From Newsgroup: alt.comp.freeware

I've been looking for the best freeware anti-rootkit program, mostly
going over the offerings at Snapfiles.com. I don't really want to
install a full-fledged anti-malware progam, am looking more for
something portable and which is currently still being developed.

Currently, on my system in my portable applications folder, I have the following available:

- Kaspersky TDSSKiller (which has)
- Malwarebytes Ant-Rrootkit
- Trend Micro Rootkit Buster

The first one found nothing. Not surprising because it's been
discontinued and is no longer supported by Kapersky. It may have been
replaced by their KVRT utility, which is not available to people inside
the United States. From https://www.kaspersky.com/downloads/free-virus-removal-tool comes the following:

"Downloads are unavailable for US customers. For non-US customers"


Malwarebytes Ant-Rrootkit required me to reboot, so it might have found something. However, I never saw any results mentioned anywhere.

Trend Micro Rootkit Buster started and continued running in the
background without telling me it was going to do that. However, I trust
Trend Micro and have found their Housecall product to be very thorough
in the past. That was when I was working on a friend' computer that had
a very persistent Russian Trojan infection. OTOH, so far Rootkit Buster
hasn't detected anything.

Regardless, can anybody tell me of another freeware product I might want
to give a try?

It's not likely that my computer has an infection, but I would like to
be as sure as possible that it doesn't have a rootkit.

TIA.
--
John C. No ad, CD, cripple, demo, nag, pay, pirated, share, spy,
time-limited, trial or web wares for me please. I filter crossposts,
various trolls & dizum.com. This makes ACF easier to read. Take back
tech corporations from India & industry back from China.

--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.freeware

On Wed, 03 Dec 2025 05:27:21 -0600, John C. <r9jmg0@yahoo.com> wrote:

I've been looking for the best freeware anti-rootkit program, mostly
going over the offerings at Snapfiles.com. I don't really want to
install a full-fledged anti-malware progam, am looking more for
something portable and which is currently still being developed.

Currently, on my system in my portable applications folder, I have the following available:

- Kaspersky TDSSKiller (which has)
- Malwarebytes Ant-Rrootkit
- Trend Micro Rootkit Buster

The first one found nothing. Not surprising because it's been
discontinued and is no longer supported by Kapersky. It may have been replaced by their KVRT utility, which is not available to people inside
the United States. From https://www.kaspersky.com/downloads/free-virus-removal-tool comes the following:

"Downloads are unavailable for US customers. For non-US customers"

Kaspersky is still what I prefer.
I download their KVRT by visiting https://www.hidethisip.net/ and selecting Germany (Frankfurt) for the WebServer.
I enter the direct download link, https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe
and then select the Go To Site button.
I do have to rename the file, including the .exe extension, after it downloads. The file size was 112.45 MB the last time I downloaded it.

Malwarebytes Ant-Rrootkit required me to reboot, so it might have found something. However, I never saw any results mentioned anywhere.

Trend Micro Rootkit Buster started and continued running in the
background without telling me it was going to do that. However, I trust
Trend Micro and have found their Housecall product to be very thorough
in the past. That was when I was working on a friend' computer that had
a very persistent Russian Trojan infection. OTOH, so far Rootkit Buster hasn't detected anything.

Regardless, can anybody tell me of another freeware product I might want
to give a try?

It's not likely that my computer has an infection, but I would like to
be as sure as possible that it doesn't have a rootkit.

TIA.

--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.freeware

"John C." <r9jmg0@yahoo.com> wrote:

I've been looking for the best freeware anti-rootkit program, ...
- Kaspersky TDSSKiller (which has) (*)
- Malwarebytes Ant-Rrootkit
- Trend Micro Rootkit Buster (**)

(*) Usable on a limited genre of rootkits; see:
https://www.bleepingcomputer.com/download/tdsskiller/

(**) Only runs under Windows.

You didn't bother to mention which OS you are loading. Mozilla crippled
the User-Agent header of Tbird, so it is no longer usable to detect
under which OS you ran Tbird; however, the OS under which you use an
NNTP client to post a Usenet article may be different than the OS under
which you want to resolve an issue. You mentioned TrendMicro's product
which is a Windows-only program, so you're looking at rootkit detection
on some Windows version, but which version is unknown.

You might want to ask those AV devs if they ever bother to check if a
UEFI bootkit has been setup on your computer(s). It was added by
Microsoft, so it may not be considered a rootkit, but it behaves just
like one, and malware can utilize it. Below is my canned reference on
the UEFI rootkit. However, if the UEFI bootkit is used by your company
on their asset they permit you to use to perform your workload there,
and you kill their bootkit, they may lockdown your workstation, because
they can no longer inventory what is on THEIR asset. A lockout is easy:
you're not given a local admin account, you use their domain login, and
they simply disable your domain account.


UEFI & Windows: A rootkit for everyone.

A "feature" of UEFI (with Microsoft's involvement) is a program can be specified in the UEFI to run on Windows startup. Despite regulating any startup programs, or scanning for malware, there could sit a call to a
program in the UEFI. It could, for example, be used for starting
execution of tracking software (how the computer is used), or for
software inventorying on workstations. I've only seen it used by
companies that wanted to add usage tracking, location, anti-theft, or inventorying to their workstations. However, it could also be used by
malware, and I don't know if any AVs check for a program load specified
in the UEFI. As I recall, some mobos (Lenovo, Gigabyte, ASUS) use this
trick to run services or diagnostics on Windows startup. The AV should
catch malware for whatever the UEFI program load specifies; that is, the
.exe in UEFI usually calls some other program that runs under Windows.

