Hands-on Project 2 - 1 (Practical 3)

Objectives: Scan for Rootkits Using RootkitRevealer

To help detect the presence of a rootkit, we will need to download and install Microsoft’s RootkitRevealer tool.

1) Open your Web browser and enter the URL www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx.

2) Scroll to the bottom of the page and click on Download RootkitRevealer (231 KB). When the File Download dialog box appears, click Save and download the file to your desktop or another location you want.

3) When the download is complete, click Open to open the compressed (.ZIP) file.

4) Click Extract all files to launch the Extraction Wizard. Follow the steps in the wizard to extract all files to your desktop or another location you want.

5) Navigate to the location where the files were extracted and start the program by double-clicking on RootkitRevealer.exe. If you receive an Open File – Security Warning dialog box, click Run. Click Agree to the RootkitRevealer License Agreements.

6) The RootkitRevealer screen will appear.

7) Click File and then Scan to begin a scan of the computer for a rootkit.

8) When completed, RootkitRevelear will display discrepancies between the Windows registry keys (which are not always visible to specific types of scans) and other parts of the registry. Any discrepancies that are found do not necessarily indicate that a rootkit was detected.

Results:

9) Close RootkitRevealer and all windows.

Reflections
From what I know, rootkit is a set of software tools used by an intruder to break into a computer, obtain special privileges to perform unauthorized functions, and hide all traces of its existence. Thus it will be dangerous if our computer contain rootkit. Hence, I find that the RootkitReavealer is very useful to me as it help me to reveal the rootkits in my computer so that I can remove them.