Computer Security
[EN] no-pyccku

RKDetect - Rootkit by anomaly detector

©oded by Sergey V. Gordeychik, [email protected]

Rkdetect is a little anomaly detection tool which can find services hidden by generic Windows rootkits like Hacker Defender or hidden spyware/adware. Tool is very simple. It enumerates services on remote computer through WMI (user level) and Services Control Manager (kernel level), compares results and displays differences. In this way it may be possible to find hidden services which are usual used to start rootkit. Similar approach can be used to enumerate processes, files, registry keys and anything rootkits can hide. Real kernel level rootkit can not be detected this way.


About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod