RootRepeal is a small, portable and freeware application that is designed to uncover rootkits. This tool has been picking up popularity with security groups like Systernals. This is a tool for advanced users only who know what the normal Windows drivers, processes and services are. If you don’t know what you are doing you can easily render a computer unbootable.
RootRepeal has the following features:
- The ability to scan and display all currently loaded drivers and tell you whether they are hidden and whether the drivers file is visible on disk.
- Scans for hidden, locked or falsified files on the system
- Scans and displays the currently running processes (similar to Process Explorer) but shows if the process is hidden or locked.
- Scans the SSDT (system service descriptor table) to see if any services are hooked.
- Scans for Stealth objects which looks for rootkit symptoms in general.
- Scans for Hidden services and displays them.
Once you have found something malicious, you can right click on the driver/file/service and either copy, wipe or force delete it.
Download from Geeks to Go – 93kb