Evolved rootkit sensing tool Rootkitrevealer. It runs on Windows Nt 4 and higher, and its efficiency lists anomalies between the registry and folder product Apis that could be caused by a user-mode or rootkit’s’s position.
Few persistent rootkits, such as Afx, Vanquish, and Hackerdefender, are successfully detected by Rootkitrevealer. However, it is not intended to identify file – or registry-key-protected version of Fu.
Rootkitrevealer compares the outcomes of a product scan at the highest and lowest levels because persistent rootkits operate by altering Api outcome, causing product views using Apis to differ from actual hardware views. The raw contents of a file procedure intensity, or Registry beehive file( the Registry’s’s on-disk storage format ), are at the highest level and lowest level, respectively.
Advertisement
Therefore, Rootkitrevealer will notice a discrepancy between the information returned by the Windows Api and that seen in the raw test of an Fat or Ntfs volume’s’s file system structures when using rootkits, whether in user way or essence mode, to remove their presence from directory listings, for example.
Advertisement
Technical
- Title:
- Windows version of Rootkitrevealer 1.71
- Requirements:
-
- Nt Windows
- Windows Xp,
- 2000 Panels
- Language:
- English
- License:
- Free
- most recent revision:
- 30th of July 2023, a Friday
- Author:
- Microsoft Internals