A sophisticated rootkit recognition tool is called Rootkitrevealer. It runs on Windows Nt 4 and higher, and its efficiency lists discrepancies between the registry and file network Apis that could be caused by a user-mode or rootkit’s’s presence.
Plenty prolonged rootkits, such as Afx, Vanquish, and Hackerdefender, are successfully detected by Rootkitrevealer. However, it is not intended to identify file – or registry-key-protected version of Fu.
Rootkitrevealer compares the outcomes of a program test from highest to lowest degree because lasting rootkits operate by altering Api results, causing procedure views using Apis to differ from actual views in storage. The raw contents of a file system volume, or Registry colony( the Registry’s’s on-disk store format ), are at the highest point and lowest level, respectively.
Advertisement
Therefore, Rootkitrevealer will notice a discrepancy between the information returned by the Windows Api and that seen in the raw check of an Fat or Ntfs volume’s’s file system structures when using rootkits, whether in individual way or kernel mode, to destroy their presence from directory listings, for example.
Advertisement
Technical
- Title:
- Windows version of Rootkitrevealer 1.71
- Requirements:
-
- Windows Nt,
- Windows Xp,
- Windows 2000.
- Language:
- English
- License:
- Free
- most recent up-date:
- 30th of July 2023, a Friday
- Author:
- Microsoft’s’s internals
