An enhanced rootkit identification tool is called Rootkitrevealer. It runs on Windows Nt 4 and higher, and its result lists disparities between the registration and folder program Apis that could be caused by a user-mode or rootkit.
Many severe rootkits, such as Afx, Vanquish, and Hackerdefender, are safely detected by Rootkitrevealer. However, it is not intended to identify file – or registry-key-protected version of Fu.
Rootkitrevealer compares the outcomes of a network test at the highest and lowest levels because persistent rootkits operate by altering Api result, causing product views using Interfaces to differ from actual views in store. The basic contents of a file system volume, or Registry beehive( the Registry’s’s on-disk store configuration ), are at the highest grade and lowest level, respectively.
Therefore, Rootkitrevealer may notice a discrepancy between the information returned by the Windows Api and that seen in the raw scan of an Fat or Ntfs volume’s’s file system structures when using rootkits, whether in individual setting or essence mode, to take away their presence from directory listings.
- Windows version of Rootkitrevealler 1.71
- Windows Nt,
- Windows Xp,
- Using Panels 2000
- most recent revision:
- 30th of July 2023, Friday
- Microsoft’s’s internals