Home > Rootkits, Utils > New Panda Anti-Rootkit – Version 1.07

New Panda Anti-Rootkit – Version 1.07

April 27th, 2007

We're experiencing a lot of downloads of Panda AntiRootkit. Many thanks to all the people that are helping us improve this free utility by sending suggestions, comments, feedback and submitting new rootkits that are being found in the wild.

I'm happy to say that I have a couple of good news. The first one is that based on your many suggestions we have created version 1.07 of Panda AntiRootkit. Version 1.07 has the following improvements:

  • Capable of deactivating unknown rootkits. We consider "unknown" a rootkit for which Panda AntiRootkit does not have a deactivation routine. This does not mean that Panda does not know about the rootkit. Rather that we have not yet included the full deactivation routine in Panda AntiRootkit. But now you'll be able to deactivate all rootkits. By default you'll be presented with deactivation of known rootkits plus the option to deactivate any unknown rootkits found on your system.
  • Deletes registry keys transparently. Up to version 1.06 we only deleted the necessary registry keys to deactivate the rootkit and prevent it from functioning. Some leftover keys made some users worry about incomplete deactivation. Version 1.07 now transparently deletes all rootkit associated registry keys for piece of mind.
  • Cleaner interface. We have cleaned the results window for a more efficient use of available space. Now a mouse-over a detected object will present you with its type (file, process, ADS, registry, etc.).
  • Various improvements have also been made to the disinfection of unknown rootkits, some false positives reported by some of you, and more deactivation routines.

Get it from CNET Download.com!

Alternative download link here.

The second good news is that Panda AntiRootkit 1.07 has achieved the prestigious Editor's Choice award from PC Magazine USA. Read the review to see how Panda AntiRootkit and other anti-rootkits performed during detection and deactivation tests. Again many thanks for your support and remember to perform a full system scan with a signature based antivirus after deactivating a rootkit.

Categories: Rootkits, Utils Tags:
  1. Pedro Bustamante
    May 2nd, 2007 at 01:11 | #1

    Thank you for this helpful -and free!- tool.

    Even though every computer in my home (7-10 systems; it varies) is behind a hardware firewall, all have software firewalls, sig-based AV, and Anti-Spyware running at all times…

    …I still run deep scans for rootkits, ’cause you just never know, do you?

    Now if we could just get Joe & Jane Citizen to buy into the whole “Best Practices” regimen, we could seriously slow the ‘Bot Masters in their quest for world domination.

    Thanks for all you do,

    Greg Howard
    Consultant, Elder Geek, &…
    20-Year Veteran of the IT wars.

  2. Pedro Bustamante
    May 2nd, 2007 at 05:48 | #2

    Thank you for providing a security blanket for those of us who know next to nothing but have worries. I live in Mexico and my service is really wide open except what I can do to protect myself, so once again thank you

  3. Pedro Bustamante
    May 7th, 2007 at 12:53 | #3

    ravi@akgroup.com.sa  I will send my comment after installing and running the software.  For the time being, many thanks for a philanthropic job.

  4. Pedro Bustamante
    May 9th, 2007 at 21:39 | #4

    Pleased with Panda Internet Security but having trouble installing it on the Main Mahine. Wil try some cleanup first. Thanks.

  5. Pedro Bustamante
    May 21st, 2007 at 09:07 | #5

    I used the program and deleted all my unknown rootkits. Now I cannot connect to the internet. I apparently have no TCP/IP anymore since “ipconfig” typed in cmd brings up nothing. Anybody know anything about this and how to fix it?

    I would like to recover the rootkits I deleted to bring my system back to where it was before I deleted the kits.

    Thanks in advance.

  6. Pedro Bustamante
    May 21st, 2007 at 09:20 | #6

    David use a restore point
    http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx
    scroll the page and read “Use System Restore”

    Regards

    PS:Do you remember rootkit file?

  7. Pedro Bustamante
    May 21st, 2007 at 10:53 | #7

    David you might want to try either lucass’ suggestion (although this will bring you back to an infected state) or re-installing the networking components from the original Windows installation source. Also if you submitted the rootkits for analysis to PandaLabs via the AntiRookit application let me know the date and time to fish them from the repository and analyze them.

  8. Pedro Bustamante
    May 23rd, 2007 at 09:14 | #8

    I ran the software and it tells me that I have got a Rootkit on my machine

    C:\Windows\System32 :{DA6227CB-326B-4B4D-9A81-04B81F1538DD}:
    IS_ADS_DIRECTORY: TRUE

    ADS_DIRECTORY: 1
    IRP_HOOK: 1
    SDT_FUNCTION_HOOK: 48

    Cannot find much about this. Is it dangerous?

