123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Computers >> View Article

How Does Rootkitrevealer V1.71 Systinternal Work To Make Your Pc Safe From Rootkit?

Profile Picture
By Author: Brooke Perry
Total Articles: 84
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

Have you heard of Rootkit? If you know about it then you also understand the crucial need of protecting your PC from Rootkits. And if you don’t know about it then you can understand this as malicious software that an attacker can install on your PC after gaining the administrator access.

Why Rootkits are Malicious?

Rootkit is considered malicious because it can install malware, viruses, spyware, and Trojans, on your PC and keep those hidden from being detected by antivirus, spyware blockers and system management utilities. Rootkit also exerts another danger under which it intercepts data from terminals, keyboards, network connections, etc.

There are different methods through which Rootkits can evade detection. The main method through which it manages to avoid detection is either by surviving reboot or by executing in kernel mode or user mode. Rootkit gets activated each time your PC boots up and most importantly its activation process gets completed much before the boot up process of the system. In this way, Rootkit remains hidden in a PC and can’t be detected through normal processes.

How RootkitRevealer Works?

RootkitRevealer v1.71 is a Sysinternals security utility that can conveniently detect the deep hidden Rootkits on your PC. This utility was created by Bryce Cogswell and Mark Russinovich. It runs on Windows Server 2003 (32-bit) and Windows XP (32-bit).

This utility can’t be run using command-line options because of change in its programming. The need for this change arises from the fact that malware and virus creators have taken precautionary measures to make the Rootkits survive the RootkitRevealer's scan. Earlier the scan was run using the executable name to which Rootkits have become immune. Owing to this, RootkitRevealer has been updated to v1.71. This new version executes its scan by using randomly named copy of itself, which runs in the system as a Windows service. On being executed in this way, malware and viruses fail to indentify the RootkitRevealer and fall to its prey.

Different Types of Rootkits

Rootkits can be categorized into different types based on whether the malware is capable of surviving the system reboot or it can execute in the user mode or kernel mode.

Persistent Rootkit: A persistent Rootkit installs the malware that get activated every time you boot up your system.
Memory-Based Rootkit: These kinds of Rootkits are associated to malware which have no persistent code and hence fail to survive a reboot.
User-mode Rootkit: User-mode Rootkit intercepts the calls to the Windows FindFirstFile/FindNextFile APIs and can modify the output. They use Explorer and command prompt to itemize the contents of file system directories and return intercepted results.
Kernel-mode Rootkit: These Rootkits are even more powerful than user-mode ones because they cannot just intercept the native API in kernel-mode, but can also directly influence the structures of kernel-mode.

Can a Rootkit hide from RootkitRevealer?

A Rootkit can hide from RootkitRevealer scan if it succeeds to read RootkitRevealer's Registry hive data and manages to change the Registry data. However, to do this, high level of sophistication is required which is yet not easy to do because changing the data would require absolute knowledge of NTFS, FAT and Registry hive formats. Also high knowledge is required for changing data structures. So, in short it can be said that although theoretically it is possible that a Rootkit can hide from RootkitRevealer, but actually making it happen is difficult.

So, RootkitRevealer v1.71 is the best possible tool available till date that will allow you to keep your PC protected from Rootkits. You can download this from the Sysinternals section of TechNet website and keep your PC protected from the affects of Rootkits.


About the Author: Brooke M. Perry is an ardent technician associated with Qresolve computer security, with wide experience of fixing issues with PCs, laptops, tablets and smartphones. With a strong track record of devising effective ways of android tablet support and system security, she has so far helped thousands of users across the globe. Her writings on tech issues are the reflection of her in-depth interest and command she carries as a online pc repair technician. Her blogs and articles have been rated high for their lucid style and easy to understand language.

Total Views: 182Word Count: 705See All articles From Author

Add Comment

Computers Articles

1. M V Technologies - One Of The Top Web And App Development Companies In Noida
Author: MvTechnology

2. Building Your Own Desktop At Home? Keep An Eye For These Key Components.
Author: Sonu Kumar

3. Contact And Get Browser Support Over The Phone.
Author: kirlin jackeline

4. How Testing Transformation Leads The Way To Digital Transformation
Author: Oliver Moore

5. Use The Antivirus Program In An Efficient Way
Author: murphy felicia

6. How To Personalize Visual Feedback For Touch Points On Windows 10?
Author: Aida Martin

7. How To Unlock All Characters In Super Smash Bros
Author: Jaxson harry

8. How To Get Gamma Container In Escape From Tarkov?
Author: Marco

9. How To Skip Vorgeth Fight In Shattered Throne Dungeon In Destiny 2?
Author: Jaxson Harry

10. How To Get Helpful Doge Charm In Call Of Duty: Modern Warfare?
Author: Marco

11. How To Reset Any Roku Remote That Has Stopped Responding ?
Author: jack

12. Pepsi And Regal Partnership Starting Early 2020
Author: Marco

13. Various Website Development Tips To Help You Get Started
Author: Yogendra Shinde

14. What Are The Techniques For Website Speed Optimisation?
Author: Chris Walker

15. Diagnose And Repair Computer Problems With Active@ Boot Disk
Author: James B Bartlett

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: