Title: Rootkit Revealer 1.56
Filename: Rootkit Revealer 1.56.zip
File size: 182KB (186,587 bytes)
Requirements: Windows 2000 / XP / Vista / Windows7 / Windows8
Languages: Multiple languages
License: Freeware
Date added: November 8, 2005
Author: Microsoft SysInternals
www.microsoft.com/technet/sysinternals
RootkitRevealer is a progressed rootkit discovery utility. It keeps running on Windows NT 4 and higher and its yield records Registry and document framework API inconsistencies that may show the vicinity of a client mode or bit mode rootkit.
RootkitRevealer effectively identifies numerous constant rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not proposed to distinguish rootkits like Fu that don't endeavor to conceal their documents or registry keys).
Since determined rootkits work by changing API comes about so that a framework perspective utilizing APIs varies from the genuine view away, RootkitRevealer looks at the aftereffects of a framework filter at the largest amount with that at the most reduced level. The largest amount is the Windows API and the least level is the crude substance of a record framework volume or Registry hive (a hive document is the Registry's on-circle stockpiling configuration).
Therefore, rootkits, whether client mode or portion mode, that control the Windows API or local API to expel their vicinity from an index posting, for instance, will be seen by RootkitRevealer as a disparity between the data returned by the Windows API and that found in the crude output of a FAT or NTFS volume's record framework structures.

Download This Version

Post a Comment

 
Top