RootkitRevealer 1.71

4.4 out of 5 stars 4.4 (95 votes)

()

Windows 2000/Server 2003/XP / Freeware / 24,258 downloads

RootkitRevealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. It successfully detects all persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect memory-based rootkits like Fu that don't survive reboots).

Reviews

Discussions

Reviews of RootkitRevealer

  1. 5 out of 5 stars
    walruz

    Reviewing 1.71 (Nov 12, 2006)

    Gotta love RootkitRevealer. You should download it now, before M$ starts using WGA on it.. :(

  2. 4 out of 5 stars
    c4p0ne

    Reviewing 1.71 (Nov 12, 2006)

    Still labeled "1.7" in the help|about.

  3. 5 out of 5 stars
    Canuckistani

    Reviewing 1.7 (Feb 3, 2006)

    Mikko Hyppönen, the Chief Research Officer at F-Secure, does not think Blacklight a replacement for Rootkit Revealer. But, it is a quick and simple way to help stem the tide of infection and every little bit helps. Mikko has a great deal of respect for Sysinternals and Mark Russinovich. The advantage of Blacklight is in the results. For a not so computer savvy user the results from Rootkit Revealer may be confusing. Blacklight just gives a yes or no answer but, doesn't give any clues about what it might have missed.

  4. 5 out of 5 stars
    jordenpro

    Reviewing 1.7 (Feb 3, 2006)

    Great Program!!

    Please don't say 'blacklight' is better. If your serious about detecting rootkits, you'll use more than one for detection.

    RootkitRevealer
    Blacklight
    IceSword

    And if you really want to know the best, it's IceSword. ;)

  5. 5 out of 5 stars
    nefarious1

    Reviewing 1.7 (Feb 3, 2006)

    @veeoh:

    F-Secure BlackLight is simpler to use, for sure, but why is it "better"? Does it work better? I have no reason to think it does. And it is only free to use while in beta--it will be shareware once final.

    @devilrider:

    Ignoring drives and/or directories would defeat the purpose of finding rootkits, because they can be hidden anywhere.

    Priority doesn't matter, because you are supposed to run RKR on an idle system, as the documentation clearly states. I have quite a loaded system, but RKR takes only a few minutes to run.

    You aren't supposed to surf the web while running RKR. If you do, then new files are added while RKR is scanning, and that's why it finds those file system objects. It is a user issue, not a software issue.

    -------

    RKR is a valuable tool. Not infallible, but valuable. Every Windows system should run it occasionally.

Write a Review View All Reviews

Discuss RootkitRevealer

Post a Discussion