New Panda Anti-Rootkit – Version 1.07
We're experiencing a lot of downloads of Panda AntiRootkit. Many thanks to all the people that are helping us improve this free utility by sending suggestions, comments, feedback and submitting new rootkits that are being found in the wild.
I'm happy to say that I have a couple of good news. The first one is that based on your many suggestions we have created version 1.07 of Panda AntiRootkit. Version 1.07 has the following improvements:
- Capable of deactivating unknown rootkits. We consider "unknown" a rootkit for which Panda AntiRootkit does not have a deactivation routine. This does not mean that Panda does not know about the rootkit. Rather that we have not yet included the full deactivation routine in Panda AntiRootkit. But now you'll be able to deactivate all rootkits. By default you'll be presented with deactivation of known rootkits plus the option to deactivate any unknown rootkits found on your system.
- Deletes registry keys transparently. Up to version 1.06 we only deleted the necessary registry keys to deactivate the rootkit and prevent it from functioning. Some leftover keys made some users worry about incomplete deactivation. Version 1.07 now transparently deletes all rootkit associated registry keys for piece of mind.
- Cleaner interface. We have cleaned the results window for a more efficient use of available space. Now a mouse-over a detected object will present you with its type (file, process, ADS, registry, etc.).
- Various improvements have also been made to the disinfection of unknown rootkits, some false positives reported by some of you, and more deactivation routines.
Alternative download link here.
The second good news is that Panda AntiRootkit 1.07 has achieved the prestigious Editor's Choice award from PC Magazine USA. Read the review to see how Panda AntiRootkit and other anti-rootkits performed during detection and deactivation tests. Again many thanks for your support and remember to perform a full system scan with a signature based antivirus after deactivating a rootkit.
The software deleted some of my system files. My XP don’t work more!
Victor, I lost your comment during the migration to the new blog. Re-posting here:
—
installed it but it has an error msg has has to shut down each time i try to run the program.
Also reposting Jack von Bloeker’s comment:
—
I just downloaded version 1.080 from the MajorGeek site in TX, installed it and did the re-boot. The re-boot process goes into a loop and also blocks my F8 capability to do a Safe Mode, etc. boot process. HELP! All users are blocked out by re-boot loop after entering password. I have Windows XP Home. I entered my BIOS and told it to boot from my Windows XP CD, but it would not boot from it either.
Also reposting dcb65′s comment:
—
I ran the software and my laptop won’t work now saying “Windows couldnot start because the following file is missing or corrupt: \windows\system32\config\system. It says I can attempt to repair the file by running Windows Setup using the original Setup CD-ROM, but that didn’t help. Now all I have is a dead laptop. Going to F8 and rebooting to last known config was no help either. Not happy.
Hi,
I am attempting to run Panda Anti-Rootkit on my XP machine.
It comes up with the following message box:
PVARK.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
Any help would be appreciated.
TIA
Kevin
Kevin, try closing all the running applications, restart your machine and try again from scratch. If it still doesn’t work contact me and I’ll send you a debug version.
Need to try something for spyware saw your site on Kim Komando and thought I would give it a try.
Thanks for keeping it free a lot of us just don’t have the money for the ones they are selling.
Celia
Like others who have posted, version 1.08 will not run on my PCs (HP Compaq nx9600, XP SP2, Kerio personal firewall, Avira AV; Dell Inspiron 1505, XP SP2, Kerio personal firewall, Avira AV). It gives no error message, but just stops scanning at 20% (I let it run on both PCs for about 90 minutes). I downloaded version 1.07 and it scanned with no problems in about five minutes.
cnet d/l link broken (
Works for me mike. If you’re still not able to download from cnet try the following:
http://research.pandasecurity.com/blogs/images/AntiRootkit.zip
There’s a report of a rootkited machine with the following Registry entry:
UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe
If you run into this, clean your machine manually by deleting only the second portion of the UserInit entry, that is “C:\WINDOWS\system32\ntos.exe”
Having same problem as Kevin Markey – version 1.08 encounters problem when scanning registry and must close.
No other applications running and restarting makes no difference.
very interesting, but I don’t agree with you
Idetrorce
What don’t you agree with Idetrorce?
