RootRepeal – Repair Tool of the Week

RootRepeal is a small, portable and freeware application that is designed to uncover rootkits. This tool has been picking up popularity with security groups like Systernals. This is a tool for advanced users only who know what the normal Windows drivers, processes and services are. If you don’t know what you are doing you can easily render a computer unbootable.

RootRepeal has the following features:

The ability to scan and display all currently loaded drivers and tell you whether they are hidden and whether the drivers file is visible on disk.
Scans for hidden, locked or falsified files on the system
Scans and displays the currently running processes (similar to Process Explorer) but shows if the process is hidden or locked.
Scans the SSDT (system service descriptor table) to see if any services are hooked.
Scans for Stealth objects which looks for rootkit symptoms in general.
Scans for Hidden services and displays them.

Once you have found something malicious, you can right click on the driver/file/service and either copy, wipe or force delete it.

Screenshots:

Downloads:
Download from Geeks to Go – 93kb

More Information

10,800+

free

Signup Now!

Article By Bryce Whitty
Bryce Whitty is a Professional Computer Technician who started his business when he was 17 year old. Bryce writes Technibble articles about Business How-to's and stories from "the trenches".

Other Articles by Bryce Whitty

JohnG says:

July 22nd, 2009 at 8:18 am

Great post Bryce.

Dave says:

July 22nd, 2009 at 9:06 am

Nice tool as always…Thanks

Rick Ferch says:

July 22nd, 2009 at 12:35 pm

Does not support 64 bit OS’es.

Rodel says:

July 22nd, 2009 at 9:53 pm

really nice…it cure our pc…thanks bryce..thanks a lot…

Xander says:

July 22nd, 2009 at 11:38 pm

Crashed on Win7

Galdorf says:

July 24th, 2009 at 8:21 am

If you click on stealth or hidden items tab anything there that is found won’t mess up your OS only rootkits show up there, drivers tab you should never remove anything there.

Bryce W says:

July 24th, 2009 at 9:19 am

Thats not entirely true Galdorf, most rootkits I have seen install themselves AS A DRIVER such as “tdss.sys”.

fred says:

July 24th, 2009 at 7:57 pm

crashes on Vista Home Premium.. no good…

JRoss says:

July 26th, 2009 at 10:20 am

My copy of XP Pro didn’t like it much either.

TCPip says:

September 2nd, 2009 at 6:30 am

Great tool – one of my kids downloaded a program called “Microsoft Point Generator” to gain points for their Xbox. Well, it was a rootkit and disabled all antivirus’es and malware scanners. Could not even run in safe mode. Ran RootRepeal and found all the “hidden” garbage – cleaned it up and now back to normal. RootRepeal has been added to my arsenal of tools…(PC was infected with SKYNET*.sys, UAC*.sys, sdra64.exe, etc)