It is a "feature" only with UEFI. When Windows loads, it has a program (C:\Windows\system32\wpbbin.exe) that runs to determine if the UEFI
specified a start program. The UEFI start program is in one of the ACPI
tables in the BIOS. One trick is to rename the loader program in
Windows called the UEFI Bootkit dubbed BlackLotus.

Use Nirsoft's Firmware Tables View to see the ACPI tables in UEFI. Look
for the "Windows Platform Binary Table" (WPBT). Nirsoft will show the
ACPI table, if it is defined, but won't let you delete it. When I found
out about this, Nirsoft didn't show a WPBT table, but then I have many
options disabled in the BIOS. I also don't have the wpbbin.exe program
(that checks the UEFI for an .exe file to load) in my Windows
installation.

Although pundits attempt to tout UEFI, Secure Boot, and other later
security measures as protecting users, there are UEFI Bootkits that
bypass all those measures, even Secure Boot, like BlackLotus.

https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/

Those are different beasts than the UEFI program load specified in an
ACPI table that Windows checks if it is defined, and if found will run
the UEFI-specified program. I'm noting the UEFI program load on Windows
launch because refurbs often are company workstations that were leased,
and then disposed of. Companies may employ tracking, location, or
software inventorying that the Windows-loaded UEFI-specified program
will start. You won't find that method listed in, say, SysInternals'
Autoruns. Windows loads, checks the UEFI for the bootkit/rootkit
program, and runs that program under Windows. Since Secure Boot okays
the load of Windows, and since it is a program under Windows that loads
the .exe in the UEFI, Secure Boot won't catch this tactic.

https://eclypsium.com/blog/everyone-gets-a-rootkit/

There are tools to nullify the .exe in the WPBT ACPI table in UEFI by
deleting it from memory before Windows reads the ACPI tables, like:

https://github.com/Jamesits/dropWPBT#from-windows

This removes the WPBT table from system memory, so you have it run as a
startup program (that loads with Windows startup, not until whenever you
log into your Windows account).

For your own computer, you don't want WPBT employed. WPBT started with
Windows 8. Probably the easiest way to disable WPBT is to rename,
delete, or move the wpbbin.exe if it exists on your system. An update
could replace it, so you might want to use Task Scheduler to run a
delete command on every Windows startup, but the scheduled event to
delete runs after the bootkit would get ran, so this tactic only
protects you on the next startup of Windows. The Github article talks
about different methods of disabling WPBT, but they're rather
complicated instructions.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.freeware

Allan Higdon wrote:

John C. wrote:

I've been looking for the best freeware anti-rootkit program, mostly
going over the offerings at Snapfiles.com. I don't really want to
install a full-fledged anti-malware progam, am looking more for
something portable and which is currently still being developed.

Currently, on my system in my portable applications folder, I have the
following available:

- Kaspersky TDSSKiller (which has)
- Malwarebytes Ant-Rrootkit
- Trend Micro Rootkit Buster

The first one found nothing. Not surprising because it's been
discontinued and is no longer supported by Kapersky. It may have been
replaced by their KVRT utility, which is not available to people inside
the United States. From
https://www.kaspersky.com/downloads/free-virus-removal-tool comes the
following:

"Downloads are unavailable for US customers. For non-US customers"

Kaspersky is still what I prefer.
I download their KVRT by visiting https://www.hidethisip.net/ and
selecting Germany (Frankfurt) for the WebServer.
I enter the direct download link, https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe and then select the Go To Site button.
I do have to rename the file, including the .exe extension, after it downloads.
The file size was 112.45 MB the last time I downloaded it.

115.251 MB for me.

Malwarebytes Ant-Rrootkit required me to reboot, so it might have found
something. However, I never saw any results mentioned anywhere.

Trend Micro Rootkit Buster started and continued running in the
background without telling me it was going to do that. However, I trust
Trend Micro and have found their Housecall product to be very thorough
in the past. That was when I was working on a friend' computer that had
a very persistent Russian Trojan infection. OTOH, so far Rootkit Buster
hasn't detected anything.

Regardless, can anybody tell me of another freeware product I might want
to give a try?

It's not likely that my computer has an infection, but I would like to
be as sure as possible that it doesn't have a rootkit.

TIA.

Interesting technique, Allan. I just used it and then ran the file
through Virustotal, which said that it was 0/71:

https://www.virustotal.com/gui/file/2023bc37aaba4c7ad0362b6940fe9955f683c53a3ba3b58c0f5db6fe1e76b3d9

Is it a portable application or does it require installation?
--
John C. No ad, CD, cripple, demo, nag, pay, pirated, share, spy,
time-limited, trial or web wares for me please. I filter crossposts,
various trolls & dizum.com. This makes ACF easier to read. Take back
tech corporations from India & industry back from China.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.freeware

VanguardLH wrote:

John C. wrote:

I've been looking for the best freeware anti-rootkit program, ...
- Kaspersky TDSSKiller (which has) (*)
- Malwarebytes Ant-Rrootkit
- Trend Micro Rootkit Buster (**)

(*) Usable on a limited genre of rootkits; see:
https://www.bleepingcomputer.com/download/tdsskiller/

Unfortunately, on system the dowload links at that site are 404ed.

(**) Only runs under Windows.

You didn't bother to mention which OS you are loading.

Sorry about that. It's W10 Pro, fully updated as far as possible and on ESU.

(snip)

You might want to ask those AV devs if they ever bother to check if a
UEFI bootkit has been setup on your computer(s). It was added by
Microsoft, so it may not be considered a rootkit, but it behaves just
like one, and malware can utilize it. Below is my canned reference on
the UEFI rootkit. However, if the UEFI bootkit is used by your company
on their asset they permit you to use to perform your workload there,
and you kill their bootkit, they may lockdown your workstation, because
they can no longer inventory what is on THEIR asset. A lockout is easy: you're not given a local admin account, you use their domain login, and
they simply disable your domain account.

My computer predates UEFI.

(snipped, since it doesn't apply to my system.)

Thanks for replying, VanguardLH.
--
John C. No ad, CD, cripple, demo, nag, pay, pirated, share, spy,
time-limited, trial or web wares for me please. I filter crossposts,
various trolls & dizum.com. This makes ACF easier to read. Take back
tech corporations from India & industry back from China.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.freeware

On Thu, 04 Dec 2025 06:13:47 -0600, John C. <r9jmg0@yahoo.com> wrote:

Allan Higdon wrote:

John C. wrote:

I've been looking for the best freeware anti-rootkit program, mostly
going over the offerings at Snapfiles.com. I don't really want to
install a full-fledged anti-malware progam, am looking more for
something portable and which is currently still being developed.

Currently, on my system in my portable applications folder, I have the
following available:

- Kaspersky TDSSKiller (which has)
- Malwarebytes Ant-Rrootkit
- Trend Micro Rootkit Buster

The first one found nothing. Not surprising because it's been
discontinued and is no longer supported by Kapersky. It may have been
replaced by their KVRT utility, which is not available to people inside
the United States. From
https://www.kaspersky.com/downloads/free-virus-removal-tool comes the
following:

"Downloads are unavailable for US customers. For non-US customers"

Kaspersky is still what I prefer.
I download their KVRT by visiting https://www.hidethisip.net/ and
selecting Germany (Frankfurt) for the WebServer.
I enter the direct download link,
https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe >> and then select the Go To Site button.
I do have to rename the file, including the .exe extension, after it
downloads.
The file size was 112.45 MB the last time I downloaded it.

115.251 MB for me.

Malwarebytes Ant-Rrootkit required me to reboot, so it might have found
something. However, I never saw any results mentioned anywhere.

Trend Micro Rootkit Buster started and continued running in the
background without telling me it was going to do that. However, I trust
Trend Micro and have found their Housecall product to be very thorough
in the past. That was when I was working on a friend' computer that had
a very persistent Russian Trojan infection. OTOH, so far Rootkit Buster
hasn't detected anything.

Regardless, can anybody tell me of another freeware product I might want >>> to give a try?

It's not likely that my computer has an infection, but I would like to
be as sure as possible that it doesn't have a rootkit.

TIA.

Interesting technique, Allan. I just used it and then ran the file
through Virustotal, which said that it was 0/71:

https://www.virustotal.com/gui/file/2023bc37aaba4c7ad0362b6940fe9955f683c53a3ba3b58c0f5db6fe1e76b3d9

Is it a portable application or does it require installation?

It's a standalone scanner. It does not require installation.
It does create a folder in the C:\ drive's root, which can be deleted after a reboot.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.freeware

"John C." <r9jmg0@yahoo.com> wrote:

VanguardLH wrote:

John C. wrote:

I've been looking for the best freeware anti-rootkit program, ...
- Kaspersky TDSSKiller (which has) (*)
- Malwarebytes Ant-Rrootkit
- Trend Micro Rootkit Buster (**)

(*) Usable on a limited genre of rootkits; see:
https://www.bleepingcomputer.com/download/tdsskiller/

Unfortunately, on system the dowload links at that site are 404ed.

Perhaps due to geofencing. Works okay for me in USA. Usually a
different page is presented when a visitor is blocked due to geofencing.
404 usually means the page does not exist at the server. Maybe you need
to flush your locally cached files, like history, cookies, DOM storage,
in your web browser. A cached web page in your web browser may no
longer exist at the server. TDSS is just one variety of rootkit.
TDSSkiller focuses on that one, and forks created by script kiddies.

https://en.wikipedia.org/wiki/Alureon

You might want to ask those AV devs if they ever bother to check if a
UEFI bootkit has been setup on your computer(s).

My computer predates UEFI.

Then you're still using the old BIOS scheme, so no UEFI bootkit.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.freeware

On 25/12/04 05:54 AM, Allan Higdon wrote:

On Thu, 04 Dec 2025 06:13:47 -0600, John C. <r9jmg0@yahoo.com> wrote:

Allan Higdon wrote:

John C. wrote:

I've been looking for the best freeware anti-rootkit program, mostly
going over the offerings at Snapfiles.com. I don't really want to
install a full-fledged anti-malware progam, am looking more for
something portable and which is currently still being developed.

