We’re worried that one or more of our PCs are infected with malware, perhaps rootkits. We have scanned and cleaned with the latest antivirus definitions, and the machines are still running slow and behaving strangely. What kinds of rootkit scanners are available?

There are a variety of rootkit scanners available. GMER is free and scans aggressively. The output can be difficult to read, but the program does highlight problems it finds in red in the output listing to indicate which entries should be deleted. And it provides a right-click context menu allowing you to choose between stopping the process, removing the service and removing the files. GMER can find and remove both user-mode and kernel-mode rootkits. Another tool to look at is RootkitRevealer from Microsoft, which is part of the Sysinternals tools collection. RootkitRevealer now runs as a Windows service so you no longer have to be at the console using a command prompt to use it. F-Secure provides a rootkit search tool called BlackLight that is included in the company's security suite and is available as a standalone download. Another interesting program is RootKit Hook Analyzer. This program identifies all the kernel hooks present on the system. Kernel hooks intercept system services to perform additional processing on the way to the system service. Not all kernel hooks are malicious, but most kernel-mode rootkits use them. This is a lower-level look at what is going on in your machine than some of the more user-friendly programs. Most of the antispyware programs you can find also do some checking for rootkit-type infections so you may want to use multiple scanning programs to search for whatever is slowing your PCs down and making them behave strangely.