Enhanced rootkit monitoring tool Rootkitrevealer. It runs on Windows Nt 4 and higher, and its expenditure lists anomalies between the registration and document system Apis that could be caused by a user-mode or rootkit in the seed way.
Numerous severe rootkits, such as Afx, Vanquish, and Hackerdefender, are successfully detected by Rootkitrevealer. However, it is not intended to identify file – or registry-key-protected version-of-fu.
Rootkitrevealer compares the outcomes of a procedure test from highest to lowest threshold because lasting rootkits operate by altering Api results, causing procedure views using Apis to differ from actual views in storage. The basic contents of a file system quantity, or Registry swarm( the Registry’s’s on-disk depot format ), are at the highest degree and lowest level, respectively.
Advertisement
Therefore, Rootkitrevealer may notice a discrepancy between the information returned by the Windows Api and that seen in the raw check of an Fat or Ntfs volume’s’s file system structures when using rootkits, whether in individual type or core mode, to destroy their presence from directory listings, for instance.
Advertisement
Technical
- Title:
- Windows version of Rootkitrevealler 1.71
- Requirements:
-
- Nt Windows,
- Upgrades of Windows,
- Skylights 2000.
- Language:
- English
- License:
- Free
- most recent up-date:
- 30th of July 2023, a Friday
- Author:
- Sysinternals for Microsoft
