Rootkit Revealer


F

Frank Bohan

<quote> RootkitRevealer is an advanced patent-pending root kit detection
utility. It runs on Windows NT 4 and higher and its output lists Registry
and file system API discrepancies that may indicate the presence of a
user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all
persistent rootkits published at www.rootkit.com, including AFX, Vanquish
and HackerDefender (note: RootkitRevealer is not intended to detect rootkits
like Fu that don't attempt to hide their files or registry keys). If you use
it to identify the presence of a rootkit please let us know! </quote>

http://www.sysinternals.com/Utilities/RootkitRevealer.html

===

Frank Bohan

¶ Even if you win the rat race, you're still a rat.
 
Ad

Advertisements

H

hummingbird

<quote> RootkitRevealer is an advanced patent-pending root kit detection
utility. It runs on Windows NT 4 and higher and its output lists Registry
and file system API discrepancies that may indicate the presence of a
user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all
persistent rootkits published at www.rootkit.com, including AFX, Vanquish
and HackerDefender (note: RootkitRevealer is not intended to detect rootkits
like Fu that don't attempt to hide their files or registry keys). If you use
it to identify the presence of a rootkit please let us know! </quote>

http://www.sysinternals.com/Utilities/RootkitRevealer.html
The only problem with this v1.60 update is that when I run it, it
doesn't complete the scan process (gets somewhere near the end and
just sits there forever showing "cleaning up" message), so I have to
close it down manually with the top right X. Even the abort has no
effect. Previous version worked ok.
 
A

Art

The only problem with this v1.60 update is that when I run it, it
doesn't complete the scan process (gets somewhere near the end and
just sits there forever showing "cleaning up" message), so I have to
close it down manually with the top right X. Even the abort has no
effect. Previous version worked ok.
I see something similar on Win2K. It scans a particular registry entry
"forever". But Abort does eventually work.

Art

http://home.epix.net/~artnpeg
 
J

John Corliss

Art said:
I see something similar on Win2K. It scans a particular registry entry
"forever". But Abort does eventually work.
FWIW, I ran it in Windows XP Home SP2 and although it took a long time,
it eventually completed the scan.

--
Regards from John Corliss
I don't reply to trolls and other such idiots. No adware, cdware,
commercial software, crippleware, demoware, nagware, PROmotionware,
shareware, spyware, time-limited software, trialware, viruses or warez
please.
 
H

hummingbird

FWIW, I ran it in Windows XP Home SP2 and although it took a long time,
it eventually completed the scan.
hhmmm ...my system is XP-Pro-SP2.
The previous version scanned and completed quite quickly, so I'm
assuming there must be a small problem with this latest release.
 
Ad

Advertisements

J

John Corliss

hummingbird said:
On Wed, 04 Jan 2006 03:17:02 -0800, John Corliss
<jcorliss@fake.invalid>
mysteriously appeared thru the usenet mist to inform us thus...




hhmmm ...my system is XP-Pro-SP2.
The previous version scanned and completed quite quickly, so I'm
assuming there must be a small problem with this latest release.
I would say either that or else it scans differently. I do know that
it's a cat and mouse game with the rootkit authors and Sysinternals.

--
Regards from John Corliss
I don't reply to trolls and other such idiots. No adware, cdware,
commercial software, crippleware, demoware, nagware, PROmotionware,
shareware, spyware, time-limited software, trialware, viruses or warez
please.
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top