When I attempt to run version 1.08.00 on XP sp2, the program stops at Windows registry after scanning 20%. I have run the program by itself both as a “regular scan”, and and in-depth scan, with the same results.
Please help, as I think I am infected with rootkits.
Thanks!
Roger
Pedro,
How long before you envisage the development of a rootkit tool for Vista
Is this compatible with Windows Vista?
Regarding the development of a stand-alone anti-rootkit for Vista, we’re currently keeping an eye out to see how the entire rootkit scene evolves under Vista and User Access Control (UAC), as it’s yet very premature to conclude anything.
However we have included the anti-rootkit technology into our commercial products that support Vista, so you can perform a scan for rootkits using our 2008 products (free download from http://www.pandasecurity.com).
I also find it fails at 17% on version 1.08. But I never had version 1.07. Where can I get it?
HI
Your product seems great !!! Thank you..
I was running a complete scan (w/reboot) and also began an EMSI a2 (a-squared) anti-trojan scan at the same time…..
and got the following report
-
-
-
…..Curious as to why, should I clean it, leave it alone…etc.. or if I should be worried !!!
I cannot even start it. I get the same error as with my antivirus. “Not a valid Win32 aplication”.
Did you download the application from this blog (download.com) or from a different site? Where?
Does this only run on 32bit versions of 2k/XP or will it also run on the 64bit versions?
Only 32bit versions Stef.
SAme problem “Not a valid Win32 aplication”
downloaded from download.com
running on WinXP SP2.
Seems there’s been some problems with download.com. I’ve put an alternative download link on the post above just under the “Download Now” green button.
AppName: pavark.exe AppVer: 5.0.0.4 ModName: ntdll.dll
ModVer: 5.1.2600.2180 Offset: 00011f52
I’m sad about I can’t install Panda Anti RootKit. I need a trust program to my problem. But this window stop all install.
I`m looking for an old version (1.07) to try to install, but don`t found.
I have Win XP Pro SP2 all original, Bitdefender antivirus, Spybot S&D and Comodo firewall.
And AVG Antispy … what happens ¿?
More about Panda Anti RootKit install (in my PC):
C:\DOCUME~1\XXXXX\CONFIG~1\Temp\3652_appcompat.txt
That`s the file I can read in tht window “see details”
Bye.
Is there anyone still helping with blue screen phooks.sys problem? The main Panda Tech Support doesn’t list the anti-rootkit and the offers for help in this forum are 6 months old.
I made the mistake of starting up in safe mode after receving the blue screen, so the “last known configuration” startup option now gives the same blue screen error message.
Adam, try booting from a different source (Boot CD, NTFSDOS+, Linux, …) and delete the phooks.sys file. Reboot and you should be good to go.
When I run the rootkit, it always says that there is a rootkit detected in the Symantec file, hidden. I haven’t removed it since I am afraid it will somehow interfere with my Antivirus Norton (that is what Symantec is).
Also, when I try to scan with Ad-aware going, the Antirootkit always gets stuck at 57%. When I deactivate the Ad-aware, it runs the scan fine, telling me there is a rootkit in Symantec.
These are the only probs I am having so far. Thanks for offering this product. Hopefully all the kinks will get worked out soon enough.
Granny, could you please email me and send me a report of the anti-rootkit scan that detects the Symantec file as hidden? (pedro.bustamante’at’pandasecurity.com)
Btw the Ad-aware issue has been reported before so I recommend you always deactivate it before running a scan with Panda Anti-Rootkit.
Hello,
I’ve tried running a scan & after it finishes I get “PVARK.exe has encountered a problem and needs to close.” Also tried v1.07 with the same result. Rebooting, closing everything else down doesn’t help.
I’m running XP2 pro, sp2. Many thanks.
Sam, double-check your system by running a full scan with ActiveScan:
http://www.pandasecurity.com/activescan
This online scanner also has rootkit detection so it should find the problem.
Cheers but it keeps crashing on my machine after around a minute.
version 1.08 always errors at 17% during Windows Registry scan step .
