RootRepeal - Uncover Rootkits - Technibble
Technibble
Shares

RootRepeal – Uncover Rootkits

Shares

RootRepeal is a small, portable and freeware application that is designed to uncover rootkits. This tool has been picking up popularity with security groups like Systernals. This is a tool for advanced users only who know what the normal Windows drivers, processes and services are. If you don’t know what you are doing you can easily render a computer unbootable.

RootRepeal has the following features:

  • The ability to scan and display all currently loaded drivers and tell you whether they are hidden and whether the drivers file is visible on disk.
  • Scans for hidden, locked or falsified files on the system
  • Scans and displays the currently running processes (similar to Process Explorer) but shows if the process is hidden or locked.
  • Scans the SSDT (system service descriptor table) to see if any services are hooked.
  • Scans for Stealth objects which looks for rootkit symptoms in general.
  • Scans for Hidden services and displays them.

Once you have found something malicious, you can right click on the driver/file/service and either copy, wipe or force delete it.

Downloads:

Download from Official Site – 93kb

Related Posts

13 Sep, 2018

Microsoft Script Center – Powershell Script Archive for Techs
07 Aug, 2018

What are the Best Automated Windows Repair Tools?
02 May, 2017

The Mac Utilities Every Tech Should Know and Use
  • JohnG says:
    07/22/2009 at 08:18

    Great post Bryce.

  • Xander says:
    07/22/2009 at 23:38

    Crashed on Win7

  • Dave says:
    07/22/2009 at 09:06

    Nice tool as always…Thanks

  • Rick Ferch says:
    07/22/2009 at 12:35

    Does not support 64 bit OS’es.

  • Rodel says:
    07/22/2009 at 21:53

    really nice…it cure our pc…thanks bryce..thanks a lot…

  • Galdorf says:
    07/24/2009 at 08:21

    If you click on stealth or hidden items tab anything there that is found won’t mess up your OS only rootkits show up there, drivers tab you should never remove anything there.

  • Bryce W says:
    07/24/2009 at 09:19

    Thats not entirely true Galdorf, most rootkits I have seen install themselves AS A DRIVER such as “tdss.sys”.

  • fred says:
    07/24/2009 at 19:57

    crashes on Vista Home Premium.. no good…

  • JRoss says:
    07/26/2009 at 10:20

    My copy of XP Pro didn’t like it much either.

  • TCPip says:
    09/02/2009 at 06:30

    Great tool – one of my kids downloaded a program called “Microsoft Point Generator” to gain points for their Xbox. Well, it was a rootkit and disabled all antivirus’es and malware scanners. Could not even run in safe mode. Ran RootRepeal and found all the “hidden” garbage – cleaned it up and now back to normal. RootRepeal has been added to my arsenal of tools…(PC was infected with SKYNET*.sys, UAC*.sys, sdra64.exe, etc)

    • >