Rootkit Revealer - shedding light on hidden programs

review from ClifNotes, Feb 2007, permalink _ Security Tools

I received an email from JimiPocius the other day. He reminded me that I've never reviewed a program called Rootkit Revealer. Many of you may be aware of the dangers of rookit software which can hide on your PC. If you aren't familiar with it, the website below has a nice little article explaining some of the details.

I've used Rootkit Revealer many times in the past year. It was developed by Sysinternals, a security firm which was purchased by Microsoft in July of last year. From what I've seen, you can still count on the free software from Sysinternals to be the best around.

The idea with Rootkit Revealer is to use it to scan your system for hidden files or hidden registry entries. Some systems will have both even though they are not infected with a rootkit. The trick is to figure out if any items it detects are malicious. If you get results you aren't certain about, you can alway contact the helpful folks at your favorite security forum. My favorite security forum is at temerc.com. Just register there and post a question when you have a security problem.

click to expand picture
Quote from the website
RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!

http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx


Page Information

  • Changed 1 year ago [show history]
  • View page source
  • You're not logged in
  • Tags: Security Tools

Wiki Information

Recent PBwiki Blog Posts