Example of a tool.
http://en.wikipedia.org/wiki/GMER
Example of why you shouldn't bother with a specialized tool.
http://en.wikipedia.org/wiki/Rootkit
"Any rootkit detectors that prove effective ultimately contribute
to their own ineffectiveness, as malware authors adapt and test
their code to escape detection by well-used tools."
You can use your regular AV software, which is updated
daily, to keep on top of that stuff. If your AV is
not detecting something, and you see symptoms of an
infection (machine is doing whatever the hell it feels
like), then you should try an offline scanner. This
is an example of an offline scanner. This product makes
a bootable CD or bootable USB key, you boot it instead
of your regular OS, and then it can scan using its own
(uninfected) OS. There are a couple other companies that
have made tools like this. I used another one previously,
and with that one, I could never be sure it was actually
doing anything productive. Now, when I test a tool like
this, I put a copy of EICAR on the disk, so it'll have something
easy to detect. It should at least find EICAR.
http://support.kaspersky.com/viruses/rescuedisk/main?qid=208286083
http://en.wikipedia.org/wiki/EICAR_test_file
In terms of the advertising for AV software, it isn't always
easy to find confirmation the product can detect root kits.
Sometimes, you'll need commentary from something like
AV-comparatives, to get some idea what the AV is good at.
Some of the very newest, small AV companies, aren't
good at anything. (But they'll get there, eventually.)
Paul
