RootRepeal is a small, portable and freeware tool to uncover rootkits.Generally this tool is useful for advanced users those who know what the normal Windows drivers, processes and services are.
- Easy to use - a user with little to no computer experience should be able to use it.
- Powerful - it should be able to detect all publicly available rootkits.
- Stable - it should work on as many different system configurations as possible, and, in the event of an incompatibility, not crash the host computer.
- Safe - it will not use any rootkit-like techniques (hooking, etc.) to protect itself.
- RootRepeal has the ability to scan and display all currently loaded drivers and tell you whether they are hidden and whether the drivers file is visible on disk.
- Scans for hidden, locked or fraudulent files on the system
- Scans and displays the currently running processes ( shows if the process is hidden or locked).
- Scans the SSDT (system service descriptor table) to see if any services are hooked.
- Scans for Stealth objects which looks for rootkit symptoms in general.
- Scans for Hidden services and displays them.
It is better to disable your antivirus, antispyware, and firewalls before continuing or they may block RootRepeal from running properly.If you have found something malicious, right click on the driver/file/service and either copy, wipe or force delete it.You can save the scan report , which you can attach to various forums for analysis if needed.