RootRepeal – Repair Tool of the Week

RootRepeal is a small, portable and freeware application that is designed to uncover rootkits. This tool has been picking up popularity with security groups like Systernals. This is a tool for advanced users only who know what the normal Windows drivers, processes and services are. If you don’t know what you are doing you can easily render a computer unbootable.

RootRepeal has the following features:

  • The ability to scan and display all currently loaded drivers and tell you whether they are hidden and whether the drivers file is visible on disk.
  • Scans for hidden, locked or falsified files on the system
  • Scans and displays the currently running processes (similar to Process Explorer) but shows if the process is hidden or locked.
  • Scans the SSDT (system service descriptor table) to see if any services are hooked.
  • Scans for Stealth objects which looks for rootkit symptoms in general.
  • Scans for Hidden services and displays them.

Once you have found something malicious, you can right click on the driver/file/service and either copy, wipe or force delete it.

Screenshots:


Downloads:

Download from Geeks to Go – 93kb

More Information



Bryce Whitty

About the Author

Bryce Whitty
More articles by me...
Bryce is an Australian computer technician and the founder of Technibble. He started his computer repair business when he was 17 years old and is still running it 9 years later. He is an avid traveller and spends at least a month of the year in another country.

Comments (10)

  • JohnG says:

    Great post Bryce.

  • Dave says:

    Nice tool as always…Thanks

  • Rick Ferch says:

    Does not support 64 bit OS’es.

  • Rodel says:

    really nice…it cure our pc…thanks bryce..thanks a lot…

  • Xander says:

    Crashed on Win7

  • Galdorf says:

    If you click on stealth or hidden items tab anything there that is found won’t mess up your OS only rootkits show up there, drivers tab you should never remove anything there.

  • Bryce W says:

    Thats not entirely true Galdorf, most rootkits I have seen install themselves AS A DRIVER such as “tdss.sys”.

  • fred says:

    crashes on Vista Home Premium.. no good…

  • JRoss says:

    My copy of XP Pro didn’t like it much either.

  • TCPip says:

    Great tool – one of my kids downloaded a program called “Microsoft Point Generator” to gain points for their Xbox. Well, it was a rootkit and disabled all antivirus’es and malware scanners. Could not even run in safe mode. Ran RootRepeal and found all the “hidden” garbage – cleaned it up and now back to normal. RootRepeal has been added to my arsenal of tools…(PC was infected with SKYNET*.sys, UAC*.sys, sdra64.exe, etc)