Tuesday, January 06, 2009

SysProt AntiRootkit v1.0.0.8 released

A few key improvements were made in driver detection and disabling mechanisms, and hence here's the latest version of SysProt AntiRootkit :) The SysProt AntiRootkit v1.0.0.8 successfully detects and removes Zlob rootkits (TDSServ or Alureon family).

Similar to the steps followed in the case of GMER (as mentioned in the previous post), SysProt AntiRootkit requires two reboots to completely remove rootkit driver and its Registry entry. Following screenshots show SysProt AntiRootkit detecting Zlob rootkit driver and injected DLL:



Steps to remove Zlob rootkit driver:
  • Run SysProt AntiRootkit v1.0.0.8 and click "Kernel Modules" tab.
  • SysProt AntiRootkit shows rootkit/hidden drivers in red color. Click on the rootkit driver's entry and the click "Disable"
  • Reboot the PC
  • Repeat steps 1 to 3 (SysProt AntiRootkit will detect the same rootkit driver again)
Now, all the malicious files dropped by Zlob should be unrooted and hence "visible" to standard anti-malware scanners.

More information, changelog and download link for SysProt AntiRootkit v1.0.0.8 can be found at following locations:
MajorGeeks
Softpedia
SysProt AntiRootkit primary download page

Feedbacks are welcome :)

Labels: , ,

4 Comments:

Anonymous Anonymous said...

Thanks, here's a download mirror:

http://www.freewaregeeks.com/index.php?page=detail&get_id=865&category=64

10:59 PM  
Blogger swatkat said...

Thanks for hosting it :)

5:35 PM  
Anonymous Peter said...

Is everything that shows up in red, in the kernel tab, a bad thing?

11:44 PM  
Blogger swatkat said...

@Peter,

No! If you are unsure of the results, please consult in any of computer security forums for proper diagnosis and removal of rootkit.

9:48 PM  

Post a Comment

<< Home