Rootkit Revealer

  • Thread starter Thread starter Frank Bohan
  • Start date Start date
F

Frank Bohan

<quote> RootkitRevealer is an advanced patent-pending root kit detection
utility. It runs on Windows NT 4 and higher and its output lists Registry
and file system API discrepancies that may indicate the presence of a
user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all
persistent rootkits published at www.rootkit.com, including AFX, Vanquish
and HackerDefender (note: RootkitRevealer is not intended to detect rootkits
like Fu that don't attempt to hide their files or registry keys). If you use
it to identify the presence of a rootkit please let us know! </quote>

http://www.sysinternals.com/Utilities/RootkitRevealer.html

===

Frank Bohan

¶ Even if you win the rat race, you're still a rat.
 
<quote> RootkitRevealer is an advanced patent-pending root kit detection
utility. It runs on Windows NT 4 and higher and its output lists Registry
and file system API discrepancies that may indicate the presence of a
user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all
persistent rootkits published at www.rootkit.com, including AFX, Vanquish
and HackerDefender (note: RootkitRevealer is not intended to detect rootkits
like Fu that don't attempt to hide their files or registry keys). If you use
it to identify the presence of a rootkit please let us know! </quote>

http://www.sysinternals.com/Utilities/RootkitRevealer.html

The only problem with this v1.60 update is that when I run it, it
doesn't complete the scan process (gets somewhere near the end and
just sits there forever showing "cleaning up" message), so I have to
close it down manually with the top right X. Even the abort has no
effect. Previous version worked ok.
 
The only problem with this v1.60 update is that when I run it, it
doesn't complete the scan process (gets somewhere near the end and
just sits there forever showing "cleaning up" message), so I have to
close it down manually with the top right X. Even the abort has no
effect. Previous version worked ok.

I see something similar on Win2K. It scans a particular registry entry
"forever". But Abort does eventually work.

Art

http://home.epix.net/~artnpeg
 
Art said:
I see something similar on Win2K. It scans a particular registry entry
"forever". But Abort does eventually work.

FWIW, I ran it in Windows XP Home SP2 and although it took a long time,
it eventually completed the scan.

--
Regards from John Corliss
I don't reply to trolls and other such idiots. No adware, cdware,
commercial software, crippleware, demoware, nagware, PROmotionware,
shareware, spyware, time-limited software, trialware, viruses or warez
please.
 
FWIW, I ran it in Windows XP Home SP2 and although it took a long time,
it eventually completed the scan.

hhmmm ...my system is XP-Pro-SP2.
The previous version scanned and completed quite quickly, so I'm
assuming there must be a small problem with this latest release.
 
hummingbird said:
On Wed, 04 Jan 2006 03:17:02 -0800, John Corliss
<[email protected]>
mysteriously appeared thru the usenet mist to inform us thus...




hhmmm ...my system is XP-Pro-SP2.
The previous version scanned and completed quite quickly, so I'm
assuming there must be a small problem with this latest release.

I would say either that or else it scans differently. I do know that
it's a cat and mouse game with the rootkit authors and Sysinternals.

--
Regards from John Corliss
I don't reply to trolls and other such idiots. No adware, cdware,
commercial software, crippleware, demoware, nagware, PROmotionware,
shareware, spyware, time-limited software, trialware, viruses or warez
please.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top