Bitdefender Rootkit Remover for Windows released


  1. I ran it on my wife’s laptop, and here’s what I wrote to BitDefender about it:

    Comodo AntiVirus says the x86 version is “suspicious” but I reported it as a false positive because, c’mon, BitDefender is not going to put something bad on anyone’s machine… right?

    However, I’m doubting that it actually did anything because from the moment I clicked on the button to start the scan, until it popped-up a notice that not only the scan, but also removal, were complete, took quite literally one-half second. No software on earth could scan a 320GB hard drive for rootkits in one-half second. This app is obviously not ready for prime time. Please get it right before you unleash it on the universe.

    Tested on 32-bit Vista SP-2 running on a Dell Inspiron 1525 laptop.

    A far more mature and ready-for-primetime anti-rootkit tool is Trend Micro’s “Rootkit Buster;” however, it only works on 32-bit Windows versions. In fact, as it turns out, many of the anti-rootkit tools out there don’t work on 64-bit windows; so be sure to check that before you download and install any of them.

    Pretty much all the other anti-virus software makers offer a free rootkit removal tool, though:

    * Kaspersky’s “TDSSKiller” (focuses on just one family of rootkits)
    * McAfee’s “RootkitRemover”
    * Norton’s “PowerEraser” (removes more than just rootkits)
    * Eset’s “SysInspector” (removes more than just rootkits)
    * Panda “Anti-Rootkit”
    * Sophos “Anti-Rootkit”
    * Avira “AntiRootkit”
    * AVG “Anti Rootkit”
    * SysProt “AntiRootkit”

    And then, of course, there are the old standards:

    * GMER (probably the best of the three)
    * UnHackMe (many consider this not very good)
    * RootRepeal (probably the second best of the three)

    Microsoft’s SysInternals makes “Rootkit Revealer” but it’s not a remover. In fact, it doesn’t really even name specific rootkits as much as it helps one to see activity which, if one knows what one is looking at, may be recognized as a rootkit. It’s more for the real techies out there.

    The truth is, though, that no single anti-rootkit tool will cover everything; and some of them — including even some of what I’ve herein listed — are considered old and out-of-date by people whose entire careers are devoted to computer security. There are also MANY anti-rootkit tools out there, some of which are worse than worthless, and others are very, very good, though many of them only at very specific things. For that reason, it can pay to scan with more than one tool.

    The NT Internals website did some fairly sophisticated testing, during the period from 2008 thru 2011, of the various anti-rootkit tools out there, in three areas…

    Hidden Driver Detection

    Hidden Process Detection

    Hidden Dyamic Link Library Detection

    …to come-up with a useful summary of the capabilities of the various tools out there:

    Another useful feature of that list is that it not only shows all that’s out there (the sheer number of tools is surprising to most), but it also shows which tools, even in 2008, were effectively dead, yet are still be touted out there. Of course, it also shows which tools are alive, and from where to reliably download them. Note the difficulty of finding a tool with plus-signs in all four columns, yet is still alive.

    That’s, in part, why the pros use SysInternals’s “Rootkit Revealer” to just find the rootkit, whatever it is; and then they just do a manual removal. That way, they don’t have to worry about whether the maker of the anti-rootkit software was sufficiently thorough. Doing it that way also eliminates the worry about “zero day” rootkits which are so new that no anti-rootkit software out there could possibly yet have them in their rootkit databases.

    Rootkits are the toughest to detect and remove malware there is. Some of them are so tough, in fact, that only a complete wiping of the disk and a reinstallation of Windows (or a restoral from a clean image) will get the job done. I’ve long hated that solution because it tends to be the go-to method of not-very-well-trained “technicians” in the backs of electronics superstores or office supplies when they get stumped (which is pretty easy to do with those guys). However, there really are times when while it might be possible to find and fix whatever is the problem, the time and energy it takes would actually make at least restoring from a clean image the far better solution; and sometimes reinstalling, altogether, can actually make more sense.

    Use a good anti-virus tool that runs in the background at all times, and acts as a bit of sentry, watching for bad things to happen at any moment and then notify you in realtime. Use, additionally, a manual anti-malware scanner or two to do weekly, manual whole-system scans. I, personally, use “Comodo Internet Security” as my full-time, realtime sentry; and both Malware Bytes and SuperAntiSpyware as my weekly manual whole-system scanners… all freeware.

    The use of those, plus a quarterly rootkit scan using whatever are the three best freeware tools at the moment; plus the use of a HOSTS file to block access to malware-laden websites; plus OpenDNS for anti-phishing protection; plus a monthly use of Spyware Blaster to manually “innoculate” the browser; plus the browser plug-ins “Adblock-Plus” and “Ghostery” and “DoNotTrackMe”; plus the use of the Iron browser by SRWare instead of Chrome (to stop all of Chrome’s privacy violations, yet still provide an exact duplicate of all other aspects of Chrome) all combine, on my system, to create a virtually impenetrable fortress past which, so far, nothing has gotten. And it’s all freeware.

    But, hey… that’s just me.

    Hope that helps!

    Gregg L. DesElms
    Napa, California USA
    gregg at greggdeselms dot com

  2. Thanks for the great, and as usual detailed, comment. Yes, this tool does give the impression that it is not ready for prime-time yet. And that is surprising, considering the fact that it comes from Bitdefender.

    We have already covered some of the other anti-rootkits mentioned by you and will have a look at the others too.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 + 4 =