RootRepeal – The New and Great Rootkit Detector and Remover
Leave a Comment
RootRepeal is a new rootkit detector currently in public beta.
It is designed with the following goals in mind:
- Easy to use – a user with little to no computer experience should be able to use it.
- Powerful – it should be able to detect all publicly available rootkits.
- Stable – it should work on as many different system configurations as possible, and, in the event of an incompatibility, not crash the host computer.
- Safe – it will not use any rootkit-like techniques (hooking, etc.) to protect itself.
Currently, RootRepeal includes the following features:
- Driver Scan – scans the system for kernel-mode drivers. Displays all drivers currently loaded, and shows if a driver has been hidden, and whether the driver’s file is visible on-disk.
- Files Scan – scans any fixed drive on the system for hidden, locked or falsified* files.
- Processes Scan – scans the system for processes. Displays all processes currently running, and shows if a processes is hidden or locked.
- SSDT Scan – shows whether any of the functions in the System Service Descriptor Table (SSDT) are hooked.
- Stealth Objects Scan – attempts to determine if any rootkits are active by looking for typical symptoms.
- Hidden Services Scan – scans for hidden system services.
- Shadow SSDT Scan – counterpart to the SSDT Scan, but deals mostly with graphics and window-related functions.
* – falsified files are files which have their size mis-reported to the Windows API. Some rootkits use this to hide data.
RootRepeal is currently in public beta. Whereas every effort has been made to ensure compatibility with every system configuration on Windows 2000, XP, 2003 and Vista, it cannot be guaranteed. There is always some risk when scanning for rootkits. Before running RootRepeal, please make sure you have backups of all important data and have saved all open documents.
- Microsoft® Windows 2008 Server; Windows Vista®; Windows XP Professional or Home Edition; Windows 2000 with Service Pack 4; Windows 2003 Server
Note: Only x86 versions of Windows are supported.
- 128MB of RAM.
- 600KB of hard-drive space.
MD5 (of the EXE): 880D7A26B7BB6B00A0709E75F149B83D
SHA-1 (of the EXE): 1943798277BBB1C396A980C58D077F5A57636932
NOTE : Because, as mentioned above, there is always an element of risk when scanning for rootkits, the author offers NO WARRANTY for RootRepeal. USE AT YOUR OWN RISK!
The latest version of RootRepeal can always be found at the static links http://rootrepeal.googlepages.com/RootRepeal.rar, or http://rootrepeal.googlepages.com/RootRepeal.zip (see below for more mirrors, in case the bandwidth limits have been exceeded).
Note: This site has recently been exceeding bandwidth, so if any of the above download links are unavailable, please use one of the following:
For more info about this project : http://sites.google.com/site/rootrepeal/