Sophos Anti-Rootkit

Topic

New Reply

Sophos Anti-Rootkit

“Eliminates hidden applications and processes
Removing rootkits without compromising system integrity is particularly challenging and needs to be done with care. Our software, Sophos Anti-Rootkit, finds and removes any rootkit that is hidden on your computer. ”

I gave this one a whirl. It didn’t detect any nasties, but does report the following:
“Warning: Failed to flush drive .C:. Registry scan may produce invalid results.
The process cannot access the file because it is being used by another process.”

I don’t understand what the convoluted reference is pointing to, or what the diagnostic means. Maybe it needs to be run from a removable boot device, to get full access to “everything”???

Alan

Reply | Quote

Replies

Alan,

This isn’t exactly the same message, and I don’t know if it’s relevant to your set-up, but the following is listed under “Known issues” in the Sophos Anti-Rootkit Read Me:

* Sophos Anti-Rootkit will work on a Terminal Services or Remote Desktop environment but may produce this warning which can be ignored: ‘Unable to flush drive C: (already open by another process)’.

and

* If the scan is performed while the computer is in use, false positives may appear in the scan results. This is caused by files or registry entries being deleted, including temporary files being deleted automatically.

Perhaps some registry activity while the scan was running generated the message you got?

I can’t report any results. I haven’t run it yet, having just downloaded it, as advised at Woody

Reply | Quote

Thanks Maud. From that, plus what John added, I’ll put that message in the “forget it” basket.

Alan

Reply | Quote

Alan

I got the same message as you, and it seems to me that it could be treated with “a complete ignoral”.

I also found it objected to:
C:Documents and SettingsApplication DataMozillaFirefoxProfiles.Commonparent.lock
but I don’t think I am going to worry too much about that!

Overall I was more impressed with this program that with SysInternals’ one (unusually) because it ran considerably faster and the results were less arcane. But then again, and pleasingly, I haven’t got any rootkits to test them both on…

John

Reply | Quote

I’d agree with your comparison on both counts. The SysInternals incarnation is/was indeed an arcanation – I never really knew what, if anything, I was being informed about.

Alan

Reply | Quote

I think perhaps the two utilities might work differently. If they both followed the same approach as the SysInternals program — comparing the results of Windows API calls with data retrieved in a “raw” form to uncover discrepancies — then the drive access speed should be the limiting factor and both should take about the same amount of time. Maybe Sophos has found a reliable shortcut?

Reply | Quote

Interesting part of their license you have to agree to in order to install:

“12.4 You shall permit Sophos or an independent certified accountant appointed by Sophos access on written notice to Your premises and Your books of account and records at any time during normal business hours for the purpose of inspecting, auditing, verifying or monitoring the manner and performance of Your obligations under this Licence Agreement including without limitation the payment of all applicable licence fees…”

Especially considering that the download is free.

Reply | Quote

I suspect that represents their Standard Terms and Conditions (as you know)…

Of course if they notify you that they will be “sending the boys round” you can quickly delete the program from your PC!

John

Reply | Quote

and with their PAID Version at only $595.50 – a bargin …

Right

Reply | Quote

For 25 users…

John

Reply | Quote

True – Could not find a reference for a single copy in US.

I admit I have only checked 5 of the website references though

Reply | Quote

Well, if they can find my “premises and books of account and records”, from the information at their disposal, then I salute them and will gladly fork over the licence fee.

Alan

Reply | Quote

Let’s just hope they don’t sue for triple damages!

Reply | Quote

Being Noble and British, we don’t have a legal concept of triple damages!

John

Reply | Quote

Triple times zero is ?!?!?!?
I might be able to afford this one

Reply | Quote

I installed Sophos yesterday and ran it. I accepted the agreement without reading it ( as usual ). I presume it applies to multiple business users. Am I correct or am I about to be raided?

Reply | Quote

I do not think you have to worry about being raided. As john pointed out in his post 595,617, this is probably their standard EULA.

Frankly, I was a little surprised anyone

I admit I to have a nasty habit of not –

Reply | Quote

I’ ve had a computer for over 6 years and I never, ever read the eulas. One of these days I’m going to accept one that says I have to give them my house if I ever remove the program.

Reply | Quote

“… I have to give them my house …”

Provide endless amounts of and to the developer for entering indentured servitude …

Reply | Quote

Oh Lordy !!!!!
Let me take that program off my computer, quickly. I have no cash, my knees can’t bend and servitude is not my cup of tea.

Reply | Quote

NO WORRY !

If someone shows up – you can always create a distraction with their car and

I have a fiend who states there are NO computer problems in the world that a little HE (High Explosives) can not cure – This is in no way an endorsement for violence – just innocent mayhem

Reply | Quote

Scott, I’ve been told – Computers Don’t Make Mistakes, What They Do, They Do On Purpose.

Reply | Quote

based on human input ?!?!?

Reply | Quote