RootkitBuster
Scan for hidden files, registry entries, processes, drivers, and Master Boot Record (MBR) rootkits. Trend Micro RootkitBuster can also clean hidden files and registry entries.
Download
Trend Micro RootkitBuster is a rootkit scanner that offers ability to scan for hidden files, registry entries, processes, drivers and hooked system services, and MBR. It also includes the cleaning capability for hidden files and registry entries.
Master Boot Record (MBR) rootkit detection, gives RootkitBuster the ability to detect hidden MBR content. It can spot all variants of MBR rootkit in the wild. MBR rootkits first began appearing in the wild late 2007. New variants continue to appear.
Hardware
- Intel(TM) Pentium(TM) or compatible processor
- 256MB of RAM, 512MB of RAM is recommended
- At least 50MB of available disk space
Software
- Microsoft Windows 2000 Professional/Server/Advance Server
- Microsoft Windows 2003 Standard/Web/Data Center/Enterprise Server
- Microsoft Windows XP Home/Professional with SP2 or above
- Windows Vista SP1/without a service pack
Feedback
Although Trend Micro does not provide free technical support for RootkitBuster, we do encourage you to provide your feedback and suggestions regarding your experience with this free tool.
Frequently Asked Questions
- What is RootkitBuster?
- What is a rootkit?
- What is a Master Boot Record (MBR) and MBR rootkit?
- Will an MBR scan be performed before file scan?
- How to clean a MBR rootkit if the user finds an infection?
- What’s the difference between RootkitBuster and other security provider’s MBR rootkit detector?
- How do Trend Micro products detect rootkits?
What is RootkitBuster?
Trend Micro™ RootkitBuster is a free rootkit scanner that scans hidden files, registry entries, processes, drivers, and the master boot record (MBR) to identify and remove rootkits.Where to download: http://www.trendmicro.com/download/rbuster.asp
What is a rootkit?
Rootkits are malware programs that conceal malicious activity by manipulating system components. Many rootkits are able to hide drivers, processes, and registry entries from tools that use common system APIs.What is a Master Boot Record (MBR) and MBR rootkit?
Please refer to:MBR:
http://en.wikipedia.org/wiki/Master_boot_record
MBR rootkit:
http://blog.trendmicro.com/mbr-rootkit-a-web-threat/
http://blog.trendmicro.com/new-mbr-rootkit-variant -mbr-rootkit-vs-anti-rootkit/
Will an MBR scan be performed before file scan?
Yes. If the user chooses the option “Files and Master Boot Record (MBR)” and clicks “Scan”, Rootkit Buster will check for MBR rootkits first. So if “Current Target” shows RootkitBuster has already started to scan files, then the MBR rootkit scan is over.How to clean a MBR rootkit if the user finds an infection?
RootkitBuster only provides functionality to detect the MBR rootkit. The infection can be cleaned by using the fixmbr command of Microsoft Recovery Console, please refer to:http://support.microsoft.com/kb/314058
What’s the difference between RootkitBuster and other security provider’s MBR rootkit
detector?
RootkitBuster is the only detector that can detect all variants of MBR rootkit on its supported platforms. RootkitBuster has a high detection rate against active rootkits, according to the latest review done by avtest.org.How do Trend Micro products detect rootkits?
All Trend products have anti-rootkit support. Trend Micro desktop products such as OfficeScan, Trend Micro Internet Security, and Client Server Messaging use the common module RCM (Rootkit Common Module) and scan engine to detect and clean active rootkits. Trend Micro scan engine rootkit detection has been rated “++” in a recent review done by avtest.org:(test result can be used externally)
http://www.av-test.org/
http://sunbeltblog.blogspot.com/2008/03/march-test-results-of-antivirus.html
http://www.sunbelt-software.com/ihs/alex/Results_2D2008m3.xls
