RootkitRevealer for Windows

A sophisticated rootkit monitoring tool is called Rootkitrevealer. It runs on Windows Nt 4 and higher, and its result lists discrepancies between the register and document system Apis that could be caused by a user-mode or rootkit.

Most prolonged rootkits, such as Afx, Vanquish, and Hackerdefender, are effectively detected by Rootkitrevealer. However, it is not intended to identify file – or registry-key-protected version of Fu.

Rootkitrevealer compares the outcomes of a system test at the highest and lowest levels because severe rootkits operate by altering Api result, causing network views using Apis to differ from actual views in hardware. The basic contents of a file system mass, or Registry colony( the Registry’s’s on-disk hardware arrangement ), are at the highest degree and lowest level, respectively.


Therefore, Rootkitrevealer will notice a discrepancy between the information returned by the Windows Api and that seen in the raw scan of an Fat or Ntfs volume’s’s file system structures when using rootkits, whether in individual type or seed mode, to remove their presence from directory listings, for instance.



Windows version of Rootkitrevealler 1.71
  1. Windows Nt,
  2. Windows of Windows,
  3. 2000 Skylights
most recent change:
30th of July 2023, Friday
Microsoft’s’s internals