UnHackMe detects hidden services registry keys, processes, services, drivers.
It uses UnHackMedrv.sys kernel driver.
Partizan watches the Windows boot process.
Reanimator detects and removes Trojans/Spyware/Adware using signature database (Greatis Application Database).

Take a look at the: Rootkit Removal using UnHackMe - Master Class

Detecting hidden rootkits using Partizan

Looking to the progress of rootkit development since last year we have the opinion that the rootkit detection on the working computer is not real. We cannot give you the 100% guarantee free of rootkits on the working computer connected to network.

Partizan is a boot watch anti-rootkit.

Rootkits authors like to play games.

"We hide rootkit files/drivers/registry keys and after that try to find us," they say.

We don't play the games.
Our strategy is different:
You hide yourself while we're watching how you do it.

Each rootkit needs a way to automatically start after computer reboot.

We can detect it and remove a rootkit from auto start.
What are the user benefits?

Detecting kernel rootkits without a lot of BSOD.
Partizan checks the computer automatically during every Windows boot.
Partizan uses small number of computer resources.
Partizan takes only a couple seconds for checking. Compare it with full disk scan.
Partizan is a powerful tool.
It can detect and remove any kernel/usermode rootkit, Trojan/Spyware/Adware components.
You can use other anti-rootkit software in addition to Partizan as well.

How does the Partizan work?

Partizan activates several agents for monitoring the Windows boot process.

Anti-Bootkit. Used against Bootkit rootkits located in the boot sectors (in development).

Partizan boot driver. Used against Rustock clone rootkits. It can trace registry services and delete a service. Partizan driver starts at the early stage of the Windows boot process. Partizan driver has additional "safe" mode allows to skip processing of the Winlogon and similar registry keys by Windows operation system to avoid infection and for easy removing infection.

Partizan Native application. It is started from the BootExecute registry key. Partizan deletes files/streams and service keys.

Secure Start. It starts before Windows shell starts using RunOnceEx key.
Secure Start executes UnHackMe application for rootkits testing using information from the Partizan boot driver. Secure Start can remove Trojans/usermode rootkits/spyware/adware using RegRun Reanimator with Application Database.

In addition

WMI tracing opening file images during Windows boot. WMI logging is the great feature added to all versions since Windows XP. It allows to start Windows in the logged mode. We can detect all files used during Windows boot by analyzing the log. Feature is available in the UnHackme Pro.
Registry boot logger. RegRunRM boot driver collects full information about registry keys used during Windows boot. Feature is available in the UnHackme Pro.

Is Partizan a panacea?

Hackers use a lot of rootkit modifications combining with spyware components.
RegRun Platinum guarantees that you can clean your computer from a deep hidden rootkits and from common spyware.

Does it clean rootkits in the auto mode?

No. It uses Greatis Application Database for detecting known rootkits/viruses/spyware. We suggest that you should update the database.

But some of the software may be considered as unknown ("suspicious").
What should be done in this case?
If you have enough computer skills to use professional tools included to the RegRun Platinum - OK, you can do it.
If not, you can send detailed system report to the Greatis Support center: http://greatis.com/support and we will send the special file for auto cleaning your computer. The service is free for RegRun's users.

What's about self-protection?

You can specify the own file name for Partizan executable.

How to start rootkit detection using Partizan?

Open RegRun Control Center.
Open Options.
Set up the Partizan checkbox.

How to uninstall Partizan?

Uninstall UnHackMe.

Manually

Delete UnHackMe from %SysDir%\Partizan.exe;
Open regedit.exe.
Go to the:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
Set up the value name BootExecute to:
autocheck autochk *

They say

My PC had gotten a bad rootkit

that my ISP antivirus software (powered by McAfee) could not detect, nor could fix. I sought a solution on the Internet and discovered your product and tried out the trial.

You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.

Jeff

Rootkit removal utility that worked!

Bob Rankin