So, let's continue to look at applications that can help us get rid of rootkits on our PCs. The previous part of the article is available.

Sophos Anti-Rootkit

This is a fairly compact application for fighting rootkits, which has a simple and intuitive interface (something that “professional” utilities lack). The utility scans the registry and critical, according to developers, system directories, identifying hidden objects. Sophos Anti-Rootkit requires installation on the system. Unlike most other programs with similar functions, this application warns the user about the possible impact on the performance and functionality of the OS if a particular rootkit is removed.

When launched, the program will prompt us to choose what exactly will be scanned. Frankly, it's better to scan everything. Excluding even one item (system registry, running processes and local disks) will leave a loophole for rootkits entrenched in the system. After scanning the objects detected by Sophos Anti-Rootkit (Symantec Antivirus, Kaspersky Antivirus modules, virtual CD-ROM drivers, etc. are consistently included there), you need to select those that you decided to delete, agreeing that they are extremely suspicious.

To make the decision easier, the program even provides descriptions of the objects found with a number of recommendations. In order to read it, you need to select the found object.

In addition, the application provides the full path to the object and a number of additional information in its description. You can study the found object, look up information about it on the Internet, and only then make an informed decision. After making your selection, all that remains is to click on the “Clean up checked items” button.

RootRepeal

For some reason this application is quite rarely used and described. Meanwhile, RootRepeal is a very good and effective tool that allows you to detect many variants of rootkits.

This program is portable, although not as intuitive as Sophos Anti-Rootkit, but with minimal effort on the user's part it can be of great help in detecting malware. However, it does not automatically indicate to the user that this is where the rootkit is located, but provides information (running processes, files in use, hidden processes, hooks, information about the system kernel, etc.) that the user will have to analyze and evaluate himself.

After analyzing and detecting suspicious processes, you can search for their descriptions on the Internet and, if necessary, use the RootRepeal toolkit to erase files, terminate processes, or edit registry keys.

AVZ

The last one I left was the AVZ utility, which is well known to many - Zaitsev's antivirus. This is a tool with a huge number of functions that, among other things, can help in the fight against rootkits. AVZ does not require installation (portable). It is updated quite regularly.

To scan and detect rootkits lurking in the depths of the system, you need to select the desired drive or directories in the “Search Area”. AVZ perfectly recognizes rootkits, which can be removed automatically or can make decisions on a case-by-case basis (editor's note: you can set options for AVZ actions in certain cases in the program settings).

The search for rootkits occurs in AVZ based on a study of basic system libraries to intercept their functions, that is, without using signatures. What is valuable about this application is that it can correctly block a number of possible countermeasures from rootkits. Therefore, the utility's scanner can detect disguised processes and registry keys.

Of course, false positives are also possible. Therefore, be careful what you wash with AVZ. With the help of AVZ it is also possible to restore a number of system functions after an attack by viruses and rootkits. It's also quite useful.

Let's sum it up

We reviewed a number of programs that will help detect rootkits on computers and laptops. It should be noted that most commercial and free antiviruses have already acquired quite powerful units for detecting and removing rootkits. Moreover, in the near future, I predict a significant decrease in the interest of ordinary users in anti-rootkit solutions, since the corresponding modules of anti-virus solutions will be improved, and the average user has no interest in delving into processes, drivers and files themselves. He is interested in quick and preferably without extra effort results. While traditional antivirus programs are far from being the standard for detecting rootkits, for this type of user I would recommend Sophos Anti-Rootkit. But for complex cases you will still have to use GMER or AVZ and improve your skills. These instruments will not completely disappear from the scene any time soon.