We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,797 News Articles

New tool gives the scoop on snoops

Free utility can reveal hidden software used by hackers and crooks

Computer users have yet another tool they can use to find out if stealthy malware – such as a hidden virus, Trojan horse or spyware application – has found its way onto their PC.

The tool, called RootkitRevealer, permits Windows users to scan a computer for the telltale presence of certain kinds of malicious software.

That type of software, known in the security industry as a rootkit, "is a technology that's used by malware – viruses or Trojans – to actively hide themselves," says RootkitRevealer's co-creator, Mark Russinovich. Rootkits can also help hackers gain greater control of an already-compromised computer.

Rootkits are more common in the world of Linux and UNIX-based computers, but several Windows-specific rootkits have appeared online in the past couple of years.

Rootkits themselves are merely a means to an end; by hiding components of a Trojan horse application, for instance, a rootkit can help the malware evade detection by traditional antivirus scanners.

RootkitRevealer can detect the presence of several common rootkits for Windows computers running NT, 2000, or XP, but not 95, 98, or Windows Me.

In order to use it effectively, the user must understand how to evaluate the information it provides. Also, the program also cannot remove or "quarantine" rootkits it finds, and it cannot definitively tell you whether a file it finds is, in fact, part of a rootkit.

If you find something that shouldn't be there and your antivirus program can't remove it, says Russinovich, "the correct response is to repave."

"That's IT terminology for completely scrubbing the machine," he explains. "You have to format the drive, completely wiping out all the data, and reinstall Windows."

The program is free to download from Russinovich's website, Sysinternals. There's no installation process; you simply unzip the files and run the RootkitRevealer.exe application.

There are a few caveats you should know before you run your first scan with the program. The first is that while RootkitRevealer is running, you shouldn't do anything at all with the PC.

You should also turn off any program that might activate during the scan, such as a screensaver, an antivirus tool, or any other running program. Switching focus to another program, or allowing other programs to activate during the scan, won't cause your system to crash, but doing so may cause the RootkitRevealer program to display inaccurate or misleading results.


IDG UK Sites

Android One vs Android Silver vs Google Nexus: What is the difference?

IDG UK Sites

Apple updates MacBook Pro line-up: Price cuts & spec boosts for 6 MacBook Pro models

IDG UK Sites

Long live the internet fridge: the Internet of Things is coming

IDG UK Sites

How Prometheus' colourist Juan Ignacio Cabrera gave a tense, edgy feel to Chosen