RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish, HackerDefender and a fresh rootkits (TDSSserv, w32.tidserv) .
How to use RootkitRevealer
- Download RootkitRevealer from here and uzip it to a folder that you create such as C:\RootkitRevealer\.
- Disconnect from the internet and disable all active protection in order to minimize false positives.
- Double-click RootkitRevealer.exe to run the program.
- When the program opens, click the Scan button.
- When the scan is finished, click File->Save and save a log to your desktop.
- Close RootkitRevealer.
- Post your RootkitRevealer log in the spyware removal forum. Myantispyware.com team will help you.
Note: RootkitRevealer requires that the account from which its run has assigned to it the Backup files and directories, Load drivers and Perform volume maintenance tasks (on Windows XP and higher) privileges. The Administrators group is assigned these privileges by default.
