Search

Planet Earth

Saturday, 21-December-2024
....

....

Login form

ad


Rootkit Revealer - Forum

[ New messages · Forum rules · Search · RSS ]
  • Page 1 of 1
  • 1
Forum moderator: arya  
Rootkit Revealer
ManuDate: Friday, 19-March-2010, 5:33 PM | Message # 1
--dragon lord--
Group: undead
Messages: 13928
Status: Offline


RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.

RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys).

Since persistent rootkits work by changing API results so that a system view using APIs differs from the actual view in storage, RootkitRevealer compares the results of a system scan at the highest level with that at the lowest level. The highest level is the Windows API and the lowest level is the raw contents of a file system volume or Registry hive (a hive file is the Registry's on-disk storage format).


download11
http://technet.microsoft.com/en-us/sysinternals/bb897445
http://www.filehippo.com/download_rootkit_revealer/

untotenreich
 
  • Page 1 of 1
  • 1
Search: