Sysinternals Rootkitrevealer is security software primarily designed for rootkit detection particularly on Microsoft Windows systems. Rootkit is a term used to describe the techniques employed by malware in attempting to hide their presence from regular security software like antivirus software and spyware blockers. There are four types of rootkits: Persistent rootkits, which survive system boots, memory-based rootkits, which has no persistent code so they do not survive reboots, user-mode rootkits, which intercepts directory listings, and kernel-mode rootkits, which are the most powerful. Sysinternals Rootkitrevealer can detect and reveal these types of rootkits.
Sysinternals Rootkitrevealer requires Administrator privileges to run. For best results, the system should be in idle mode and all programs should be exited. Sysinternals Rootkitrevealer can be run manually or automatically. For manual scanning, press Scan button and the program will scan the whole system. Actions taken by Sysinternals Rootkitrevealer are shown on the status box. Discrepancies and results are listed on the output list. While in manual scan, users can configure the program to hide NTFS metadata files and Scan registry. However, by default, both of these options are turned on. Automatic scan options include automatic exit upon end of scan, Format output as CSV, Show NTFS metadata, and Don’t scan registry.
Sysinternals Rootkitrevealer runs on Windows XP (32-bit) and Windows Server 2003 (32-bit). However, Sysinternals Rootkitrevealer has already been discontinued since November 2006.