New Rootkit Revealer available!

Sysinternals yesterday released a new version of Rootkit revealer after receiving feedback that people using rootkits were starting to add Rootkit Revealer to the 'root process' to continue to avoid detection. 

The new version uses a randomly named executable that runs as a service in order to avoid getting hooked by rootkits that can do simple file name matching - an approch that was discussed in one of my previous blog posts:

http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

Published 23 March 05 09:52 by Robert_Hensing

Comments

# Stephane Rodriguez said on March 23, 2005 12:32 PM:

Who cares the rootkit revealer? What you need is a rootkit remover. I got infected with the EliteToolbar and the following rootkit remover saved me : http://www.f-secure.com/blacklight/cure.shtml

HTH
# VulcanNightbird said on March 23, 2005 1:04 PM:
@Stephane

you need it in case blacklight - which is indeed a well done software - fails...(-;
# Drew said on March 23, 2005 6:33 PM:
Hmm. Still susceptible to lots of different kinds of fingerprinting, though. Those seem like the "interesting" problems to solve. But I guess nobody is worried about rootkits/malware being that sophisticated yet.
Anonymous comments are disabled
Page view tracker