Scan for Rootkits using Kaspersky TDSSKiller and GMER.

Rootkits can be deeply embedded into a system, and can even avoid scans from a system's default antivirus software.  To this end, we shall explore some methods of scanning for rootkits using two different scanners.

First: Kaspersky TDSSKiller

link: support.kaspersky.com/viruses/disinfection/5350

At the link above you can find the application in particular.  Setup instructions are found on the page, as well as a list of specific applications that TDSSKiller fights.

After accepting the EULA and KSN statement, be sure to click on Change Parameters, and include Loaded Modules in your scan.  A reboot will be necessary at this time.

After the reboot, run the scan.  The following is what you want to see:

This window means that the application was not able to find a rootkit on the system scanned.  Little surprise in this case, as it is running in a fresh virtual machine. 

Next: GMER

link: www.gmer.net

The link above will take you to the GMER website, where an image of what it would look like if GMER finds a rootkit, or evidence of rootkit activity.  Farther down the page there is a button which reads "DOWNLOAD EXE." This button will initialize a download of GMER.

As you can see, the name of the thing which was downloaded is not GMER.exe.  This is done automatically to try and prevent malware from preventing you from downloading this application, as it is rather well known. 

In the upper left there is a button labeled ">>>".  This is the main menu.  Clicking on Processes will display all processes currently running on your machine.  Hidden processes are highlighted with red font color.  The same applies to the other available tabs: Modules, Services, Files, and Registry.  

The Rootkit/Malware tab will bring you to a window which will facilitate a complete system scan.  In the middlish right of the window, you will be able to select which hard drives you wish to scan.  Clicking Scan will run the scan you have selected.