 |
|
|
|
RKDetect - Rootkit by anomaly detector
©oded by Sergey V. Gordeychik, offtopic_@_mail.ru
Rkdetect is a little anomaly detection tool which can find services hidden by
generic Windows rootkits like Hacker Defender or hidden spyware/adware. Tool is very
simple.
It enumerates services on remote computer through WMI (user level) and
Services Control Manager (kernel level), compares results and displays
differences. In this way it may be possible to find hidden services which
are usual used to start rootkit. Similar approach can be used to enumerate
processes, files, registry keys and anything rootkits can hide. Real kernel
level rootkit can not be detected this way.
DOWNLOAD
|
|
|
|
|
|
|
|
