 AM

I can't say why the tool crashes, nor make any sense of the txt file.
Dark and mysterious are the ways of the Alternate Data Stream.
The fact that rootkits make use of the ADS - which is part of the OS, may be the reason other partitions that do not have an OS running on them can not be scanned: they do not need to be.
If the OS has access to the other partition or drive, any rootkit files present on that partition or drive that are able to be detected will be detected as part of the OS process. Does that make sense?
I can't explain it much better/deeper than that, because I lack the detailed knowledge to, sorry.

Why don't you try one of the other rootkit tools, like TM Rootkit buster, or Darkspy (mcafee), or the Prevx Gromozon (specialist group of infections)
More links here. (http://downloads.andymanchesta.com/antirk.html)