Downloads

Download Sophos Anti-Rootkit 1.0

By admin
Spread the love

The security company Sophos has developed a program that can detect so-called rootkits. In short, one rootkit a piece of usually malicious software that nestles so deep in the system that it can hardly be detected with conventional means. The Sophos program can run under Windows NT, 2000, XP and 2003 Server in both Windows and from the command line. More information can be found in this manual. Because this is the first release, there is no changelog, but there are the following release notes:

key features

  • Scans running processes, windows registry and local hard drives for rootkits.
  • Identifies known rootkits and selects, by default, files for removal which will remove the rootkit component of the malware without compromising OS integrity.
  • Allows users to remove unidentified hidden files, but does not allow removal of essential system files when hidden by an identified rootkit.
  • Once the user has run a scan, the screen prompts the user through the necessary steps until every rootkit has been removed.
  • Users can switch between the GUI and command-line functionality.
  • Both context sensitive and command-line help are available.

known issues

  • Sophos Anti-Rootkit will work on a Terminal Services or Remote Desktop environment but may produce this warning which can be ignored: ‘Unable to flush drive C: (already open by another process)’.
  • If the scan is performed while the computer is in use, false positives may appear in the scan results. This is caused by files or registry entries being deleted, including temporary files being deleted automatically.
  • The malware ‘Troj/SysBDr-E’ can cause the entire machine to slow down to such an extent that the scan may never complete.
  • It may not be possible to clean up files on a removal drive or USB key. This is because the clean up component runs before the device drivers are loaded in the boot sequence.
  • When specifying the location of the clean up log on the command line (sarcli -cleanlog=…), it must be on a local drive rather than a network share. This is because the clean up component runs before the network drivers are loaded in the boot sequence.
  • The sarscan.log is cumulative and each entry is timestamped. The sarclean.log only contains the results of the last cleanup operation and there is no timestamp apart from the one on the file itself.
  • If rootkit components are found on a drive which uses NTFS compression, it may not be possible for SAR to identify them. In this case they will be reported as “Unknown hidden file”.
  • Unidentified hidden files cannot be removed via the command line.

[break]

Version number 1.0
Operating systems Windows NT, Windows 2000, Windows XP, Windows Server 2003
Website Sophos
Download
File size

1.07MB
License type Freeware
You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support