Home > Rootkits, Utils > New Panda Anti-Rootkit – Version 1.07

New Panda Anti-Rootkit – Version 1.07

April 27th, 2007

We're experiencing a lot of downloads of Panda AntiRootkit. Many thanks to all the people that are helping us improve this free utility by sending suggestions, comments, feedback and submitting new rootkits that are being found in the wild.

I'm happy to say that I have a couple of good news. The first one is that based on your many suggestions we have created version 1.07 of Panda AntiRootkit. Version 1.07 has the following improvements:

  • Capable of deactivating unknown rootkits. We consider "unknown" a rootkit for which Panda AntiRootkit does not have a deactivation routine. This does not mean that Panda does not know about the rootkit. Rather that we have not yet included the full deactivation routine in Panda AntiRootkit. But now you'll be able to deactivate all rootkits. By default you'll be presented with deactivation of known rootkits plus the option to deactivate any unknown rootkits found on your system.
  • Deletes registry keys transparently. Up to version 1.06 we only deleted the necessary registry keys to deactivate the rootkit and prevent it from functioning. Some leftover keys made some users worry about incomplete deactivation. Version 1.07 now transparently deletes all rootkit associated registry keys for piece of mind.
  • Cleaner interface. We have cleaned the results window for a more efficient use of available space. Now a mouse-over a detected object will present you with its type (file, process, ADS, registry, etc.).
  • Various improvements have also been made to the disinfection of unknown rootkits, some false positives reported by some of you, and more deactivation routines.

Get it from CNET Download.com!

Alternative download link here.

The second good news is that Panda AntiRootkit 1.07 has achieved the prestigious Editor's Choice award from PC Magazine USA. Read the review to see how Panda AntiRootkit and other anti-rootkits performed during detection and deactivation tests. Again many thanks for your support and remember to perform a full system scan with a signature based antivirus after deactivating a rootkit.

Categories: Rootkits, Utils Tags:
  1. Pedro Bustamante
    August 3rd, 2007 at 21:06 | #1

    The software deleted some of my system files. My XP don’t work more!

  2. Pedro Bustamante
    September 11th, 2007 at 11:00 | #2

    Victor, I lost your comment during the migration to the new blog. Re-posting here:

    installed it but it has an error msg has has to shut down each time i try to run the program.

  3. Pedro Bustamante
    September 11th, 2007 at 11:04 | #3

    Also reposting Jack von Bloeker’s comment:

    I just downloaded version 1.080 from the MajorGeek site in TX, installed it and did the re-boot. The re-boot process goes into a loop and also blocks my F8 capability to do a Safe Mode, etc. boot process. HELP! All users are blocked out by re-boot loop after entering password. I have Windows XP Home. I entered my BIOS and told it to boot from my Windows XP CD, but it would not boot from it either.

  4. Pedro Bustamante
    September 11th, 2007 at 11:06 | #4

    Also reposting dcb65′s comment:

    I ran the software and my laptop won’t work now saying “Windows couldnot start because the following file is missing or corrupt: \windows\system32\config\system. It says I can attempt to repair the file by running Windows Setup using the original Setup CD-ROM, but that didn’t help. Now all I have is a dead laptop. Going to F8 and rebooting to last known config was no help either. Not happy.

  5. Pedro Bustamante
    September 16th, 2007 at 17:38 | #5

    Hi,

    I am attempting to run Panda Anti-Rootkit on my XP machine.

    It comes up with the following message box:

    PVARK.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

    Any help would be appreciated.

    TIA

    Kevin

  6. Pedro Bustamante
    September 17th, 2007 at 08:14 | #6

    Kevin, try closing all the running applications, restart your machine and try again from scratch. If it still doesn’t work contact me and I’ll send you a debug version.

  7. Pedro Bustamante
    September 24th, 2007 at 18:26 | #7

    Need to try something for spyware saw your site on Kim Komando and thought I would give it a try.
    Thanks for keeping it free a lot of us just don’t have the money for the ones they are selling.

    Celia

  8. Pedro Bustamante
    October 16th, 2007 at 22:00 | #8

    Like others who have posted, version 1.08 will not run on my PCs (HP Compaq nx9600, XP SP2, Kerio personal firewall, Avira AV; Dell Inspiron 1505, XP SP2, Kerio personal firewall, Avira AV). It gives no error message, but just stops scanning at 20% (I let it run on both PCs for about 90 minutes). I downloaded version 1.07 and it scanned with no problems in about five minutes.