Currently, on my system in my portable applications folder, I have the >>>> following available:

- Kaspersky TDSSKiller (which has)
- Malwarebytes Ant-Rrootkit
- Trend Micro Rootkit Buster

The first one found nothing. Not surprising because it's been
discontinued and is no longer supported by Kapersky. It may have been
replaced by their KVRT utility, which is not available to people inside >>>> the United States. From
https://www.kaspersky.com/downloads/free-virus-removal-tool comes the
following:

"Downloads are unavailable for US customers. For non-US customers"

Kaspersky is still what I prefer.
I download their KVRT by visiting https://www.hidethisip.net/ and
selecting Germany (Frankfurt) for the WebServer.
I enter the direct download link,
https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/
KVRT.exe
and then select the Go To Site button.
I do have to rename the file, including the .exe extension, after it
downloads.
The file size was 112.45 MB the last time I downloaded it.

115.251 MB for me.

Malwarebytes Ant-Rrootkit required me to reboot, so it might have found >>>> something. However, I never saw any results mentioned anywhere.

Trend Micro Rootkit Buster started and continued running in the
background without telling me it was going to do that. However, I trust >>>> Trend Micro and have found their Housecall product to be very thorough >>>> in the past. That was when I was working on a friend' computer that had >>>> a very persistent Russian Trojan infection. OTOH, so far Rootkit Buster >>>> hasn't detected anything.

Regardless, can anybody tell me of another freeware product I might
want
to give a try?

It's not likely that my computer has an infection, but I would like to >>>> be as sure as possible that it doesn't have a rootkit.

TIA.

Interesting technique, Allan. I just used it and then ran the file
through Virustotal, which said that it was 0/71:

https://www.virustotal.com/gui/
file/2023bc37aaba4c7ad0362b6940fe9955f683c53a3ba3b58c0f5db6fe1e76b3d9

Is it a portable application or does it require installation?

It's a standalone scanner. It does not require installation.
It does create a folder in the C:\ drive's root, which can be deleted
after a reboot.

Heh. It also has a EULA that would take a lawyer to translate. Doesn't
matter theouh. I don't have a rootkit. Turned out that the issue I have
been experiencing with slow program startup times is caused by the
KB5072653 update. I found this out by looking at my update history,
noting timewise the most likely update that made the problematic changes
and then uninstalling the update. I restarted the computer after turning
off my cable modem and router, then temporarily pausing updates to
prevent the update from getting reinstalled. Guess what! The problem
with the long program startup pauses totally went away. I reinstalled
the update and the problem came back. I repeated the first procedure and
the problem returned.

I was actually in a chat with a MS agent about the problem a little
while ago. However, that discussion was totally fruitless as you would
expect.

I would now like to either completely block all further updates or else unsubscribe from ESU.
--
John C. No ad, CD, cripple, demo, nag, pay, pirated, share, spy,
time-limited, trial or web wares for me please. I filter crossposts,
various trolls & dizum.com. This makes ACF easier to read. Take back
tech corporations from India & industry back from China.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.freeware

"John C." <r9jmg0@yahoo.com> wrote:

On 25/12/04 05:54 AM, Allan Higdon wrote:

On Thu, 04 Dec 2025 06:13:47 -0600, John C. <r9jmg0@yahoo.com> wrote:

Allan Higdon wrote:

John C. wrote:

I've been looking for the best freeware anti-rootkit program, mostly >>>>> going over the offerings at Snapfiles.com. I don't really want to
install a full-fledged anti-malware progam, am looking more for
something portable and which is currently still being developed.

Currently, on my system in my portable applications folder, I have the >>>>> following available:

- Kaspersky TDSSKiller (which has)
- Malwarebytes Ant-Rrootkit
- Trend Micro Rootkit Buster

The first one found nothing. Not surprising because it's been
discontinued and is no longer supported by Kapersky. It may have been >>>>> replaced by their KVRT utility, which is not available to people inside >>>>> the United States. From
https://www.kaspersky.com/downloads/free-virus-removal-tool comes the >>>>> following:

"Downloads are unavailable for US customers. For non-US customers"

Kaspersky is still what I prefer.
I download their KVRT by visiting https://www.hidethisip.net/ and
selecting Germany (Frankfurt) for the WebServer.
I enter the direct download link,
https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/
KVRT.exe
and then select the Go To Site button.
I do have to rename the file, including the .exe extension, after it
downloads.
The file size was 112.45 MB the last time I downloaded it.

115.251 MB for me.

Malwarebytes Ant-Rrootkit required me to reboot, so it might have found >>>>> something. However, I never saw any results mentioned anywhere.

Trend Micro Rootkit Buster started and continued running in the
background without telling me it was going to do that. However, I trust >>>>> Trend Micro and have found their Housecall product to be very thorough >>>>> in the past. That was when I was working on a friend' computer that had >>>>> a very persistent Russian Trojan infection. OTOH, so far Rootkit Buster >>>>> hasn't detected anything.

Regardless, can anybody tell me of another freeware product I might
want
to give a try?

It's not likely that my computer has an infection, but I would like to >>>>> be as sure as possible that it doesn't have a rootkit.

TIA.

Interesting technique, Allan. I just used it and then ran the file
through Virustotal, which said that it was 0/71:

https://www.virustotal.com/gui/
file/2023bc37aaba4c7ad0362b6940fe9955f683c53a3ba3b58c0f5db6fe1e76b3d9

Is it a portable application or does it require installation?

It's a standalone scanner. It does not require installation.
It does create a folder in the C:\ drive's root, which can be deleted
after a reboot.

