Hacker News new | past | comments | ask | show | jobs | submit login

Don't forget TDSSKiller and Norton Power Eraser. Super useful tools for checking MBRs.

ive found malwarebytes rootkit detection to be roughly as effective as tdsskiller. it's not enabled by default, or you can download it as a separate product. mcafee has one too. rootkit buster has never detected a thing in my experience. i still run it first just to see if it ever will.


I'm not familiar with Malwarebytes Antirootkit, but TDSSKiller from Kaspersky searches for 1 single rootkit, TDSS, and performs a removal. I haven't done this type of work in a while but 3-4 years ago it was the defacto tool of choice for dealing with MBR infections.

TDSSKiller removes the following.

List of malicious programs: Rootkit.Win32.TDSS, Rootkit.Win32.Stoned.d, Rootkit.Boot.Cidox.a, Rootkit.Boot.SST.a, Rootkit.Boot.Pihar.a,b,c, Rootkit.Boot.CPD.a, Rootkit.Boot.Bootkor.a, Rootkit.Boot.MyBios.b, Rootkit.Win32.TDSS.mbr, Rootkit.Boot.Wistler.a, Rootkit.Win32.ZAccess.aml,c,e,f,g,h,i,j,k, Rootkit.Boot.SST.b, Rootkit.Boot.Fisp.a, Rootkit.Boot.Nimnul.a, Rootkit.Boot.Batan.a, Rootkit.Boot.Lapka.a, Rootkit.Boot.Goodkit.a, Rootkit.Boot.Clones.a, Rootkit.Boot.Xpaj.a, Rootkit.Boot.Yurn.a, Rootkit.Boot.Prothean.a, Rootkit.Boot.Plite.a, Rootkit.Boot.Geth.a, Rootkit.Boot.CPD.b, Backdoor.Win32.Trup.a,b, Backdoor.Win32.Sinowal.knf,kmy, Backdoor.Win32.Phanta.a,b, Virus.Win32.TDSS.a,b,c,d,e, Virus.Win32.Rloader.a, Virus.Win32.Cmoser.a, Virus.Win32.Zhaba.a,b,c, Trojan-Clicker.Win32.Wistler.a,b,c, Trojan-Dropper.Boot.Niwa.a, Trojan-Ransom.Boot.Mbro.d, e, Trojan-Ransom.Boot.Siob.a, Trojan-Ransom.Boot.Mbro.f.

I would assume it has grown in the last few years, I also would wager a guess that most of these are related/derivatives of each other.

I was under the impression it sort of grew into a multipurpose rootkit tool

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact