Rkdetect is a little anomaly detection tool which can find services hidden by generic Windows
rootkits like Hacker Defender.
Tool very simply. It enumerates services on remote computer through WMI (user level) and
Services Control Manager (kernel level), compare result and display difference. In this way we
can find hidden services which usual used to start rootkit.
Similar approach can be used to enumerate processes, files, registry keys and anything that
rootkits can to hide.
Rkdetect available here:
Updated on 08.09.2004: Support for localized systems added.
http://www.security.nnov.ru/files/rkdetect.zip
