The Last HOPE
-->
         
         
Email us! Subscribe to Liquidmatrix!

Anti-Rootkit Tools

Blacklight

F-Secure BlackLight Rootkit Elimination Technology detects objects that are hidden from users and security tools and offers the user an option to remove them. The main purpose is to fight rootkits and all kinds of malware that use rootkits. The F-Secure BlackLight Rootkit Elimination Technology works by examining the system at a deep level. This enables BlackLight to detect objects that are hidden from the user and security software.

Download Trial (commercial)

Rootkit Hunter

This tool seeks out popular UNIX and Mac rootkits and removes them.

Screen Capture

Download

chkrootkit

chkrootkit is a tool that can check locally for signs of rootkits on *nix-based systems.

Download

RootkitRevealer

RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don’t attempt to hide their files or registry keys).

Download

AIDE

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more.

There are other free replacements available so why build a new one? All the other replacements do not achieve the level of Tripwire. And I wanted a program that would exceed the limitations of Tripwire.

Download

Radmind

At its core, radmind operates as a tripwire. It is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.

Download

Sophos Anti-Rootkit

Benefits of Sophos Anti-Rootkit version 1.3 release candidate:

* Enhanced detection and clean-up facilities
* Uses standard Windows procedures for install and uninstall

When you download, you’ll be able to choose version 1.3 - or version 1.2 if you want a fully supported version of Sophos Anti-Rootkit.

Download

Tripwire

Tripwire Enterprise enables configuration auditing and control by detecting all change across the IT infrastructure, automatically correlating change with multiple acceptance criteria and generating actionable change reports. Tripwire Enterprise detects and analyzes changes to millions of elements (e.g. files, directories, registry settings, directory server objects, and configuration files) on servers, databases, network devices, desktops and directory servers. It improves configuration control by alerting you of any change and enabling quick remediation.

Link (commercial)

Comments are closed.