Evolved rootkit sensing tool Rootkitrevealer. It runs on Windows Nt 4 and higher, and its efficiency lists disparities between the register and submit procedure Apis that could be caused by a user-mode or rootkit’s’s involvement.
Many prolonged rootkits, such as Afx, Vanquish, and Hackerdefender, are safely detected by Rootkitrevealer. However, it is not intended to identify file – or registry-key-protected roots like Fu.
Rootkitrevealer compares the outcomes of a product scan from highest to lowest point because prolonged rootkits operate by altering Api results, causing procedure views using Apis to differ from actual views in storage. The Registry’s’s on-disk storage arrangement, or swarm document, is the lowest point, followed by the Windows Api and the basic contents of a file system volume.
Therefore, Rootkitrevealer will notice a discrepancy between the information returned by the Windows Api and that seen in the raw scan of an Fat or Ntfs volume’s’s file system structures when using rootkits, whether in user mode or core mode, to destroy their presence from directory listings, for example.
- Windows version of Rootkitrevealler 1.71
- Nt Windows
- Upgrades of Windows,
- Using Windows 2000
- most recent revision:
- 30th July 2023, a Friday
- Microsoft’s’s internals