Heh. It also has a EULA that would take a lawyer to translate. Doesn't
matter theouh. I don't have a rootkit. Turned out that the issue I have
been experiencing with slow program startup times is caused by the
KB5072653 update. I found this out by looking at my update history,
noting timewise the most likely update that made the problematic changes
and then uninstalling the update. I restarted the computer after turning
off my cable modem and router, then temporarily pausing updates to
prevent the update from getting reinstalled. Guess what! The problem
with the long program startup pauses totally went away. I reinstalled
the update and the problem came back. I repeated the first procedure and
the problem returned.

I was actually in a chat with a MS agent about the problem a little
while ago. However, that discussion was totally fruitless as you would expect.

I would now like to either completely block all further updates or else unsubscribe from ESU.

As another test, if you feel so inclined, is to zero out the idle delay
on loading apps in the registry:

Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
Subkey: Serialize
- Data name: WaitForIdleState (DWORD32)
Data value: 0 (zero) or 1 (one)
- Data name: StartupDelayInMSec (DWORD32)
Data value: 0 (zero) or 1 (one)

Since the Serialize is not defined, by default, you'll have to create it
along with its data items and their values.

These were reported for reg edits with Windows 11. They may not apply
or be undefined under Windows 10. For example, Windows 11 changed from
a static delay to a dynamic delay based on the system getting to a
sufficient "steady state" (probably only MS knows how that is defined,
but one metric is when CPU or disk activity is "low enough"). When
ready state was static, the StartupDeflayInMSec reg edit worked. With
dynamic read static, the replacement is WaitForIdleState.

The data item names are case sensitive, so use camel-case as shown.
Apparently a zero value can incur contentions with startup programs, and
1 works better. Not a value of zero does not eliminate the delay, but
reduce from 18 seconds to 8 seconds after login screen is finished. I
suspect MS wants the kernel and services a chance to get ready before
starting the startup programs.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.freeware

On 04/12/2025 15:40, VanguardLH wrote:

"John C." <r9jmg0@yahoo.com> wrote:

VanguardLH wrote:

John C. wrote:

I've been looking for the best freeware anti-rootkit program, ...
- Kaspersky TDSSKiller (which has) (*)
- Malwarebytes Ant-Rrootkit
- Trend Micro Rootkit Buster (**)

(*) Usable on a limited genre of rootkits; see:
https://www.bleepingcomputer.com/download/tdsskiller/

Unfortunately, on system the dowload links at that site are 404ed.

Perhaps due to geofencing. Works okay for me in USA. Usually a
different page is presented when a visitor is blocked due to geofencing.
404 usually means the page does not exist at the server. Maybe you need
to flush your locally cached files, like history, cookies, DOM storage,
in your web browser. A cached web page in your web browser may no
longer exist at the server. TDSS is just one variety of rootkit.
TDSSkiller focuses on that one, and forks created by script kiddies.

https://en.wikipedia.org/wiki/Alureon

snip <

Download 404s for me too in the Uk.
However it is available from other major download sites
- https://www.majorgeeks.com/files/details/kaspersky_tdsskiller.html
--
Regards
wasbit
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.freeware

On 05/12/2025 09:12, wasbit wrote:

On 04/12/2025 15:40, VanguardLH wrote:

"John C." <r9jmg0@yahoo.com> wrote:

VanguardLH wrote:

John C. wrote:

I've been looking for the best freeware anti-rootkit program, ...
- Kaspersky TDSSKiller (which has) (*)
- Malwarebytes Ant-Rrootkit
- Trend Micro Rootkit Buster (**)

(*) Usable on a limited genre of rootkits; see:
     https://www.bleepingcomputer.com/download/tdsskiller/

Unfortunately, on system the dowload links at that site are 404ed.

Perhaps due to geofencing.  Works okay for me in USA.  Usually a
different page is presented when a visitor is blocked due to geofencing.
404 usually means the page does not exist at the server.  Maybe you need
to flush your locally cached files, like history, cookies, DOM storage,
in your web browser.  A cached web page in your web browser may no
longer exist at the server.  TDSS is just one variety of rootkit.
TDSSkiller focuses on that one, and forks created by script kiddies.

https://en.wikipedia.org/wiki/Alureon

snip <

Download 404s for me too in the Uk.
However it is available from other major download sites
 - https://www.majorgeeks.com/files/details/kaspersky_tdsskiller.html

Wrong. Major Geeks sends you to the Kaspersky 404 page.
It has probably been superseded by/included in the Kaspersky Virus
Removal Tool
- https://www.kaspersky.co.uk/downloads/free-virus-removal-tool
--
Regards
wasbit
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.freeware

On 25/12/04 02:20 PM, VanguardLH wrote:

"John C." <r9jmg0@yahoo.com> wrote:

On 25/12/04 05:54 AM, Allan Higdon wrote:

On Thu, 04 Dec 2025 06:13:47 -0600, John C. <r9jmg0@yahoo.com> wrote:

Allan Higdon wrote:

John C. wrote:

I've been looking for the best freeware anti-rootkit program, mostly >>>>>> going over the offerings at Snapfiles.com. I don't really want to
install a full-fledged anti-malware progam, am looking more for
something portable and which is currently still being developed.