  9. Pedro Bustamante
    October 25th, 2007 at 16:41 | #9

    cnet d/l link broken (

  10. Pedro Bustamante
    October 29th, 2007 at 15:39 | #10

    Works for me mike. If you’re still not able to download from cnet try the following:
    http://research.pandasecurity.com/blogs/images/AntiRootkit.zip

  11. Pedro Bustamante
    October 29th, 2007 at 15:43 | #11

    There’s a report of a rootkited machine with the following Registry entry:
    UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe
    If you run into this, clean your machine manually by deleting only the second portion of the UserInit entry, that is “C:\WINDOWS\system32\ntos.exe”

  12. Pedro Bustamante
    October 29th, 2007 at 20:11 | #12

    Having same problem as Kevin Markey – version 1.08 encounters problem when scanning registry and must close.

    No other applications running and restarting makes no difference.

  13. Pedro Bustamante
    December 15th, 2007 at 14:17 | #13

    very interesting, but I don’t agree with you
    Idetrorce

  14. Pedro Bustamante
    December 17th, 2007 at 09:11 | #14

    What don’t you agree with Idetrorce?

  15. Pedro Bustamante
    December 29th, 2007 at 04:02 | #15

    When I attempt to run version 1.08.00 on XP sp2, the program stops at Windows registry after scanning 20%. I have run the program by itself both as a “regular scan”, and and in-depth scan, with the same results.

    Please help, as I think I am infected with rootkits.

    Thanks!

    Roger

  16. Pedro Bustamante
    December 30th, 2007 at 22:37 | #16

    Pedro,
    How long before you envisage the development of a rootkit tool for Vista

  17. Pedro Bustamante
    January 2nd, 2008 at 03:08 | #17

    Is this compatible with Windows Vista?

  18. Pedro Bustamante
    January 2nd, 2008 at 16:43 | #18

    Regarding the development of a stand-alone anti-rootkit for Vista, we’re currently keeping an eye out to see how the entire rootkit scene evolves under Vista and User Access Control (UAC), as it’s yet very premature to conclude anything.
    However we have included the anti-rootkit technology into our commercial products that support Vista, so you can perform a scan for rootkits using our 2008 products (free download from http://www.pandasecurity.com).

  19. Pedro Bustamante
    January 8th, 2008 at 21:32 | #19

    I also find it fails at 17% on version 1.08. But I never had version 1.07. Where can I get it?

  20. Pedro Bustamante
    January 11th, 2008 at 20:40 | #20

    HI

    Your product seems great !!! Thank you..

    I was running a complete scan (w/reboot) and also began an EMSI a2 (a-squared) anti-trojan scan at the same time…..

    and got the following report

    -
    -
    -

    C:\WINNT\Temp\a2archive\ObjectAdapterIdArray.class

    …..Curious as to why, should I clean it, leave it alone…etc.. or if I should be worried !!!

  21. Pedro Bustamante
    January 29th, 2008 at 17:36 | #21

    I cannot even start it. I get the same error as with my antivirus. “Not a valid Win32 aplication”.

  22. Pedro Bustamante
    February 7th, 2008 at 08:52 | #22

    Did you download the application from this blog (download.com) or from a different site? Where?

  23. Pedro Bustamante
    February 9th, 2008 at 02:16 | #23

    Does this only run on 32bit versions of 2k/XP or will it also run on the 64bit versions?

  24. Pedro Bustamante
    February 12th, 2008 at 08:19 | #24

    Only 32bit versions Stef.

  25. Pedro Bustamante
    February 13th, 2008 at 15:28 | #25

    SAme problem “Not a valid Win32 aplication”

    downloaded from download.com
    running on WinXP SP2.

  26. Pedro Bustamante
    February 19th, 2008 at 09:16 | #26

    Seems there’s been some problems with download.com. I’ve put an alternative download link on the post above just under the “Download Now” green button.

  27. Pedro Bustamante
    February 22nd, 2008 at 04:37 | #27

    AppName: pavark.exe AppVer: 5.0.0.4 ModName: ntdll.dll
    ModVer: 5.1.2600.2180 Offset: 00011f52

    I’m sad about I can’t install Panda Anti RootKit. I need a trust program to my problem. But this window stop all install.
    I`m looking for an old version (1.07) to try to install, but don`t found.
    I have Win XP Pro SP2 all original, Bitdefender antivirus, Spybot S&D and Comodo firewall.
    And AVG Antispy … what happens ¿?

