Internet Security

Home Virus Firewall Spyware Rootkit Miscellaneous Contact

The following are a list of rootkit detection programs. While there are not currently many of these detection programs available, and none of them are particularly good, it is still necessary to have one. The best and most reliable method for rootkit detection is to shut down the computer suspected of infection and check its storage by booting from an alternative media. A non-running rootkit cannot hide its presence, and most established antivirus programs will identify rootkits armed via standard OS calls

Rootkit Revealer
	Rootkit Revealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher, and its output lists registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. Rootkit Revealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and HackerDefender. Rootkit Revealer tends to display an exorbitant amount of false positives. For example, it's not unusual for a new computer to receive many pages of reports from Rootkit Revealer.
RootKit Hook Analyzer
	RootKit Hook Analyzer is a security tool that will check whether there are any rootkits installed on your computer which hook the kernel system services. Kernel RootKit Hooks are installed modules which intercept the principal system services that all programs and the operating system rely on. If any of these system services are intercepted and modified, there is a possibility that the safety of your system is at risk and that spyware, viruses or malware are active.

Home | Virus | Firewall | Spyware | Rootkit | Miscellaneous | Contact

Copyright © Jacob Spaulding, Last revision date:5/09/06