Nytro Posted December 18, 2011 Report Posted December 18, 2011 [h=3]RootRepeal - New Rootkit Detector Tool[/h]RootRepeal is new kernel land based Anti-Rootkit tool which is simple to use yet powerful. Currently it is in beta version and as of now support only x86 systems.Main features Driver Scan - scans the system for kernel-mode drivers. Displays all drivers currently loaded, and shows if a driver has been hidden, and whether the driver's file is visible on-disk. Files Scan - scans any fixed drive on the system for hidden, locked or falsified* files. Processes Scan - scans the system for processes. Displays all processes currently running, and shows if a processes is hidden or locked. SSDT Scan - shows whether any of the functions in the System Service Descriptor Table (SSDT) are hooked. Stealth Objects Scan - attempts to determine if any rootkits are active by looking for typical symptoms. Hidden Services Scan - scans for hidden system services. Shadow SSDT Scan - counterpart to the SSDT Scan, but deals mostly with graphics and window-related functions.Due to nature of these kind of tools, you are always advised to have backups of all important data before running it. Also it is advised to run it on Virtual machines such as Vmware.For more interesting details and test it yourself, visit the project page of RootRepealDownload:http://ad13.geekstogo.com/RootRepeal.rarSursa: SecurityXploded Forum • View topic - RootRepeal - New Rootkit Detector Tool Quote
