Rootkit Buster comes from one of the gurus in the anti-virus area: TrendMicro. The program is just a zipped executable (exe) file of 1 Megabyte in size. Rootkit Buster starts its scan from the Master Boot Record (MBR) of your hard disk and then carries on with hidden files, hidden registry values, hidden processes and finally hidden drivers.
Rootkit Buster displays its findings in a window and lets you delete them by clicking the "Delete Selected Items" button. When everything is complete, the system displays a log file.
Panda is another anti-rootkit detection and removal tool. Panda runs as a three-step process: First step deeply scans your computer, second steps removes the findings and third step presents a report. When the program starts up, it asks you if you want to enable automatic updates; I strongly recommend you to enable this.
Panda does not leave anything to chance: in its scan, it checks the hidden drivers, the program modules that are running, registry values, non-standard connections such as IRP connections and goes as deep as possible. With this paranoid search, it leaves nothing to do for the rootkit applications.
You can download the product from Download.com.
I have placed a couple of rootkits on my virtual Windows machine running XP SP3 and let all programs do their job. Panda and Avira could find and clean them all with a 100% rate, but Avira's scan took a little bit longer. Therefore my evaluation is as follows:
- Panda Anti-rootkit
- Avira Anti-rootkit Beta
- TrendMicro Rootkit Buster Beta
- Sophos Anti-rootkit
My evaluation is based as follows:
- One point for overall rootkit detection: Finding all receives one point.
- One point for scan speed: Relative. Top two gets one point.
- One point for finding the download page: If it's hard to find, lose this point.
The base point is 2, to think, develop and make a freely available program to take care of rootkits.