RootkitRevealer is an advanced rootkit discovery utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may point to the presence of a user-mode or kernel-mode rootkit.
RootkitRevealer productively detects many persistent rootkits as well as AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys).
Since persistent rootkits work by altering API results so that a system view using APIs differs from the actual view in storage, RootkitRevealer compares the marks of a system scan at the maximum level with that at the lowest level. The uppermost level is the Windows API and the lowest level is the raw inside of a file system volume or Registry hive (a hive file is the Registry's on-disk storage format).
0 comments:
Post a Comment