RootkitRevealer

  • Thread starter Paul R. Sadowski [MVP]
  • Start date
P

Paul R. Sadowski [MVP]

Hello, All!
http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

RootkitRevealer is an advanced root kit detection utility. It runs on
Windows NT
4 and higher and its output lists Registry and file system API discrepancies
that
may indicate the presence of a user-mode or kernel-mode rootkit.
RootkitRevealer successfully detects all persistent rootkits published at
www.rootkit.com, including AFX, Vanquish and HackerDefender (note:
RootkitRevealer is not intended to detect memory-based rootkits like Fu that
don't survive reboots).


With best regards, Paul R. Sadowski [MVP]. E-mail: (e-mail address removed)
 
G

Guest

Hey thats great! It seems that Windows based rootkits have been really
increasing in popularity among the less savvy script kiddies lately.

The only problem that I can see is that I am sure someone will write a
snippet of code that you can add to your rootkit that will allow it to fool
this tool from sysinternals and then sysinternals will have to update their
tool, repeat cycle.
 
P

Paul R. Sadowski [MVP]

Hello, megascout29:
On Fri, 25 Feb 2005 13:23:05 -0800: you wrote...

m> Hey thats great! It seems that Windows based rootkits have been really
m> increasing in popularity among the less savvy script kiddies lately.
m>
m> The only problem that I can see is that I am sure someone will write a
m> snippet of code that you can add to your rootkit that will allow it to
m> fool this tool from sysinternals and then sysinternals will have to
m> update their tool, repeat cycle.

Well, it's just a new tool and the first. We'll have to see what comes of
it.

Regards, Paul R. Sadowski [MVP].
 
M

Mark V

In microsoft.public.win2000.cmdprompt.admin Paul R. Sadowski [MVP]
wrote:
Hello, megascout29:
On Fri, 25 Feb 2005 13:23:05 -0800: you wrote...

m> Hey thats great! It seems that Windows based rootkits have
been really m> increasing in popularity among the less savvy
script kiddies lately. m>
m> The only problem that I can see is that I am sure someone
will write a m> snippet of code that you can add to your
rootkit that will allow it to m> fool this tool from
sysinternals and then sysinternals will have to m> update their
tool, repeat cycle.

Well, it's just a new tool and the first. We'll have to see what
comes of it.
Click to expand...

Right. A first effort using particular techniques that is clearly
indicated as both "no guaranty" and potentially fool-able. I'm happy
to have it as a useful tool while knowing that no such tool is
invincible or perfect.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Rootkit Revealer 5
[Update] Sysinternals - RootkitRevealer 1.4 4
Sysinternals [New Tool] RootkitRevealer 2
Antihook 2.5 Free IDS alternative to System safety Monitor and Processguard 2
PatchGuard ain't gonna stop Zero-Day attack. 6
Freeware from Snapfiles -- 2nd Try! - "freeware.html" (0/1) 36.4 kBytes yEnc 4
FWT Newsletter - Weekly - October 4, 2004 2

Top