A rootkit is a method by which a piece of malware hides itself from antimalware utilities such as antivirus and antispyware programs. There are various kinds of rootkits such as persistent, user-mode and kernel rootkits that hide themselves from process lists and even registry entries. RootkitRevealer from Sysinternals is a powerful detection tool that successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender. The way it works its that it shows discrepancies in registry hive entries and the files accessed by the Windows API. To scan a system, launch Rootkit Revealer on the system and press the Scan button. RootkitRevealer scans the system reporting its actions in a status area at the bottom of its window and noting discrepancies in the output list Once a rootkit is revealed it's best to format the system or follow removal procedures for specific rootkits that can be found on the Sysinternals forums. Since this is a post infection measure, it's is a firefighting technique. However, since this is an advanced level configuration, proceed only if you're sure of what you're doing.


Name: rootkit01.jpg Views: 119 Size: 44.5 KB