Currently, on my system in my portable applications folder, I have the >>>>>> following available:

- Kaspersky TDSSKiller (which has)
- Malwarebytes Ant-Rrootkit
- Trend Micro Rootkit Buster

The first one found nothing. Not surprising because it's been
discontinued and is no longer supported by Kapersky. It may have been >>>>>> replaced by their KVRT utility, which is not available to people inside >>>>>> the United States. From
https://www.kaspersky.com/downloads/free-virus-removal-tool comes the >>>>>> following:

"Downloads are unavailable for US customers. For non-US customers"

Kaspersky is still what I prefer.
I download their KVRT by visiting https://www.hidethisip.net/ and
selecting Germany (Frankfurt) for the WebServer.
I enter the direct download link,
https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/
KVRT.exe
and then select the Go To Site button.
I do have to rename the file, including the .exe extension, after it >>>>> downloads.
The file size was 112.45 MB the last time I downloaded it.

115.251 MB for me.

Malwarebytes Ant-Rrootkit required me to reboot, so it might have found >>>>>> something. However, I never saw any results mentioned anywhere.

Trend Micro Rootkit Buster started and continued running in the
background without telling me it was going to do that. However, I trust >>>>>> Trend Micro and have found their Housecall product to be very thorough >>>>>> in the past. That was when I was working on a friend' computer that had >>>>>> a very persistent Russian Trojan infection. OTOH, so far Rootkit Buster >>>>>> hasn't detected anything.

Regardless, can anybody tell me of another freeware product I might >>>>>> want
to give a try?

It's not likely that my computer has an infection, but I would like to >>>>>> be as sure as possible that it doesn't have a rootkit.

TIA.

Interesting technique, Allan. I just used it and then ran the file
through Virustotal, which said that it was 0/71:

https://www.virustotal.com/gui/
file/2023bc37aaba4c7ad0362b6940fe9955f683c53a3ba3b58c0f5db6fe1e76b3d9

Is it a portable application or does it require installation?

It's a standalone scanner. It does not require installation.
It does create a folder in the C:\ drive's root, which can be deleted
after a reboot.

Heh. It also has a EULA that would take a lawyer to translate. Doesn't
matter theouh. I don't have a rootkit. Turned out that the issue I have
been experiencing with slow program startup times is caused by the
KB5072653 update. I found this out by looking at my update history,
noting timewise the most likely update that made the problematic changes
and then uninstalling the update. I restarted the computer after turning
off my cable modem and router, then temporarily pausing updates to
prevent the update from getting reinstalled. Guess what! The problem
with the long program startup pauses totally went away. I reinstalled
the update and the problem came back. I repeated the first procedure and
the problem returned.

I was actually in a chat with a MS agent about the problem a little
while ago. However, that discussion was totally fruitless as you would
expect.

I would now like to either completely block all further updates or else
unsubscribe from ESU.

As another test, if you feel so inclined, is to zero out the idle delay
on loading apps in the registry:

Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
Subkey: Serialize
- Data name: WaitForIdleState (DWORD32)
Data value: 0 (zero) or 1 (one)
- Data name: StartupDelayInMSec (DWORD32)
Data value: 0 (zero) or 1 (one)

Since the Serialize is not defined, by default, you'll have to create it along with its data items and their values.

These were reported for reg edits with Windows 11. They may not apply
or be undefined under Windows 10. For example, Windows 11 changed from
a static delay to a dynamic delay based on the system getting to a
sufficient "steady state" (probably only MS knows how that is defined,
but one metric is when CPU or disk activity is "low enough"). When
ready state was static, the StartupDeflayInMSec reg edit worked. With dynamic read static, the replacement is WaitForIdleState.

The data item names are case sensitive, so use camel-case as shown. Apparently a zero value can incur contentions with startup programs, and
1 works better. Not a value of zero does not eliminate the delay, but
reduce from 18 seconds to 8 seconds after login screen is finished. I suspect MS wants the kernel and services a chance to get ready before starting the startup programs.

Just to be sure we're clear about what I'm saying, I'm not talking about
a delay in startup programs launching. The programs which are
experiencing the startup delay are all ones that I start manually either
by a keystroke combination or by double clicking on a shortcut.
--
John C. No ad, CD, cripple, demo, nag, pay, pirated, share, spy,
time-limited, trial or web wares for me please. I filter crossposts,
various trolls & dizum.com. This makes ACF easier to read. Take back
tech corporations from India & industry back from China.
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.freeware

"John C." <r9jmg0@yahoo.com> wrote:

On 25/12/04 02:20 PM, VanguardLH wrote:

"John C." <r9jmg0@yahoo.com> wrote:

On 25/12/04 05:54 AM, Allan Higdon wrote:

On Thu, 04 Dec 2025 06:13:47 -0600, John C. <r9jmg0@yahoo.com> wrote:

Allan Higdon wrote:

John C. wrote:

I've been looking for the best freeware anti-rootkit program, mostly >>>>>>> going over the offerings at Snapfiles.com. I don't really want to >>>>>>> install a full-fledged anti-malware progam, am looking more for
something portable and which is currently still being developed. >>>>>>>
Currently, on my system in my portable applications folder, I have the >>>>>>> following available:

- Kaspersky TDSSKiller (which has)
- Malwarebytes Ant-Rrootkit
- Trend Micro Rootkit Buster

The first one found nothing. Not surprising because it's been
discontinued and is no longer supported by Kapersky. It may have been >>>>>>> replaced by their KVRT utility, which is not available to people inside >>>>>>> the United States. From
https://www.kaspersky.com/downloads/free-virus-removal-tool comes the >>>>>>> following:

"Downloads are unavailable for US customers. For non-US customers" >>>>>>

Kaspersky is still what I prefer.
I download their KVRT by visiting https://www.hidethisip.net/ and
selecting Germany (Frankfurt) for the WebServer.
I enter the direct download link,
https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/ >>>>>> KVRT.exe
and then select the Go To Site button.
I do have to rename the file, including the .exe extension, after it >>>>>> downloads.
The file size was 112.45 MB the last time I downloaded it.

