RootkitRevealer
is an advanced rootkit detection utility. It runs on Windows NT 4 and
higher and its output lists Computer pc personal computer computer
system windows registry and computer file program API discrepancies that
may indicate the use of a user-mode or kernel-mode rootkit.
RootkitRevealer successfully
detects many chronic rootkits including AFX, Vanquish and HackerDefender
(note: RootkitRevealer is not intended to detect rootkits like Fu that
don't attempt to hide their files or pc personal computer computer
system windows registry keys).
Since
chronic rootkits work by changing API results so that a program view
using APIs differs from the actual view kept in storage space,
RootkitRevealer compares the results of a program check out at the
greatest stage with that at the minimum stage. The maximum stage is the
Windows API and the minimum stage is the raw contents of a computer file
program volume or Computer pc personal computer computer system windows
registry hive (a hive computer file is the Registry's on-disk storage
space format).
Thus, rootkits, whether
individual function or kernel function, that manipulate the Windows API
or native API to remove their existence from a directory listing, for
example, will be seen by RootkitRevealer as a discrepancy between the
information returned by the Windows API and that seen in the raw check
out of a FAT or NTFS volume's computer file program structures.
No comments:
Post a Comment