Sunday, 30 May 2010

2.1

Practical 2-1: Scan for Rootkits using RootkitRevealor

Rootkit - A set of software tools used by an intruder to break into a computer, obtain special privileges to perform unauthorised functions and removing all traces of it.

In this practical, I would be using a rootkitrevealor and learning how to use it.
First, I went to http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx to download the rootkit revealer.
I extracted the file and run it.
When it is running, accept the Rootkit License Agreements.
It looks like other scanners just that this is for rootkits.
Click file then scan.
It will display discrepancies between the Windows registry keys and other parts of the registry. Any discrepancies does not necessarily mean that a rootkit is detected.

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home