Reveal Hidden Spyware, Rootkit, Malware and Threats in PC
HiJack This program can do it as well but here is another cool program which will reveal all the hidden badware, goodware or whatever is there in PC and will leave decision to you for what to do with them. Its a hidden threat detector, rootkit detector, drivers scanner, files scanner, process scanner, SSDT scanner, stealth objects scanner and shadow SSDT scanner.
A rootkit is a type of software that is designed to gain administrator-level control over a computer system without being detected.
RootRepeal is a new rootkit detector. It is designed with the following goals in mind:
- Easy to use – a user with little to no computer experience should be able to use it.
- Powerful – it should be able to detect all publicly available rootkits.
- Stable – it should work on as many different system configurations as possible, and, in the event of an incompatibility, not crash the host computer.
- Safe – it will not use any rootkit-like techniques (hooking, etc.) to protect itself.
Currently, RootRepeal includes the following features:
- Driver Scan – scans the system for kernel-mode drivers. Displays all drivers currently loaded, and shows if a driver has been hidden, and whether the driver’s file is visible on-disk.
- Files Scan – scans any fixed drive on the system for hidden, locked or falsified* files.
- Processes Scan – scans the system for processes. Displays all processes currently running, and shows if a processes is hidden or locked.
- SSDT Scan – shows whether any of the functions in the System Service Descriptor Table (SSDT) are hooked.
- Stealth Objects Scan – attempts to determine if any rootkits are active by looking for typical symptoms.
- Hidden Services Scan – scans for hidden system services.
- Shadow SSDT Scan – counterpart to the SSDT Scan, but deals mostly with graphics and window-related functions.
A rootkit is a set of tools or a program that is designed to hide activity on a computer (legitimate or otherwise). A rootkit in itself is not malicious – many antivirus programs and some games (for example, nProtect GameGuard) use rootkit-like technology to hide or protect themselves. RootRepeal does not target any specific product or malware, but simply identifies rootkit-like activity on a computer and leaves the decision of what is malware or not to the user.
Simply run RootRepeal.exe by double-clicking on it. No installation is necessary.
How do I know if I have a rootkit?
Run a system scan using the “Report” tab, and send the log to an expert for analysis.
The SSDT is a table that stores addresses of functions that are used by Windows. Whenever a certain type of function is called, Windows looks in this table to find the address for it. However, a lot of rootkits and some legitimate software hooks this table, redirecting these requests. This type of hooking can be used to hide just about anything on Windows.