115.251 MB for me.

Malwarebytes Ant-Rrootkit required me to reboot, so it might have found >>>>>>> something. However, I never saw any results mentioned anywhere.

Trend Micro Rootkit Buster started and continued running in the
background without telling me it was going to do that. However, I trust >>>>>>> Trend Micro and have found their Housecall product to be very thorough >>>>>>> in the past. That was when I was working on a friend' computer that had >>>>>>> a very persistent Russian Trojan infection. OTOH, so far Rootkit Buster >>>>>>> hasn't detected anything.

Regardless, can anybody tell me of another freeware product I might >>>>>>> want
to give a try?

It's not likely that my computer has an infection, but I would like to >>>>>>> be as sure as possible that it doesn't have a rootkit.

TIA.

Interesting technique, Allan. I just used it and then ran the file
through Virustotal, which said that it was 0/71:

https://www.virustotal.com/gui/
file/2023bc37aaba4c7ad0362b6940fe9955f683c53a3ba3b58c0f5db6fe1e76b3d9 >>>>>
Is it a portable application or does it require installation?

It's a standalone scanner. It does not require installation.
It does create a folder in the C:\ drive's root, which can be deleted
after a reboot.

Heh. It also has a EULA that would take a lawyer to translate. Doesn't
matter theouh. I don't have a rootkit. Turned out that the issue I have
been experiencing with slow program startup times is caused by the
KB5072653 update. I found this out by looking at my update history,
noting timewise the most likely update that made the problematic changes >>> and then uninstalling the update. I restarted the computer after turning >>> off my cable modem and router, then temporarily pausing updates to
prevent the update from getting reinstalled. Guess what! The problem
with the long program startup pauses totally went away. I reinstalled
the update and the problem came back. I repeated the first procedure and >>> the problem returned.

I was actually in a chat with a MS agent about the problem a little
while ago. However, that discussion was totally fruitless as you would
expect.

I would now like to either completely block all further updates or else
unsubscribe from ESU.

As another test, if you feel so inclined, is to zero out the idle delay
on loading apps in the registry:

Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
Subkey: Serialize
- Data name: WaitForIdleState (DWORD32)
Data value: 0 (zero) or 1 (one)
- Data name: StartupDelayInMSec (DWORD32)
Data value: 0 (zero) or 1 (one)

Since the Serialize is not defined, by default, you'll have to create it
along with its data items and their values.

These were reported for reg edits with Windows 11. They may not apply
or be undefined under Windows 10. For example, Windows 11 changed from
a static delay to a dynamic delay based on the system getting to a
sufficient "steady state" (probably only MS knows how that is defined,
but one metric is when CPU or disk activity is "low enough"). When
ready state was static, the StartupDeflayInMSec reg edit worked. With
dynamic read static, the replacement is WaitForIdleState.

The data item names are case sensitive, so use camel-case as shown.
Apparently a zero value can incur contentions with startup programs, and
1 works better. Not a value of zero does not eliminate the delay, but
reduce from 18 seconds to 8 seconds after login screen is finished. I
suspect MS wants the kernel and services a chance to get ready before
starting the startup programs.

Just to be sure we're clear about what I'm saying, I'm not talking about
a delay in startup programs launching. The programs which are
experiencing the startup delay are all ones that I start manually either
by a keystroke combination or by double clicking on a shortcut.

Okay, I see. Do you use AV software other than Windows Security (aka
Windows Defender)?

https://support.microsoft.com/en-us/topic/kb5072653-extended-security-updates-esu-licensing-preparation-package-for-windows-10-8c8b215c-d2af-44dc-b712-1ec403842cdc

From what they say, seems that update was to activate ESU licensing.
That prep update must be after KB5066791 was already installed. Have
you enrolled in the ESU program?
--- Synchronet 3.21b-Linux NewsLink 1.2

From Newsgroup: alt.comp.freeware

On 25/12/05 02:13 PM, VanguardLH wrote:

"John C." <r9jmg0@yahoo.com> wrote:

On 25/12/04 02:20 PM, VanguardLH wrote:

"John C." <r9jmg0@yahoo.com> wrote:

On 25/12/04 05:54 AM, Allan Higdon wrote:

On Thu, 04 Dec 2025 06:13:47 -0600, John C. <r9jmg0@yahoo.com> wrote: >>>>>

Allan Higdon wrote:

John C. wrote:

I've been looking for the best freeware anti-rootkit program, mostly >>>>>>>> going over the offerings at Snapfiles.com. I don't really want to >>>>>>>> install a full-fledged anti-malware progam, am looking more for >>>>>>>> something portable and which is currently still being developed. >>>>>>>>
Currently, on my system in my portable applications folder, I have the >>>>>>>> following available:

- Kaspersky TDSSKiller (which has)
- Malwarebytes Ant-Rrootkit
- Trend Micro Rootkit Buster

The first one found nothing. Not surprising because it's been
discontinued and is no longer supported by Kapersky. It may have been >>>>>>>> replaced by their KVRT utility, which is not available to people inside
the United States. From
https://www.kaspersky.com/downloads/free-virus-removal-tool comes the >>>>>>>> following:

"Downloads are unavailable for US customers. For non-US customers" >>>>>>>

Kaspersky is still what I prefer.
I download their KVRT by visiting https://www.hidethisip.net/ and >>>>>>> selecting Germany (Frankfurt) for the WebServer.
I enter the direct download link,
https://devbuilds.s.kaspersky-labs.com/devbuilds/KVRT/latest/full/ >>>>>>> KVRT.exe
and then select the Go To Site button.
I do have to rename the file, including the .exe extension, after it >>>>>>> downloads.
The file size was 112.45 MB the last time I downloaded it.

