Re: Windows Me "User Connected"
From: winged (winged_at_nofollow.com)
Date: 24 Feb 2005 01:14:13 EST
David H. Lipman wrote:
> I was just made aware of a new utility by Sysinternals
> "RootkitRevealer is a an advanced root kit detection utility. It runs on Windows NT4 and
> higher and its output lists Registry and file system API discrepancies that may indicate the
> presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all
> rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender."
Thanks, I hadn't used this one before. It is in my toolbox now. I
tested it on a known compromised virtual and the rootkit stood right
out. It doesn't ID ADS (alternate Data stream)rootkits that I could see
but it is a very useful tool, once I figured out what I was looking at.