Since continuous rootkits work by altering API results in order that a system perspective using APIs differs from the legitimate view in storage, RootkitRevealer contrasts the outcomes of a system scan at the highest level with that in the bottom level. The maximum degree is that the Windows API and the bottom level is that the raw contents of a file system volume or Registry hive a searchable document is that the Registry’s on-disk storage arrangement.
RootkitRevealer successfully detects many persistent rootkits such as AFX, Vanquish and HackerDefender (note: RootkitRevealer isn’t meant to detect rootkits like Fu that do not try to hide their files or registry keys). RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the existence of a user-mode or kernel-mode rootkit. Thus, rootkits, if user mode or kernel mode, that exploit the Windows API or native API to get rid of their existence from a directory list, for example, will be observed by RootkitRevealer as a discrepancy between the data returned from the Windows API which located from the raw scan of a FAT or NTFS volume’s file system arrangements.
- Additionally get HiJackThis 2.0.5 Beta Download Free
SYSTEM REQUIREMENTS FOR Rootkit Revealer
- Filename: RootkitRevealer.zip
- Requirements: Windows 2000 / XP / Vista / Windows 7 / Windows 8 / Windows 10 / Windows 10 64-bit
- Languages: Multiple languages
- License: Freeware
- Date added: November 11, 2006
- Writer: Microsoft SysInternals