115.251 MB for me.

Malwarebytes Ant-Rrootkit required me to reboot, so it might have found
something. However, I never saw any results mentioned anywhere. >>>>>>>>
Trend Micro Rootkit Buster started and continued running in the >>>>>>>> background without telling me it was going to do that. However, I trust
Trend Micro and have found their Housecall product to be very thorough >>>>>>>> in the past. That was when I was working on a friend' computer that had
a very persistent Russian Trojan infection. OTOH, so far Rootkit Buster
hasn't detected anything.

Regardless, can anybody tell me of another freeware product I might >>>>>>>> want
to give a try?

It's not likely that my computer has an infection, but I would like to >>>>>>>> be as sure as possible that it doesn't have a rootkit.

TIA.

Interesting technique, Allan. I just used it and then ran the file >>>>>> through Virustotal, which said that it was 0/71:

https://www.virustotal.com/gui/
file/2023bc37aaba4c7ad0362b6940fe9955f683c53a3ba3b58c0f5db6fe1e76b3d9 >>>>>>
Is it a portable application or does it require installation?

It's a standalone scanner. It does not require installation.
It does create a folder in the C:\ drive's root, which can be deleted >>>>> after a reboot.

Heh. It also has a EULA that would take a lawyer to translate. Doesn't >>>> matter theouh. I don't have a rootkit. Turned out that the issue I have >>>> been experiencing with slow program startup times is caused by the
KB5072653 update. I found this out by looking at my update history,
noting timewise the most likely update that made the problematic changes >>>> and then uninstalling the update. I restarted the computer after turning >>>> off my cable modem and router, then temporarily pausing updates to
prevent the update from getting reinstalled. Guess what! The problem
with the long program startup pauses totally went away. I reinstalled
the update and the problem came back. I repeated the first procedure and >>>> the problem returned.

I was actually in a chat with a MS agent about the problem a little
while ago. However, that discussion was totally fruitless as you would >>>> expect.

I would now like to either completely block all further updates or else >>>> unsubscribe from ESU.

As another test, if you feel so inclined, is to zero out the idle delay
on loading apps in the registry:

Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
Subkey: Serialize
- Data name: WaitForIdleState (DWORD32)
Data value: 0 (zero) or 1 (one)
- Data name: StartupDelayInMSec (DWORD32)
Data value: 0 (zero) or 1 (one)

Since the Serialize is not defined, by default, you'll have to create it >>> along with its data items and their values.

These were reported for reg edits with Windows 11. They may not apply
or be undefined under Windows 10. For example, Windows 11 changed from
a static delay to a dynamic delay based on the system getting to a
sufficient "steady state" (probably only MS knows how that is defined,
but one metric is when CPU or disk activity is "low enough"). When
ready state was static, the StartupDeflayInMSec reg edit worked. With
dynamic read static, the replacement is WaitForIdleState.

The data item names are case sensitive, so use camel-case as shown.
Apparently a zero value can incur contentions with startup programs, and >>> 1 works better. Not a value of zero does not eliminate the delay, but
reduce from 18 seconds to 8 seconds after login screen is finished. I
suspect MS wants the kernel and services a chance to get ready before
starting the startup programs.

Just to be sure we're clear about what I'm saying, I'm not talking about
a delay in startup programs launching. The programs which are
experiencing the startup delay are all ones that I start manually either
by a keystroke combination or by double clicking on a shortcut.

Okay, I see. Do you use AV software other than Windows Security (aka
Windows Defender)?

https://support.microsoft.com/en-us/topic/kb5072653-extended-security-updates-esu-licensing-preparation-package-for-windows-10-8c8b215c-d2af-44dc-b712-1ec403842cdc

From what they say, seems that update was to activate ESU licensing.
That prep update must be after KB5066791 was already installed. Have
you enrolled in the ESU program?

1. I don't use any other AV program than Windows Security.

2. My wording was imprecise. What I meant to say was that when I start
some programs (Nirsoft's LiveTcyUdpWatch, SmartSniff and CurrPorts, also Photofiltre 7 and others ), there is a pronounced pause before they
open. None of these programs load automatically when I boot the computer.

3. Yes, I'm enrolled in the ESU program. However at this point, I wish
it was possible to disenroll.

I am giving serious consideration to going back to W7. W10+ are complete messes.
--
John C. No ad, CD, cripple, demo, nag, pay, pirated, share, spy,
time-limited, trial or web wares for me please. I filter crossposts,
various trolls & dizum.com. This makes ACF easier to read. Take back
tech corporations from India & industry back from China.
--- Synchronet 3.21b-Linux NewsLink 1.2