How Does Rootkitrevealer V1.71 Systinternal Work To Make Your Pc Safe From Rootkit?

By Author: Brooke Perry
Total Articles: 84
Comment this article

Have you heard of Rootkit? If you know about it then you also understand the crucial need of protecting your PC from Rootkits. And if you don’t know about it then you can understand this as malicious software that an attacker can install on your PC after gaining the administrator access.

Why Rootkits are Malicious?

Rootkit is considered malicious because it can install malware, viruses, spyware, and Trojans, on your PC and keep those hidden from being detected by antivirus, spyware blockers and system management utilities. Rootkit also exerts another danger under which it intercepts data from terminals, keyboards, network connections, etc.

There are different methods through which Rootkits can evade detection. The main method through which it manages to avoid detection is either by surviving reboot or by executing in kernel mode or user mode. Rootkit gets activated each time your PC boots up and most importantly its activation process gets completed much before the boot up process of the system. In this way, Rootkit remains hidden in a PC and can’t be detected through normal processes.

How RootkitRevealer ...
... Works?

RootkitRevealer v1.71 is a Sysinternals security utility that can conveniently detect the deep hidden Rootkits on your PC. This utility was created by Bryce Cogswell and Mark Russinovich. It runs on Windows Server 2003 (32-bit) and Windows XP (32-bit).

This utility can’t be run using command-line options because of change in its programming. The need for this change arises from the fact that malware and virus creators have taken precautionary measures to make the Rootkits survive the RootkitRevealer's scan. Earlier the scan was run using the executable name to which Rootkits have become immune. Owing to this, RootkitRevealer has been updated to v1.71. This new version executes its scan by using randomly named copy of itself, which runs in the system as a Windows service. On being executed in this way, malware and viruses fail to indentify the RootkitRevealer and fall to its prey.

Different Types of Rootkits

Rootkits can be categorized into different types based on whether the malware is capable of surviving the system reboot or it can execute in the user mode or kernel mode.

Persistent Rootkit: A persistent Rootkit installs the malware that get activated every time you boot up your system.
Memory-Based Rootkit: These kinds of Rootkits are associated to malware which have no persistent code and hence fail to survive a reboot.
User-mode Rootkit: User-mode Rootkit intercepts the calls to the Windows FindFirstFile/FindNextFile APIs and can modify the output. They use Explorer and command prompt to itemize the contents of file system directories and return intercepted results.
Kernel-mode Rootkit: These Rootkits are even more powerful than user-mode ones because they cannot just intercept the native API in kernel-mode, but can also directly influence the structures of kernel-mode.

Can a Rootkit hide from RootkitRevealer?

A Rootkit can hide from RootkitRevealer scan if it succeeds to read RootkitRevealer's Registry hive data and manages to change the Registry data. However, to do this, high level of sophistication is required which is yet not easy to do because changing the data would require absolute knowledge of NTFS, FAT and Registry hive formats. Also high knowledge is required for changing data structures. So, in short it can be said that although theoretically it is possible that a Rootkit can hide from RootkitRevealer, but actually making it happen is difficult.

So, RootkitRevealer v1.71 is the best possible tool available till date that will allow you to keep your PC protected from Rootkits. You can download this from the Sysinternals section of TechNet website and keep your PC protected from the affects of Rootkits.

About the Author: Brooke M. Perry is an ardent technician associated with Qresolve computer security, with wide experience of fixing issues with PCs, laptops, tablets and smartphones. With a strong track record of devising effective ways of android tablet support and system security, she has so far helped thousands of users across the globe. Her writings on tech issues are the reflection of her in-depth interest and command she carries as a online pc repair technician. Her blogs and articles have been rated high for their lucid style and easy to understand language.