Computer users have yet another tool they can use to find out if stealthy malware – such as a hidden virus, Trojan horse or spyware application – has found its way onto their PC.
The tool, called RootkitRevealer, permits Windows users to scan a computer for the telltale presence of certain kinds of malicious software.
That type of software, known in the security industry as a rootkit, "is a technology that's used by malware – viruses or Trojans – to actively hide themselves," says RootkitRevealer's co-creator, Mark Russinovich. Rootkits can also help hackers gain greater control of an already-compromised computer.
Rootkits are more common in the world of Linux and UNIX-based computers, but several Windows-specific rootkits have appeared online in the past couple of years.
Rootkits themselves are merely a means to an end; by hiding components of a Trojan horse application, for instance, a rootkit can help the malware evade detection by traditional antivirus scanners.
RootkitRevealer can detect the presence of several common rootkits for Windows computers running NT, 2000, or XP, but not 95, 98, or Windows Me.
In order to use it effectively, the user must understand how to evaluate the information it provides. Also, the program also cannot remove or "quarantine" rootkits it finds, and it cannot definitively tell you whether a file it finds is, in fact, part of a rootkit.
If you find something that shouldn't be there and your antivirus program can't remove it, says Russinovich, "the correct response is to repave."
"That's IT terminology for completely scrubbing the machine," he explains. "You have to format the drive, completely wiping out all the data, and reinstall Windows."
The program is free to download from Russinovich's website, Sysinternals. There's no installation process; you simply unzip the files and run the RootkitRevealer.exe application.
There are a few caveats you should know before you run your first scan with the program. The first is that while RootkitRevealer is running, you shouldn't do anything at all with the PC.
You should also turn off any program that might activate during the scan, such as a screensaver, an antivirus tool, or any other running program. Switching focus to another program, or allowing other programs to activate during the scan, won't cause your system to crash, but doing so may cause the RootkitRevealer program to display inaccurate or misleading results.