AVG Anti-Rootkit

Computer Help and Discussions Software
1

http://www.softpedia.com/progDownload/AVG-...load-48738.html

anyone feel like trying this one out?

2

Downloading it now to give it a go.

3

http://www.softpedia.com/progDownload/AVG-...load-48738.html

anyone feel like trying this one out?

Haven't tried it yet, but found these comments on another forum:

http://www.wilderssecurity.com/showthread.php?t=144645

I am waiting to see how things go.

Normandie

4

Downloaded right now. Did a full system scan and no rootkit found :D

It's a nice app.

5

I don't like the fact that it has to be installed(and required a reboot). True its a very small file but none of the other rootkit scanners require a install/reboot. Its hard to say which one of the rootkit programs is the best, the most widely used is still blacklight but there seems to be new ones every month.

Hopefully someone will do some extensive tests over at spywareinfo or spywarewarrior soon.

6

Here's what I found out:

  • Installation doesn't create a System Restore point!
  • Installation requires a reboot because it installs a couple of drivers

    in ‘C:\Windows\System 32\drivers’

    The two files are: ‘anti_rkt.sys’ and ‘cleandrv.sys’

  • It writes registry data into:

    ‘HKEY_LOCAL_MACHINE\Software\AVGAntiRootKitBeta’

    ‘HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG_ANTI-ROOTKIT’

    ‘HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG_CLEAN_DRIVER’

  • The default scan is fast, even the thorough in-depth scan which checks

    all hard disks is rather fast.

  • The GUI is probably too big at it's default size for some monitors and/or

    display settings.

  • It can be uninstalled from 'Add or Remove Programs' in the Control Panel.
  • In order to remove the registry data it writes into

    ‘HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root’ you have to use a

    System Restore point from before the installation, or use an ERUNT backup.

I would much prefer it didn't write any data into the registry or require the installation of drivers.

Screenshot (click to enlarge):

aar1bss.png.xs.jpg

7

remember that it's still in beta ;)

8

Yeah it's still a beta. But what I don't understand is why are allot of the AV developers starting these anti-rootkit programs when they could just add the detection into their already available anti-virus and anti-spyware software versus needing yet another program.