  9. Pedro Bustamante
    May 24th, 2007 at 13:51 | #9

    Maximx86, please run Panda AntiRootkit again and submit both the files and report so we can take a look at it.

  10. Pedro Bustamante
    May 28th, 2007 at 20:38 | #10

    Got similar message as that posted on April 2x. Running Win2K Pro. On restart, similar message to this appeared:

    When I try to do an in depth scan, the computer restarts and I get a blue screen which begins… STOP: 0x000000BE(0x804D768E, 0x004D7121, 0xEB41F6E4, 0x0000000A) An attempt was made to write to read-only memory. This driver may be at fault:phooks.sys

    Deleted from Documents and Settings folder, but stil getting this message…

  11. Pedro Bustamante
    May 30th, 2007 at 06:09 | #11

    For those of you under Win2k that are getting BSOD after an exhaustive scan and an error on pshooks.sys: restart your computer and during the first boot process press F8 repeatedly until you get the boot menu. At this point choose “Last known good configuration” and this will allow you to boot Windows without the BSOD.

    Also please send me as much detail about your computer as possible: hardware, OS, service packs, software, peculiarities, etc.

  12. sam
    June 3rd, 2007 at 17:53 | #12

    my panda anti-rootkit revealed that i had 1 unknown rootkit,win32tukernel.exe,but whenever i checked on it it was from microsoft,can you guys help,i’d hate to delete a file that my pc needs…thanks

  13. Pedro Bustamante
    June 6th, 2007 at 06:55 | #13

    sam go ahead and submit both the detected files and the report to us via the Panda Anti-Rootkit application (or directly to pbustamante’at’pandasoftware.com) so we can evaluate this.

  14. EVO
    June 7th, 2007 at 17:44 | #14

    I’m on a Vista machine and it says ‘not supported’.
    any time frame for Vista?

    EV

  15. Pedro Bustamante
    June 7th, 2007 at 17:55 | #15

    Evo, Panda Anti-Rootkit does not work under Vista. We’re still evaluating the implications and impact of rootkits under Vista before we develop an antirootkit for this platform. Until now we have not really seen much evidence or distribution of Vista rootkits, so no time frame yet.

  16. Pedro Bustamante
    June 8th, 2007 at 11:16 | #16

    Sam, we haven’t seen a win32tukernel.exe. There is however a tukernel.exe, a known false positive that’s already been corrected in version 1.08 (run it again and tell Panda Anti-Rootkit to look for updates). Tukernel.exe is basically a modified ntoskrnl.exe to show a personalized logo during system start. It’s not necessary to delete it.

  17. Pedro Bustamante
    June 8th, 2007 at 19:39 | #17

    I have windows vista and after downloading the program an alert jumped up and stated that it is not supported, any advice? thanks

  18. Pedro Bustamante
    June 9th, 2007 at 00:35 | #18

    As per the comments above, it’s not for Vista. We’re studying rootkits under Vista before we develop an anti-rootkit for it.

  19. Pedro Bustamante
    June 9th, 2007 at 20:48 | #19

    Read about it in PC mag, thought I’d try it. In W98SE it won’t install (needs USERENV.DLL) this .dll won’t work.

  20. Pedro Bustamante
    June 11th, 2007 at 20:24 | #20

    Is the rootkit under a freeware license or a shareware license?

    So can I run this on 100 corporate machines or only my own personal machine?

  21. Pedro Bustamante
    June 12th, 2007 at 06:24 | #21

    Yes its freeware. If you are going to run it on 100 corporte machines I’d really like to hear from you so make sure to post some feedback if possible.

  22. Pedro Bustamante
    June 12th, 2007 at 15:08 | #22

    100 corporate machines maybe not, but (my biz I work at) are currently rebuilding our mobile service toolkit.

    We are grabbing comparions / reviews between different root scanners and this is one of the software bits that made it to the reivew list.

    I do IT consultant work so the software (if used) would be used under many machines.

  23. Pedro Bustamante
    June 12th, 2007 at 17:32 | #23

    Understood. Any feedback will be appreciated, mostly in the form of submitting the rootkits it finds along with the report.

  24. Pedro Bustamante
    June 15th, 2007 at 23:54 | #24

    Just ran 1.07.00 with the update option checked, which immediately downloaded and ran version 1.08.00. This version always errors out at about 16% during the Windows Registry step. I went back and ran version 1.07.00 with update turned off, and that version ran fine. Here is the info on 1.08.00:

    PAVARK.exe has encountered a problem and needs to close.