  28. Pedro Bustamante
    February 22nd, 2008 at 04:45 | #28

    More about Panda Anti RootKit install (in my PC):
    C:\DOCUME~1\XXXXX\CONFIG~1\Temp\3652_appcompat.txt

    That`s the file I can read in tht window “see details”

    Bye.

  29. Pedro Bustamante
    March 25th, 2008 at 17:37 | #29

    Is there anyone still helping with blue screen phooks.sys problem? The main Panda Tech Support doesn’t list the anti-rootkit and the offers for help in this forum are 6 months old.

    I made the mistake of starting up in safe mode after receving the blue screen, so the “last known configuration” startup option now gives the same blue screen error message.

  30. Pedro Bustamante
    March 26th, 2008 at 19:53 | #30

    Adam, try booting from a different source (Boot CD, NTFSDOS+, Linux, …) and delete the phooks.sys file. Reboot and you should be good to go.

  31. Pedro Bustamante
    April 2nd, 2008 at 02:10 | #31

    When I run the rootkit, it always says that there is a rootkit detected in the Symantec file, hidden. I haven’t removed it since I am afraid it will somehow interfere with my Antivirus Norton (that is what Symantec is).
    Also, when I try to scan with Ad-aware going, the Antirootkit always gets stuck at 57%. When I deactivate the Ad-aware, it runs the scan fine, telling me there is a rootkit in Symantec.
    These are the only probs I am having so far. Thanks for offering this product. Hopefully all the kinks will get worked out soon enough.

  32. Pedro Bustamante
    April 17th, 2008 at 14:29 | #32

    Granny, could you please email me and send me a report of the anti-rootkit scan that detects the Symantec file as hidden? (pedro.bustamante’at’pandasecurity.com)

    Btw the Ad-aware issue has been reported before so I recommend you always deactivate it before running a scan with Panda Anti-Rootkit.

  33. Sam
    July 7th, 2008 at 14:14 | #33

    Hello,

    I’ve tried running a scan & after it finishes I get “PVARK.exe has encountered a problem and needs to close.” Also tried v1.07 with the same result. Rebooting, closing everything else down doesn’t help.

    I’m running XP2 pro, sp2. Many thanks.

  34. Pedro Bustamante
    July 8th, 2008 at 10:27 | #34

    Sam, double-check your system by running a full scan with ActiveScan:
    http://www.pandasecurity.com/activescan
    This online scanner also has rootkit detection so it should find the problem.

  35. Pedro Bustamante
    July 11th, 2008 at 16:11 | #35

    Cheers but it keeps crashing on my machine after around a minute.

  36. Pedro Bustamante
    July 15th, 2008 at 18:55 | #36

    version 1.08 always errors at 17% during Windows Registry scan step .

    Here is the info on 1.08.00: PAVARK.exe has encountered a problem and needs to close. AppName: pavark.exe AppVer: 5.0.0.4 ModName: ntdll.dll ModVer: 5.1.2600.5512 Offset: 000369aa

    ERROR Report

    C:\DOCUME~1\User\LOCALS~1\Temp\7d40_appcompat.txt
    < ?xml version="1.0" encoding="UTF-16"?>










    PC info:
    DELL Optiplex GX620
    < << System Summary >>>
    > Mainboard : Dell 0HH807
    > Chipset : Intel i945G/GZ
    > Processor : Intel Pentium 4 640 @ 3200 MHz
    > Physical Memory : 4096 MB (4 x 1024 DDR2-SDRAM )
    > Video Card : 256MB ATI RADEON X600
    > Hard Disk : ST3120026AS (120 GB)
    > Hard Disk : WDC (160 GB)
    > DVD-Rom Drive : _NEC DVD+RW ND-2100AD
    > DVD-Rom Drive : PHILIPS DVD+-RW DVD8801
    > Monitor Type : Dell Computer DELL 2001FP – 20 inches
    > Network Card : Broadcom Corp BCM5750A1 NetXtreme Gigabit Ethernet
    > Operating System : Microsoft Windows XP Professional 5.01.2600 Service Pack 3
    > DirectX : Version 9.0c

  37. Pedro Bustamante
    September 14th, 2008 at 17:23 | #37

    I understand from a n|net article that the new EA game, which I have purchased and installed, contains a rootkit. I wish to remove spore and the rootkit from my PC. But the articles I found on how to do so all make me worry about it removing it. It’s not safe to execute the manual process.

