RootkitRevealer is a progressed rootkit identification utility. It keeps running on Windows NT 4 and higher and its yield records Registry and document framework API inconsistencies that may demonstrate the nearness of a client mode or portion mode rootkit.
RootkitRevealer effectively recognizes numerous industrious rootkits including AFX, Vanquish, and HackerDefender (note: RootkitRevealer isn’t proposed to identify rootkits like Fu that don’t endeavor to conceal their records or registry keys).
Since persevering rootkits work by changing API comes about so a framework see utilizing APIs varies from the real view away, RootkitRevealer analyzes the consequences of a framework check at the most abnormal amount with that at the least level. The most elevated amount is the Windows API and the least level is the crude substance of a record framework volume or Registry hive (a hive document is the Registry’s on-circle stockpiling design).
Therefore, rootkits, regardless of whether client mode or portion mode, that control the Windows API or local API to expel their quality from a registry posting, for instance, will be seen by RootkitRevealer as an error between the data returned by the Windows API and that found in the crude output of a FAT or NTFS volume’s record framework structures.
TECHNICAL SPECIFICATION & REQUIREMENT
- Title: Rootkit Revealer 1.71
- Filename: RootkitRevealer.zip
- File size: 226KB (231,390 bytes)
- Requirements: Windows 2000 / XP / Vista / Windows 7 / Windows 8 / Windows 10 / Windows 10 64-bit
- Languages: Multiple languages
- License: Freeware
- Date added: November 11, 2006
- Author: Microsoft SysInternals
- MD5 Checksum: 59739CCDA2F15D5AC16DB6695CAE3378
How to use rootkit revealer