Enhanced rootkit identification tool Rootkitrevealer. It runs on Windows Nt 4 and higher, and its performance lists disparities between the registration and file system Apis that could be caused by a user-mode or rootkit in the core setting.
Numerous persistent rootkits, such as Afx, Vanquish, and Hackerdefender, are successfully detected by Rootkitrevealer. However, it is not intended to identify file – or registry-key-protected roots like Fu.
Rootkitrevealer compares the outcomes of a product inspect at the highest and lowest levels because frequent rootkits operate by altering Api results, causing program views using Apis to differ from actual hardware views. The primary contents of a document program intensity, or Registry colony file( the Registry’s’s on-disk storage format ), are at the highest level and lowest level, respectively.
Therefore, Rootkitrevealer may notice a discrepancy between the information returned by the Windows Api and that seen in the raw test of an Fat or Ntfs volume’s’s file system structures when using rootkits, whether in users type or essence mode, to take away their presence from directory listings, for example.
- Windows version of Rootkitrevealer 1.71
- Windows Nt,
- Windows Xp,
- 2000 Windows
- most recent change:
- 30th of July 2023, a Friday
- Microsoft Internals