Rootkit Revealer – Highly Advanced Rootkit Detection Utility
The Rootkit Revealer is one of the proprietary freeware tools which is commonly used for detecting the rootkit on the MS Windows. This was designed by Mark Russinovich and Bryce Cogswells. Basically, this tool runs on Windows Server 2003 and Windows XP (both of which is in 32-bit versions). The basic output list of the Rootkit Revealer is the file system related to API discrepancies and Windows Registry which indicates the major presences of rootkits. Basically, this is the same tool which had triggered the copy protection of Sony BMG rootkit scandal. The tool helps in finding out various persistent rootkits which consist of Vanquish, AFX, HackerDefender, etc. Also, the tool is designed in such a manner that it never detects the rootkits like Fu which never hides the files and registry keys.
Currently, the Rootkit Revealer is no longer improvised or developed with any kind of additional features. Basically, the Rootkit Revealer is an advanced rootkit awareness utility which simply runs on the Windows NT 4. It has got higher OS stability and the output lists as well as the Registry and file systems are similar to the discrepancies of the API. Now this may indicate the basic availability of kernel model run rootkit or user-model.
The Rootkit Revealer can easily and successful find out the various persistent rootkits which consist of Vanquish, AFX, HackerDefender, etc. One thing to note down is that the Rootkit Revealer is not designed or employed to find out the rootkits such as Fu which simply tries to hide all the given files or registry related keys. Basically, as the persistent related to rootkits are just working and changing the results related to API, so chances are there for the system view which is using the API is bound to differ as per the actual view present in the storage. From highest level to the lowest level, the results of the system are compared in detail by the Rootkit Revealer.
Here the lowest level consists of raw and major contents of Registry hives or file system volumes and the highest level is the Windows API. Here the hive file is nothing but the registry related to the on-disk format and formula. The Rootkit Revealer is available in various languages and is compatible in various OS like Windows XP, 2000, Windows 8 and 7.