Description
RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys).
Since persistent rootkits work by changing API results so that a system view using APIs differs from the actual view in storage, RootkitRevealer compares the results of a system scan at the highest level with that at the lowest level. The highest level is the Windows API and the lowest level is the raw contents of a file system volume or Registry hive (a hive file is the Registry's on-disk storage format).
Thus, rootkits, whether user mode or kernel mode, that manipulate the Windows API or native API to remove their presence from a directory listing, for example, will be seen by RootkitRevealer as a discrepancy between the information returned by the Windows API and that seen in the raw scan of a FAT or NTFS volume's file system structures.
Technical
Title: Rootkit Revealer 1.71
Filename: RootkitRevealer.zip
File size: 226KB (231,390 bytes)
Requirements: Windows 2000 / XP / Vista / Windows7 / Windows8
Languages: Multiple languages
License: Freeware
Date added: November 11, 2006
Author: Microsoft SysInternals
www.microsoft.com/technet/sysinternals
www.microsoft.com/technet/sysinternals
Homepage: www.microsoft.com/technet/sysinternals/Security/Rootkit
MD5 Checksum: 59739CCDA2F15D5AC16DB6695CAE3378
0 comments:
Post a Comment