Robert Hensing's Blog

Software Security . . . and stuff.

Blogs

New Rootkit Revealer available!

  • Comments 3
  • Likes

Sysinternals yesterday released a new version of Rootkit revealer after receiving feedback that people using rootkits were starting to add Rootkit Revealer to the 'root process' to continue to avoid detection. 

The new version uses a randomly named executable that runs as a service in order to avoid getting hooked by rootkits that can do simple file name matching - an approch that was discussed in one of my previous blog posts:

http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

Comments

  • Who cares the rootkit revealer? What you need is a rootkit remover. I got infected with the EliteToolbar and the following rootkit remover saved me : http://www.f-secure.com/blacklight/cure.shtml

    HTH

  • @Stephane

    you need it in case blacklight - which is indeed a well done software - fails...(-;

  • Hmm. Still susceptible to lots of different kinds of fingerprinting, though. Those seem like the "interesting" problems to solve. But I guess nobody is worried about rootkits/malware being that sophisticated yet.