    AppName: pavark.exe AppVer: 5.0.0.4 ModName: ntdll.dll
    ModVer: 5.1.2600.2180 Offset: 000106c3

  25. Pedro Bustamante
    June 21st, 2007 at 16:13 | #25

    I start the scan and when it gets to the registry (2nd part of scan) it stops and says it has encountered a problem. What’s up with that? Has worked before now won’t!

  26. Pedro Bustamante
    June 21st, 2007 at 19:54 | #26

    Hi,

    I have been using PAVARK for several months and think it is a great free utility. However, version 108 crashes and closes when scanning the second item on the list. Is there anyway I can go back to using version 107? Since you use the same file name, irregardless of version, my old PAVARK was overwritten.

    oldgringo@cableone.net

  27. Pedro Bustamante
    June 21st, 2007 at 20:36 | #27

    Those of you with problems running 1.08 during the registry scan, please send me or post the details of your PC: OS version, service pack, installed apps, etc.

  28. Pedro Bustamante
    June 23rd, 2007 at 00:12 | #28

    When I tried to run the PAVARK.EXE from the download, I get a small Internet Explorer window that states “The page cannot be displayed”. The only option I seem to have to to close the window.

  29. Pedro Bustamante
    June 23rd, 2007 at 00:56 | #29

    I am running WINXP SP2. When I run the PAVARK.EXE that came in my download, all I get is a small Internet Explorer window displaying “The page cannot be displayed”. This is the second I’ve posted this, but have yet to see it or a response.

  30. Pedro Bustamante
    June 23rd, 2007 at 20:23 | #30

    I tried to run version 1.07 over Windows ME.
    Just got error message ” Missing UserEnv.dll”

    Does Anti-rootkit work only with win Xp and later?

    Thanks,

  31. Pedro Bustamante
    June 25th, 2007 at 01:27 | #31

    “Those of you with problems running 1.08 during the registry scan, please send me or post the details of your PC: OS version, service pack, installed apps, etc.”

    Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 2 (2600.xpsp_sp2_qfe.070227-2300)
    Language: English (Regional Setting: English)
    System Manufacturer: INTEL_
    System Model: D875BZLK
    BIOS: BIOS Date: 03/31/05 22:15:04 Ver: 08.00.09
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz (2 CPUs)
    Memory: 1022MB RAM
    Page File: 373MB used, 2090MB available

  32. Pedro Bustamante
    June 25th, 2007 at 07:43 | #32

    Phil, Panda Anti-Rootkit is for Windows 2000 SP4 and Windows XP SP2 only.

  33. Pedro Bustamante
    June 30th, 2007 at 09:25 | #33

    Panda Anti-Rootkit v1.08.00 has an unhandled win32 exception in PAVARK.exe at 0x7c910f29. Access violation reading location 0×00000000. Since your site does not have an email address there is no way for me to send you the details and correspond with you – maybe to confirm the bug is fixed in a later version. Please put your contact details on your research webpage and I will come back to you. Clearly I cannot include snapshots in this limited textbox that you have implemented for feedback!

  34. Pedro Bustamante
    July 1st, 2007 at 01:00 | #34

    Andrew please send me all the details of your machine (OS, Service Pack, installed apps, hardware, screenshots, etc.). You can either click on my name to get a contact form or email me at pbustamante’at’pandasoftware.com.

  35. Pedro Bustamante
    July 3rd, 2007 at 17:33 | #35

    program encountered an error and must close, did this on 2 different computers. win xp sp2

  36. Pedro Bustamante
    July 3rd, 2007 at 17:38 | #36

    RE:Those of you with problems running 1.08 during the registry scan, please send me or post the details of your PC: OS version, service pack, installed apps, etc.

    toshiba satellite L25-@1193 Celeron M, 2G RAM, win xp sp2, use spybot, advanced windowscare, windows defender, spywareblaster, AVG free AV

  37. Pedro Bustamante
    July 6th, 2007 at 06:54 | #37

    Pedro…After many crashes with 1.08 and clean scans with 1.07, I tiried to find the error report in the Temp folder to send to you. I did not locate it, so I deleted all the garbage except for the prefetch data file and and ran another 1.08 scan…ran clean to completion…go figure… but it worked???

  38. Pedro Bustamante
    July 6th, 2007 at 12:54 | #38

    Running HP a620N, XP SP II, Comodo Firewall, Avast Anti virus, Ad-Aware SE Plus, Spygot with tea Timer, Intel IV 2.8 processor, Advanced Window’s care.

