Practical 2.1 Scanning for rootkits

This time would be about ROOTKITS..... And I will be using a rootkit revealer to scan for rootkits>>>> So to get your own rootkit revealer tool, first, open any web browser and enter the URL www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx or if you cannot get to the website....just go to any search engines and search for "RootkitRevealer"<><><>both will end you up in the website as shown in the screenshot below......

After reaching this website(as shown in the screenshot above) simply click the "Download RootkitRevealer" hyperlink to download the tool..... This webpage also as an introduction to this tool so,,,, you can read this introduction first before downloading to better understand this tool and what it does......

After successfully downloading it..... double click on the rootkit revealer zip. file and extract all the contents to any file that you want to....


After extracting run the rootkit revealer exe.file...... Depending on the computers that you are using,,,, the rootkit revealer screen will appear while others will have a popup message appearing, as shown in the screenshot below, if this happens just simply click the "View the message" button to view the rootkit revealer screen.... After which click on the "File" tab and then choose the "Scan"

After which,.,.,.,. the scanning will start......For those who needs to click on the "View the message" button to view the rootkit revealer scanner..... you would not be able to get out of the screen by simply clicking alt+tab.... to return to your desktop screen you would have to click the "Return now" link,,,,, do not worry,,,, the scan will continue>>>>and if you want to return to the rootkit revealer screen....just simply repeat the "View the message" steps to return.....Sorry but this time I wouldn't be able to show any example of rootkits being detected as the rootkit revealer screen does not allow print screen..... HOWEVER.... after the scan is completed, when you browse through the name of the files being detected, IF you find any discrepancy in any of the file names it does not neccessarily means that it is a rootkit......So do not anyhow go delete any files that has a discrepancy in its name....

REFLECTIONS!!!!!

According to wikipedia.org..... a rootkit is a software or hardware device that is designed to gain administrator-level control over a computer system without being detected....

There are a total of six different types of rootkits,, and they are:

-Firmware/Hardware-level rootkits

-Hypervisor-level rootkits

-Boot loader-level rootkits

-Kernel-level rootkits

-Library-level rootkits

-Application-level rootkits

If you would like to better understand what these different levels of rootkits do and how different they are from each other....just go to this link: http://en.wikipedia.org/wiki/Rootkit