An enhanced rootkit detection tool is called Rootkitrevealer. It runs on Windows Nt 4 and higher, and its performance lists anomalies between the registration and submit system Apis that could be caused by a user-mode or rootkit’s’s presence.
Many frequent rootkits, such as Afx, Vanquish, and Hackerdefender, are profitably detected by Rootkitrevealer. However, it is not intended to identify file – or registry-key-protected version of Fu.
Rootkitrevealer compares the outcomes of a network scan from highest to lowest grade because severe rootkits operate by altering Api results, causing procedure views using Apis to differ from actual views in storage. The primary material of a file procedure loudness, or Registry hive file( the Registry’s’s on-disk storage format ), are at the highest level and lowest level, respectively.
Advertisement
Therefore, Rootkitrevealer will notice a discrepancy between the information returned by the Windows Api and that seen in the raw scan of an Fat or Ntfs volume’s’s file system structures when using rootkits, whether in person manner or essence mode, to eliminate their presence from directory listings, for example.
Advertisement
Technical
- Title:
- Windows rootkitrevealer 1.71
- Requirements:
-
- Windows Nt,
- Upgrades of Windows,
- Windows 2000.
- Language:
- English
- License:
- Free
- most recent revision:
- 30th July 2023, a Friday
- Author:
- Microsoft’s’s internals
0 Comments