An complex rootkit sensing tool is called Rootkitrevealer. It runs on Windows Nt 4 and higher, and its result lists anomalies between the registration and folder program Apis that could be caused by a user-mode or rootkit.
Few persistent rootkits, such as Afx, Vanquish, and Hackerdefender, are effectively detected by Rootkitrevealer. However, it is not intended to identify file – or registry-key-protected version-of-fu.
Rootkitrevealer compares the outcomes of a system check at the highest and lowest levels because severe rootkits operate by altering Api outcome, causing network views using Interfaces to differ from actual views in hardware. The basic contents of a file system quantity, or Registry hive( the Registry’s’s on-disk storage structure ), are at the highest degree and lowest level, respectively.
Therefore, Rootkitrevealer will notice a discrepancy between the information returned by the Windows Api and that seen in the raw scan of an Fat or Ntfs volume’s’s file system structures when using rootkits, whether in individual setting or essence mode, to eliminate their presence from directory listings, for example.
- Windows version of Rootkitrevealer 1.71
- Nt Windows,
- Xp of Windows,
- 2000 Skylights
- most recent release:
- 30th of July 2023, Friday
- Microsoft’s’s internals