官网:http://rootrepeal.googlepages.com/
下载地址:
The current version is: Version 1.2.3
Download: RootRepeal.rar
MD5 (of the EXE): 8F32CC6C8C8648B7AA227F256C4B6252
SHA-1 (of the EXE): 31295B109307B82FD756B375F01E52E9591A7BB5
介绍:
RootRepeal is a new rootkit detector currently in public beta. It is designed with the following goals in mind:
- Easy to use - a user with little to no computer experience should be able to use it.
- Powerful - it should be able to detect all publicly available rootkits.
- Stable - it should work on as many different system configurations as possible, and, in the event of an incompatibility, not crash the host computer.
- Safe - it will not use any rootkit-like techniques (hooking, etc.) to protect itself.
Currently, RootRepeal includes the following features:
- Driver Scan - scans the system for kernel-mode drivers. Displays all drivers currently loaded, and shows if a driver has been hidden, and whether the driver's file is visible on-disk.
- Files Scan - scans any fixed drive on the system for hidden, locked or falsified* files.
- Processes Scan - scans the system for processes. Displays all processes currently running, and shows if a processes is hidden or locked.
- SSDT Scan - shows whether any of the functions in the System Service Descriptor Table (SSDT) are hooked.
- Stealth Objects Scan - attempts to determine if any rootkits are active by looking for typical symptoms.
- Hidden Services Scan - scans for hidden system services.
* - falsified files are files which have their size mis-reported to the Windows API. Some rootkits use this to hide data.
RootRepeal is currently in public beta. Whereas every effort has been made to ensure compatibility with every system configuration on Windows 2000, XP, 2003 and Vista, it cannot be guaranteed. There is always some risk when scanning for rootkits. Before running RootRepeal, please make sure you have backups of all important data and have saved all open documents.
翻译:
RootRepeal是一个新的rootkit检测器,目前在公开测试版。它的设计是基于以下原则和思路:
易于使用-很少或几乎没有电脑经验的用户也能使用它。
强大的-它应能侦测到所有公开的rootkit 。
稳定-它应该工作的许多不同的系统配置,尽可能,并在发生不兼容,而不是崩溃的主机电脑。
安全-这将不使用任何的rootkit样技术(连接等) ,以保护自己。
目前, RootRepeal包括以下功能:
驱动扫描-扫描系统上的内核模式驱动程序。显示所有驱动加载,并显示如果司机已被隐藏,是否司机的文件是可见的磁盘上。
文件扫描-扫描任何固定的驱动器上的系统的隐藏,锁定或伪造*文件。
程序扫描-扫描系统上的进程。显示当前运行的所有进程,并表明如果一个进程的隐藏或锁定。
SSDT扫描-表明是否有任何方面的职能系统服务描述表( SSDT )的连接。
隐形物体扫描-企图以确定是否有任何的rootkit寻找积极的典型症状。
隐匿服务扫描-扫描隐藏的系统服务。
* -伪造档案文件,其大小有错误报告的Windows API 。有些rootkits利用这一隐藏的数据。
RootRepeal目前正处于公开测试版。
[ 本帖最后由 jeccci5 于 2008-12-31 20:54 编辑 ] |
发表于 2008-12-31 20:42:14
楼主
发表于 2008-12-31 20:51:44