Here is the info on 1.08.00: PAVARK.exe has encountered a problem and needs to close. AppName: pavark.exe AppVer: 5.0.0.4 ModName: ntdll.dll ModVer: 5.1.2600.5512 Offset: 000369aa
ERROR Report
C:\DOCUME~1\User\LOCALS~1\Temp\7d40_appcompat.txt
< ?xml version="1.0" encoding="UTF-16"?>
PC info:
DELL Optiplex GX620
< << System Summary >>>
> Mainboard : Dell 0HH807
> Chipset : Intel i945G/GZ
> Processor : Intel Pentium 4 640 @ 3200 MHz
> Physical Memory : 4096 MB (4 x 1024 DDR2-SDRAM )
> Video Card : 256MB ATI RADEON X600
> Hard Disk : ST3120026AS (120 GB)
> Hard Disk : WDC (160 GB)
> DVD-Rom Drive : _NEC DVD+RW ND-2100AD
> DVD-Rom Drive : PHILIPS DVD+-RW DVD8801
> Monitor Type : Dell Computer DELL 2001FP – 20 inches
> Network Card : Broadcom Corp BCM5750A1 NetXtreme Gigabit Ethernet
> Operating System : Microsoft Windows XP Professional 5.01.2600 Service Pack 3
> DirectX : Version 9.0c
I understand from a n|net article that the new EA game, which I have purchased and installed, contains a rootkit. I wish to remove spore and the rootkit from my PC. But the articles I found on how to do so all make me worry about it removing it. It’s not safe to execute the manual process.
I found this site and wanted to now if Panda has any plans to make a remove tool for the root kit in Spore?
Best,
Alex Alexzander
I’m not aware of the EA game rootkit Alex, but Panda Anti-Rootkit should be able to deactivate most modern rootkits, even if it’s new or unknown. Download and run it and post back your results.
Hi, how I can send PM?
proslaviy, you can send me a private message from here:
http://research.pandasecurity.com/contact.aspx
SOme time has passed since the last “Vista” comment, so, I wonder if you have some news about Panda Anti-Rootkit in Vista, and if not, I would like to ask you which other tool of other brands can you eventually suggest so that we can use it on Vista while we wait for the Panda one…
Thanks, Sergio
Re: Panda Anti-Rootkit for Vista.
We’re not going to upgrade Panda Anti-Rootkit (PAVARK) to a new version for Vista. Instead we’ve added the PAVARK technology to our command-line scanner, which is available for free from here:
http://research.pandasecurity.com/archive/New-Panda-Antivirus-Command-Line-9.5.1.aspx
You can also find a GUI frontend for the command-line scanner here:
http://research.pandasecurity.com/archive/Command-line-scanner-GUI-frontend.aspx
Hi,
I ram Pand Antirootkit 1.08 and it found 2 unknown rootkits. However, I cannot select them for removal. Here’s a screenshot. Any ideas how to get rid of them?
http://i34.tinypic.com/555ekj.jpg
Eran, what happens when you click on the “Remove Rootkits” button?
Also, did you run Panda Anti-Rootkit with the “in-depth scan” option enabled?
If none of the above work, I recommend you download the command-line scanner which also has rootkit removal during boot:
http://research.pandasecurity.com/archive/New-Panda-Antivirus-Command-Line-9.5.1.aspx
I would like to get a Results Report when running from the commandline in a script? I’m using version 1.08 and have tried every combination of using the “/RESULTS:” switch and I get nothing. Thanks for your help. -GT
Will we ever see a resolution to the problem of version 1.08 crashing ????????
When attempting to perform the in-depth-scan, my system halted with a blue screen after the initial splash screen of my anti-virus-sw had been displayed. My system runs on XP 5.1.2600 Service Pack 3 Build 2600; my anti-virus-sw is Avira Professional.
Best regards, Thomas
Kapersky warns me that Panda is installing a new driver secretly:
sngkuoigvhum.sys
Have a problem here?
Thank you for the use of your root-kit program.
It worked in a couple of minutes, while Mcafee, that Gateway computers subscribed me to never did.
It said I had a Trojan. and that it has got rid of it…. but it never did remove it!
Your program took one pass, and it was gone.
Thanks.
Istvan
I ran Panda Anti-Rootkit and now my pc continously reboots itself after it logs into windows. Thanks a lot Panda I’ve just lost a lot of data unless your tech guys can help me out.