A sophisticated rootkit recognition tool is called Rootkitrevealer. It runs on Windows Nt 4 and higher, and its expenditure lists discrepancies between the register and file network Apis that could be caused by a user-mode or rootkit.
Few severe rootkits, such as Afx, Vanquish, and Hackerdefender, are safely detected by Rootkitrevealer. However, it is not intended to identify file – or registry-key-protected version-of-fu.
Rootkitrevealer compares the outcomes of a program inspect from highest to lowest degree because severe rootkits operate by altering Api results, causing system views using Apis to differ from actual views in storage. The raw contents of a file system volume, or Registry swarm( the Registry’s’s on-disk store configuration ), are at the highest grade and lowest level, respectively.
Advertisement
Therefore, Rootkitrevealer will notice a discrepancy between the information returned by the Windows Api and that seen in the raw test of an Fat or Ntfs volume’s’s file system structures when using rootkits, whether in users manner or core mode, to eliminate their presence from directory listings, for example.
Advertisement
Technical
- Title:
- Windows version of Rootkitrevealer 1.71
- Requirements:
-
- Nt Windows,
- Upgrades of Skylights
- Using Windows 2000
- Language:
- English
- License:
- Free
- most recent release:
- 30th of July 2023, a Friday
- Author:
- Microsoft’s’s internals
Somos una Consultora de RRHH especializada en Reclutamiento, Selección y Headhunting, así como, Jobhunting para personas, presente en Chile, Argentina y Perú.