Rootkit Revealer

GovernmentSecurity.org > System Security > Windows Systems

tibbar

Feb 23 2005, 06:00 PM

See: http://www.sysinternals.com/ntw2k/freeware...kitreveal.shtml

QUOTE

Introduction
RootkitRevealer is an advanced root kit detection utility. It runs on Windows NT
4 and higher and its output lists Registry and file system API discrepancies that
may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect memory-based rootkits like Fu that don't survive reboots).

Get it from:

http://www.sysinternals.com/files/rootkitrevealer.zip

bullit

Feb 23 2005, 06:21 PM

thnx dude for this nice tool..
will try it on my network..

i hope i don't find anyting

bonarez

Feb 23 2005, 06:58 PM

looks great, too bad it crashed on my system.. both the commandline and the gui

kingvandal

Feb 23 2005, 07:58 PM

hmm.. nice showed directories I did not knew exsisted. for instance:

c:\$extend = Access Denied

Cannot set premission, Attributes, even logged in as SYSTEM will not show or allow access to this folder.

Any ideas?

tibbar

Feb 23 2005, 10:32 PM

this is one of ntfs's protected folders i believe, nothing to worry about.

it's any coming up as hidden to be concerned about.

kingvandal

Feb 24 2005, 12:42 AM

QUOTE(tibbar @ Feb 23 2005, 10:32 PM)

this is one of ntfs's protected folders i believe, nothing to worry about.

it's any coming up as hidden to be concerned about.

Intresting so you cannot access this folder?

tuby

Mar 17 2005, 08:14 AM

A nice paper about anti-rootkit tools :

http://blogs.msdn.com/robert_hensing

Enjoy

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.