Because they resist detection by security software, rootkits can be hard to remove once they get onto a computer.

Trend Micro™ RootkitBuster can find rootkits by checking the following:

Master Boot Record (MBR) Files Registry entries Kernel code patches Operating system service hooks

File streams Drivers Ports Processes Services

By cleaning or removing hidden files, registry entries, and services, Trend Micro RootkitBuster can eliminate a wide and ever-growing number of rootkit variants.

Hardware

• Intel™ Pentium™ or compatible processor
• 256MB of RAM (512MB recommended)
• At least 50MB of available disk space

Operating System

• Windows® 2000 Professional/Server/Advance Server
• Windows® 2003 Standard/Web/Data Center/Enterprise Server
• Windows® XP Home/Professional with Service Pack 2 or 3 (SP2 or SP3)
• Windows Vista® with or without Service Pack 1 (SP1)
• Windows® 7

Note: This software cannot run on the 64-bit versions of these operating systems.

Feedback

Although Trend Micro does not provide technical support for RootkitBuster, feel free to provide your feedback about your experience with this tool.

Download full FAQ

Frequently Asked Questions

• What is RootkitBuster?
• What is a rootkit?
• What is a Master Boot Record (MBR) and what is a MBR rootkit?
• Can I check for MBR rootkits before scanning files?
• How do I remove an MBR rootkit after finding one?
• How is RootkitBuster different from other rootkit detectors?
• How does Trend Micro detect rootkits?
 

What is RootkitBuster?

Trend Micro™ RootkitBuster is a free tool that scans hidden files, registry entries, processes, drivers, and the master boot record (MBR) to identify and remove rootkits.

http://www.trendmicro.com/download/rbuster.asp




What is a rootkit?

Rootkits conceal their activities by manipulating parts of a computer's operating system. Many rootkits can hide drivers, processes, and registry entries from tools that use common system APIs. If used for malicious purposes, they can be very difficult to remove.




What is a Master Boot Record (MBR) and what is a MBR rootkit?

Please refer to these websites.

Master Boot Record:
http://en.wikipedia.org/wiki/Master_boot_record

Master Boot Record Rootkit:
http://blog.trendmicro.com/mbr-rootkit-a-web-threat/
http://blog.trendmicro.com/new-mbr-rootkit-variant -mbr-rootkit-vs-anti-rootkit/




Can I check for MBR rootkits before scanning files?

Yes. Mark the “Files and Master Boot Record (MBR)” checkbox and click the “Scan” button.




How do I remove an MBR rootkit after finding one?

Use the fixmbr command in the Microsoft Recovery Console. For more information, visit this website:

http://support.microsoft.com/kb/314058




How is RootkitBuster different from other rootkit detectors?

RootkitBuster is the only detector that can detect all MBR rootkit variants on supported platforms.




How does Trend Micro detect rootkits?

Trend Micro OfficeScan, Trend Micro Internet Security, and Client Server Messaging use the Rootkit Common Module and scan engine to detect and clean active rootkits. As new types of rootkits emerge, Trend Micro continuously adds to and improves on the technologies used to detect and remove them.