Rootkits are normally not visible to traditional AVs since they hide by installing themselves as kernel modules, low level hooks and by patching undocumented OS functions. Rootkits may not be malicious on their own but they're used by hackers to hide utilities and malware. We're seeing more and more malware samples every day that use rootkit technologies to hide their presence.
Panda AntiRootkit (Codename Tucan) shows hidden system resources, identifying known and unknown rootkits. Tucan analizes the following system components:
– Hidden drivers
– Hidden processes
– Hidden modules
– Hidden files
– Hidden registry entries
– SDT modifications
– EAT hooks
– Modification to the IDT
– Non standard INT2E
– Non standard SYSENTER
– IRP hooks
– And more…
Unlike other rootkit utilities which merely "reveal" hidden objects, Tucan positively identifies known and unknown rootkits and gives the option of removing them, including their associated registry entries, processes and files.
Of course this is still apha code so all typical disclaimers apply. We're not responsible if this breaks your machine so make sure to run it only on test systems. There's also a command-line version in case you're interested. Contact me privately for that.
UPDATE 12/29/2006
We have just released Panda AntiRootkit (Codename Tucan) to public beta. Click here to download version 1.05.
UPDATE 4/2/2007
Panda AntiRootkit 1.06 has been released. Visit the updated Panda AntiRootkit page to find out more and download it.
UPDATE 9/11/2007
You can find the updated page for Panda Anti-Rootkit here.