Friends, earlier I wrote an article on What are Rootkits, How they work, software to remove them. In the article I mentioned an application called RootkitRevealer which helps in indentifying suspesious DLLs in the system. But the problem was that we need to analyse the file and then manually delete it because the application doesn’t remove the files from the system. Further, it doesn’t support Windows Vista.

I just came across another excellent utility called SpyDLLRemover 2.5 from RootkitAnalytic which helps in identifying and removing infectious DLL’s(Rootkits, spywares, adwares etc).   Below is a screen shot :

SpyDLLRemover

It supports Windows XP, 2003, and Vista. Below is a small description of the utility as mentioned on the official website :

SpyDLLRemover is the standalone tool to effectively detect and delete spywares from the system. It comes with advanced spyware scanner which quickly discovers hidden Rootkit processes as well suspcious/injected DLLs within all running processes. It not only performs sophisticated auto analysis on process DLLs but also displays them with various threatlevels(Red, Orange and Yellow colours) , which greatly helps in quick identification of malicious DLLs. The DLL search feature helps in finding DLL within all running processes using just partial or full name. Then user can choose to remove the dll from single process or from all loaded processes with just one click.

One of the unique feature of SpyDLLRemover is its capability to free the DLL from remote process using advanced DLL injection method which can defeat any existing Rootkit tricks. It also uses sophisticated low level anti-rootkit techniques to uncover hidden userland Rootkit processes as well as to terminate them.

Newer version comes with other cool features such as HTML based report generation, sorting the process/dll list for quick analysis, enhanced user interface etc.

Features :

1) Advanced Spyware Scanner which efficiently discovers hidden Rootkit processes as well as suspicious/injected DLLs within all running processes in the system.

2) Detection and removal of hidden userland Rootkit processes using sophisticated techniques.

3) It uses the direct system calls to perform process related operations which defeats any attempt to hide by userland rootkits.

4) Termination of suspicious or hidden process based on low level implementation which makes it very effective against any Rootkit techniques.

an many more. You can visit the website for details on various features.

You can download SpyDLLRemover 2.5 from here.

Since, it is a standalone application therefore you are start using it right away after downloading as it doesn’t require installation. SpyDLLRemover is an easy to use tool with a very user friendly interface. Once you click on ‘Start scan’ button, SpyDLLRemover will display the suspicious DLL’s, if any, in a window as shown below :

1

Once you click on any of the DLL, a new window will open in which SpyDLLRemover displays all processes who have loaded the suspicious DLL with all the details like PID, Company, Description, Complete path of the processes. This information helps in deciding if the process (and DLL) is from a genuine application or an infection.  Afterwards, you can let the process (and DLL) to run or remove the DLL from the selected/all processes by clicking on ‘Remove DLL’ or ‘Remove DLL from ALL’ buttons.

You might be interested in my earlier post What are Rootkits, How they work, software to remove them to know more about Rootkits.

That’s it for now.

Stay tuned for more.

Advertisements