RootRepeal currently in beta

Status
Not open for further replies.

jamescv7

Level 85
Thread author
Verified
Honorary Member
Mar 15, 2011
13,070
RootRepeal is a new rootkit detector currently in public beta. It is designed with the following goals in mind:

Easy to use - a user with little to no computer experience should be able to use it.
Powerful - it should be able to detect all publicly available rootkits.
Stable - it should work on as many different system configurations as possible, and, in the event of an incompatibility, not crash the host computer.
Safe - it will not use any rootkit-like techniques (hooking, etc.) to protect itself.

Currently, RootRepeal includes the following features:

Driver Scan - scans the system for kernel-mode drivers. Displays all drivers currently loaded, and shows if a driver has been hidden, and whether the driver's file is visible on-disk.
Files Scan - scans any fixed drive on the system for hidden, locked or falsified* files.
Processes Scan - scans the system for processes. Displays all processes currently running, and shows if a processes is hidden or locked.
SSDT Scan - shows whether any of the functions in the System Service Descriptor Table (SSDT) are hooked.
Stealth Objects Scan - attempts to determine if any rootkits are active by looking for typical symptoms.
Hidden Services Scan - scans for hidden system services.
Shadow SSDT Scan - counterpart to the SSDT Scan, but deals mostly with graphics and window-related functions.

* - falsified files are files which have their size mis-reported to the Windows API. Some rootkits use this to hide data.

Link
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top