    Panda Rootkit scan stops after 22% complete, and the program window disappears.

  39. Pedro Bustamante
    July 8th, 2007 at 13:42 | #39

    Andrew, cham44, Jack, Sam and the rest of you running into problems with 1.08 during the registry scan, I have uploaded version 1.07 to http://research.pandasoftware.com/blogs/images/AntiRootkit-1.07.zip. Please try running 1.07 but still send me the details of your machine and installed applications to pbustamante’at’pandasoftware.com.

  40. Pedro Bustamante
    July 11th, 2007 at 13:51 | #40

    Just ran the updated 1.08. on dell M171 xps. xp sp2. No detected rootkits. Worked for me, no problems.

  41. Pedro Bustamante
    July 16th, 2007 at 12:21 | #41

    Just loaded anti rootkit and seem to having problems. It starts off ok – connects and searches for updates, downloads new versions. When starting scan…running processes ok but then stops soon after registry check starts up? Message pops up: pav ark exe has generated errors and will be xlosed by windows. You will need to restart program. An error log is being created? I’ve tried taking some apps off the bar/running temporarily but am at a loss for any real fix for my problem. Any suggestions would greatly be appreciated by this non-techie. txs kindly

  42. Pedro Bustamante
    July 16th, 2007 at 12:39 | #42

    Still having problems-loaded wersion 7 as suggested above but stopped at registry chec at 17%. Hope we can all be “happy campers” before too long with this glitch. txs from all of us for your attention to this!

  43. Pedro Bustamante
    July 16th, 2007 at 14:20 | #43

    Ronson please try running version 1.07 from http://research.pandasoftware.com/blogs/images/AntiRootkit-1.07.zip again but uncheck “automatic update” option before starting the scan in order to avoid upgrading to 1.08. If you’re still having problems contact me at pbustamante’at’pandasoftware.com and I’ll send you a debug version.

  44. Terry
    July 21st, 2007 at 02:52 | #44

    Question:

    Any Vista Anti-rootkit available? Panda is only 1.7 for for Win?

    T

  45. Pedro Bustamante
    July 22nd, 2007 at 22:16 | #45

    Correct Terry, Panda Anti-Rootkit is only for Windows 2000/XP. We’re not currently developing an anti-rootkit for Vista just yet.

  46. Pedro Bustamante
    July 24th, 2007 at 11:00 | #46

    Downloaded and ran the v1.08. It checked for update, scanned everything and said no rootkit. Ran again but this time for deep scan, after checking for update it asked to reboot. Rebooted computer and it came automatically and started to scan. The intialization took around 90 seconds but after that it scanned everything and said all clear.

    So all-in-all a good experience with no bugs. But it leaves a PAVARK folder inside the user folder. I had to delete it manually. Trivial thing actually. Thanks for a nice user-friendly tool.

  47. Pedro Bustamante
    July 29th, 2007 at 12:20 | #47

    Is there a way to get rid of phooks.sys ? I got a PC with W2K on one partition (where I installed the rootkit) and a WIN98 partition. The W2K partition is no longer accessible ( BLUE SCREEN: An attempt was made to write to read-only memory. This driver may be at fault:phooks.sys … ) I am still able to start WIN98 and with help of NTFS4DOS am able to access the NTFS partition. But both phooks.sys files seem to be in use and cannot be deleted. Strange that W2K is not even started – nevertheless these files cannot be deleted in any way (tried attrib -R). Also there is only one last known good version of W2K that I can choose – and that is the one with the Rootkit trying to do an in depth scan resulting in Blue Screen. Any chance not to reformat the disk ? It would be days of work to reinstall all programms.

  48. Pedro Bustamante
    July 29th, 2007 at 14:11 | #48

    me again I finally managed to restart the last good config of W2K and the rootkit ran fine (nothing found). I think i had been somewhat blind not to find the last good configuration of the OS before (bluscreens are scaring).
    I do not see any file of the rootkit now – are they deleted when run once ?
    regards
    Michael

  49. Pedro Bustamante
    July 29th, 2007 at 19:08 | #49

    i would like to download your new panda anti-rootkit-version 1.07 but i need from you the windows vista version download. my gmail address is theduck1b3c@gmail.com

  50. Pedro Bustamante
    July 30th, 2007 at 07:26 | #50

    Michael, glad you got it running. Panda Anti-Rootkit removes all traces of itself after finishing, so don’t worry about cleanup.

    Tom, sorry but Panda Anti-Rootkit is only for 2000/XP. We’re not currently developing and AR for Vista.

Comment pages
1 2 3 26
Comments are closed.