| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 54834 | 2005-02-23 16:00:00 | RootkitRevealer for Windows available for free | Jen (38) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 327631 | 2005-02-23 16:00:00 | As reported on Slashdot (it.slashdot.org): Following on the report a few days ago where Microsoft warned about kernel rootkits (www.computerworld.com), a company called SysInternals has just released a free rootkit detector called RootkitRevealer which will run on Windows NT4 upwards. RootkitRevealer (www.sysinternals.com) - full details and link for download. Take careful note of the program details, as you will still need to determine whether the findings indicate the presence of a rootkit. "RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list. You should examine discrepancies and determine the likelihood that they indicate the presence of a rootkit. Hidden from Windows API discrepancies are the ones exhibited by most rootkits, however you should expect to see a number of such entries on any NTFS volume since NTFS hides its metada files, such as $MFT and $Secure, from the Windows API. In addition, there are a number of Registry keys that are inaccessible from the Windows API and will report as access-denied discrepancies. Files or Registry data created after a scan starts will also show up as discrepancies, so run RootkitRevealer on an idle system." I see SysInternals also has some nifty other utilites available for Windows, and provide the full source code for some. :) |
Jen (38) | ||
| 327632 | 2005-02-23 19:50:00 | Many Thanks :) | Sue (33) | ||
| 327633 | 2005-02-23 20:27:00 | Cool Jen | Murray P (44) | ||
| 327634 | 2005-02-23 23:37:00 | As reported on Slashdot (it.slashdot.org): Following on the report a few days ago where Microsoft warned about kernel rootkits (www.computerworld.com), a company called SysInternals has just released a free rootkit detector called RootkitRevealer which will run on Windows NT4 upwards. Excellent find. I note that it only reveals the probable presence of a kernel rootkit. I am pretty sure the only way to remove kernel rootkits is a reformat & reinstall, both on Windows and *nix. |
vinref (6194) | ||
| 1 | |||||