    I found this site and wanted to now if Panda has any plans to make a remove tool for the root kit in Spore?

    Best,

    Alex Alexzander

  38. Pedro Bustamante
    September 15th, 2008 at 08:55 | #38

    I’m not aware of the EA game rootkit Alex, but Panda Anti-Rootkit should be able to deactivate most modern rootkits, even if it’s new or unknown. Download and run it and post back your results.

  39. Pedro Bustamante
    September 16th, 2008 at 12:59 | #39

    Hi, how I can send PM?

  40. Pedro Bustamante
    September 16th, 2008 at 13:58 | #40

    proslaviy, you can send me a private message from here:
    http://research.pandasecurity.com/contact.aspx

  41. Pedro Bustamante
    September 20th, 2008 at 20:42 | #41

    SOme time has passed since the last “Vista” comment, so, I wonder if you have some news about Panda Anti-Rootkit in Vista, and if not, I would like to ask you which other tool of other brands can you eventually suggest so that we can use it on Vista while we wait for the Panda one…
    Thanks, Sergio

  42. Pedro Bustamante
    September 23rd, 2008 at 08:01 | #42

    Re: Panda Anti-Rootkit for Vista.

    We’re not going to upgrade Panda Anti-Rootkit (PAVARK) to a new version for Vista. Instead we’ve added the PAVARK technology to our command-line scanner, which is available for free from here:
    http://research.pandasecurity.com/archive/New-Panda-Antivirus-Command-Line-9.5.1.aspx

    You can also find a GUI frontend for the command-line scanner here:
    http://research.pandasecurity.com/archive/Command-line-scanner-GUI-frontend.aspx

  43. Pedro Bustamante
    September 26th, 2008 at 05:17 | #43

    Hi,
    I ram Pand Antirootkit 1.08 and it found 2 unknown rootkits. However, I cannot select them for removal. Here’s a screenshot. Any ideas how to get rid of them?
    http://i34.tinypic.com/555ekj.jpg

  44. Pedro Bustamante
    September 26th, 2008 at 08:33 | #44

    Eran, what happens when you click on the “Remove Rootkits” button?

    Also, did you run Panda Anti-Rootkit with the “in-depth scan” option enabled?

    If none of the above work, I recommend you download the command-line scanner which also has rootkit removal during boot:
    http://research.pandasecurity.com/archive/New-Panda-Antivirus-Command-Line-9.5.1.aspx

  45. Pedro Bustamante
    January 30th, 2009 at 14:19 | #45

    I would like to get a Results Report when running from the commandline in a script? I’m using version 1.08 and have tried every combination of using the “/RESULTS:” switch and I get nothing. Thanks for your help. -GT

  46. Pedro Bustamante
    February 15th, 2009 at 05:37 | #46

    Will we ever see a resolution to the problem of version 1.08 crashing ????????

  47. http://
    April 19th, 2009 at 07:04 | #47

    When attempting to perform the in-depth-scan, my system halted with a blue screen after the initial splash screen of my anti-virus-sw had been displayed. My system runs on XP 5.1.2600 Service Pack 3 Build 2600; my anti-virus-sw is Avira Professional.
    Best regards, Thomas

  48. http://
    June 22nd, 2009 at 06:40 | #48

    Kapersky warns me that Panda is installing a new driver secretly:

    sngkuoigvhum.sys

    Have a problem here?

  49. http://
    August 26th, 2009 at 20:44 | #49

    Thank you for the use of your root-kit program.

    It worked in a couple of minutes, while Mcafee, that Gateway computers subscribed me to never did.

    It said I had a Trojan. and that it has got rid of it…. but it never did remove it!

    Your program took one pass, and it was gone.

    Thanks.

    Istvan

  50. Pedro Bustamante
    October 15th, 2009 at 13:30 | #50

    I ran Panda Anti-Rootkit and now my pc continously reboots itself after it logs into windows. Thanks a lot Panda I’ve just lost a lot of data unless your tech guys can help me out.

Comment pages
Comments are closed.