File Name: RootkitRevealer.zip
File Size: 226KB
Author: Microsoft SysInternals
Updated: January, 17th 2018
Requirements: Windows 10 / Windows 8.1 / Windows 8 / Windows 7 / Windows Vista / Windows XP / Windows 7 64 / Windows 8 64 / Windows 10 64
RootkitRevealer is an advanced rootkit detection utility. It runs on Windows XP (32-bit) and Windows Server 2003 (32-bit), and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish, and Hacker Defender (note: RootkitRevealer is not intended to detect rootkits like Fu that don’t attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!
The reason that there is no longer a command-line version is that malware authors have started targetting RootkitRevealer’s scan by using its executable name. We’ve therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service. This type of execution is not conducive to a command-line interface.
Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version’s behavior.
Available languages: English, French, Spanish, German, Portuguese, Italian, Dutch, Chinese, Japanese.