Jump to content


Sophos? Free Anti-Rootkit

  • Please log in to reply
2 replies to this topic

#1 Chachazz


    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 24 August 2006 - 07:28 AM

Sophos Anti-Rootkit
Eliminates hidden applications and processes

Removing rootkits without compromising system integrity is particularly challenging and needs to be done with care. Free Sophos Anti-Rootkit finds and removes any rootkit that is hidden on your computer Sophos Anti-Rootkit provides an extra layer of detection, by safely and reliably detecting and removing any rootkit that might already have secreted itself onto your system.

Using Sophos Anti-Rootkit is straightforward.
Whether you use its simple graphical user interface or run it from the command line you can easily detect and eliminate any rootkits on your computer.

More Info & Download: Sophos Anti-Rootkit

#2 Chachazz


    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 24 August 2006 - 07:31 AM

Sophos Anti-Rootkit 1.0 Release Notes
1. Key features
  • Scans running processes, windows registry and local hard drives for rootkits.
  • Identifies known rootkits and selects, by default, files for removal which will remove the rootkit component of the malware without compromising OS integrity.
  • Allows users to remove unidentified hidden files, but does not allow removal of essential system files when hidden by an identified rootkit.
  • Once the user has run a scan, the screen prompts the user through the necessary steps until every rootkit has been removed.
  • Users can switch between the GUI and command-line functionality.
  • Both context sensitive and command-line help are available.
2. Known issues
  • Sophos Anti-Rootkit will work on a Terminal Services or Remote Desktop environment but may produce this warning which can be ignored: 'Unable to flush drive C: (already open by another process)'.
  • If the scan is performed while the computer is in use, false positives may appear in the scan results. This is caused by files or registry entries being deleted, including temporary files being deleted automatically.
  • The malware 'Troj/SysBDr-E' can cause the entire machine to slow down to such an extent that the scan may never complete.
  • It may not be possible to clean up files on a removal drive or USB key. This is because the clean up component runs before the device drivers are loaded in the boot sequence.
  • When specifying the location of the clean up log on the command line(sarcli -cleanlog=...), it must be on a local drive rather than a network share. This is because the clean up component runs before the network drivers are loaded in the boot sequence.
  • The sarscan.log is cumulative and each entry is timestamped. The sarclean.log only contains the results of the last cleanup operation and there is no timestamp apart from the one on the file itself.
  • If rootkit components are found on a drive which uses NTFS compression, it may not be possible for SAR to identify them. In this case they will be reported as "Unknown hidden file".
  • Unidentified hidden files cannot be removed via the command line.

#3 TheSentinel


    The man in the dark

  • General Admin
  • 31,818 posts

Posted 21 April 2010 - 03:58 PM

Website about the latest release for this product

Sophos Anti-Rootkit Vers. 1.5