Rootkit Revealer

[Frank Bohan]

<quote> RootkitRevealer is an advanced patent-pending root kit detection
utility. It runs on Windows NT 4 and higher and its output lists Registry
and file system API discrepancies that may indicate the presence of a
user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all
persistent rootkits published at www.rootkit.com, including AFX, Vanquish
and HackerDefender (note: RootkitRevealer is not intended to detect rootkits
like Fu that don't attempt to hide their files or registry keys). If you use
it to identify the presence of a rootkit please let us know! </quote>

http://www.sysinternals.com/Utilities/RootkitRevealer.html

===

Frank Bohan

¶ Even if you win the rat race, you're still a rat.

 

[hummingbird]

<quote> RootkitRevealer is an advanced patent-pending root kit detection
utility. It runs on Windows NT 4 and higher and its output lists Registry
and file system API discrepancies that may indicate the presence of a
user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all
persistent rootkits published at www.rootkit.com, including AFX, Vanquish
and HackerDefender (note: RootkitRevealer is not intended to detect rootkits
like Fu that don't attempt to hide their files or registry keys). If you use
it to identify the presence of a rootkit please let us know! </quote>

http://www.sysinternals.com/Utilities/RootkitRevealer.html

The only problem with this v1.60 update is that when I run it, it
doesn't complete the scan process (gets somewhere near the end and
just sits there forever showing "cleaning up" message), so I have to
close it down manually with the top right X. Even the abort has no
effect. Previous version worked ok.

 

[Art]

The only problem with this v1.60 update is that when I run it, it
doesn't complete the scan process (gets somewhere near the end and
just sits there forever showing "cleaning up" message), so I have to
close it down manually with the top right X. Even the abort has no
effect. Previous version worked ok.

I see something similar on Win2K. It scans a particular registry entry
"forever". But Abort does eventually work.

Art

http://home.epix.net/~artnpeg

 

[John Corliss]

I see something similar on Win2K. It scans a particular registry entry
"forever". But Abort does eventually work.

FWIW, I ran it in Windows XP Home SP2 and although it took a long time,
it eventually completed the scan.

--
Regards from John Corliss
I don't reply to trolls and other such idiots. No adware, cdware,
commercial software, crippleware, demoware, nagware, PROmotionware,
shareware, spyware, time-limited software, trialware, viruses or warez
please.

 

[hummingbird]

FWIW, I ran it in Windows XP Home SP2 and although it took a long time,
it eventually completed the scan.

hhmmm ...my system is XP-Pro-SP2.
The previous version scanned and completed quite quickly, so I'm
assuming there must be a small problem with this latest release.

 

[John Corliss]

On Wed, 04 Jan 2006 03:17:02 -0800, John Corliss
<jcorliss@fake.invalid>
mysteriously appeared thru the usenet mist to inform us thus...




hhmmm ...my system is XP-Pro-SP2.
The previous version scanned and completed quite quickly, so I'm
assuming there must be a small problem with this latest release.

I would say either that or else it scans differently. I do know that
it's a cat and mouse game with the rootkit authors and Sysinternals.

--
Regards from John Corliss
I don't reply to trolls and other such idiots. No adware, cdware,
commercial software, crippleware, demoware, nagware, PROmotionware,
shareware, spyware, time-limited software, trialware, viruses or warez
please.