[Dshield] RootkitRevealer

Fergie (Paul Ferguson) fergdawg at netzero.net
Thu Mar 10 19:05:09 GMT 2005


I like it -- it's much faster than RootkitRevealer, but
methinks that when it stops being a free beta, folks might
prefer RootkitRevealer primarily due to cost. :-)

- ferg

-- "Peter Stendahl-Juvonen" <peter.stendahl-juvonen at welho.com> wrote:

|| From Sysinternals:
| 
| "RootkitRevealer is an advanced root kit detection
| utility. It runs on Windows NT 4 and higher and its
| output lists Registry and file system API discrepancies
| that may indicate the presence of a user-mode or kernel-
| mode rootkit. RootkitRevealer successfully detects all
| persistent rootkits published at www.rootkit.com,
| including AFX, Vanquish and HackerDefender."
| 
| http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
| 
| - ferg


Fergie, Brian et al.


I also use Sysinternals' RootkitRevealer.

Found today info on a new, possibly more advanced product. ("It does not
confront the user with a long list of suspected objects. It only reports
on objects that are very likely to be rootkits or files hidden by a
rootkit.")

The new product supposedly not only detects but also removes rootkits.


For more info-

F-Secure BlackLightTM (Beta Release)
http://www.f-secure.com/blacklight/

The Cure - F-Secure BlackLight (Beta Release)
http://www.f-secure.com/blacklight/cure.shtml

For your comfort, please find excerpted info further below.


- Pete


               "Time will bring to light whatever is hidden; 
       it will cover up and conceal what is now shining in splendour."
           Quintus Horatius Flaccus (65 BC-8 BC); Roman poet.



PS.   FYI- Have no association with F-Secure, do not even use any of
F-Secure's products.


F-Secure BlackLightTM (Beta Release)

http://www.f-secure.com/blacklight/


The Cure - F-Secure BlackLight (Beta Release)

http://www.f-secure.com/blacklight/cure.shtml

[snip]

---
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg at netzero.net or
 fergdawg at sbcglobal.net



More information about the list mailing list