Anyone use Trend Micro's RootkitBuster? I've had it on my computer for a while, but rarely use it. I decided to run a scan today and came up with 63 items -- a number of them in the Services category. Some of those (such as Sandboxie) sure didn't look like problems, but how do you know which ones to delete and which one to keep? I'm sure that getting a little too happy with the delete button could cause some real problems.
Anyone use Trend Micro's RootkitBuster? I've had it on my computer for a while, but rarely use it. I decided to run a scan today and came up with 63 items -- a number of them in the Services category. Some of those (such as Sandboxie) sure didn't look like problems, but how do you know which ones to delete and which one to keep? I'm sure that getting a little too happy with the delete button could cause some real problems.
Just ran it, it found a bunch of stuff that I know to be harmless, and I don't know enough about the other stuff to know what to delete. I'm gonna leave it alone, in the absence of any other symptoms.
As it's free and standalone I had a look at it as well.
Just seemed to be flagging legitimate reg entries and files, which other root kit scanners don't pick up.
Not for me.
Don't delete anything except for that Rootkit app. Yikes.
Trend Micro's RootkitBuster doesn't support System Service Despatch Table checking which in my opinion is an essential requirement for rootkit detection.
I can't say I've had any false positive results with the registry scan, however I'm less than impressed with this program.
If you want to try other rootkit detects then I would recommend: Radix Antirootkit, Kernel Detective, Rootkit Unhooker, Rootrepeal and IceSword (run from a clean boot).
Richard S.
It does flag some harmless stuff, if you have Microsoft's User Profile Hive Cleanup Service it will flag that and some other stuff, however once used to it and I am you can easily notice safe from harmful, albeit they really shouldn't be showing people harmless system related stuff. My main complaint about it however is the extra tall UI which is downright strange.
Some other rootkit scanners do the same, such as the one in Avira AntiVir free always finding 1 or 2 hidden harmless items created by Windows itself one in particular belonging to a "license" key - but at least it doesn't allow for actually removing those - more like a false positive or nuisance than anything.
I wonder though if using something like my current anti-malware scanners setup even needs a standalone rootkit scanner?:
* Microsoft Security Essentials
* Malwarebytes' Anti-Malware
* Emsisoft Anti-Malware
* ClamWin Portable
It does flag some harmless stuff, if you have Microsoft's User Profile Hive Cleanup Service it will flag that and some other stuff, however once used to it and I am you can easily notice safe from harmful, albeit they really shouldn't be showing people harmless system related stuff. My main complaint about it however is the extra tall UI which is downright strange.
Some other rootkit scanners do the same, such as the one in Avira AntiVir free always finding 1 or 2 hidden harmless items created by Windows itself one in particular belonging to a "license" key - but at least it doesn't allow for actually removing those - more like a false positive or nuisance than anything.
I wonder though if using something like my current anti-malware scanners setup even needs a standalone rootkit scanner?:
* Microsoft Security Essentials
* Malwarebytes' Anti-Malware
* Emsisoft Anti-Malware
* ClamWin Portable
Adavari, I would have said no years ago.
But current experience says yes.
You do have to be careful which rootkit buster you use, because some are overly zealous, & flag illegitimate stuff.
But there are rootkits that go right by Malwarebytes/Emsisoft and come up clean.
Some of the rootkits out there now are pretty sophisticated & use advanced techniques to disguise themselves.
Some even block security apps from running & have a list of known good...
Some also hook themselves into the login process so they can load with Safe Mode to try to further deter detection/retain control over the PC