RootkitRevealer here!
RootkitRevealer can be an advanced rootkit detection utility. It runs with Windows NT several and higher and its particular output lists Registry and also file system API discrepancies that may indicate the presence of your user-mode or kernel-mode rootkit.
RootkitRevealer productively detects many continual rootkits including AFX, Vanquish and also HackerDefender (note: RootkitRevealer seriously isn't intended to discover rootkits like Fu that don't try to hide their data or registry keys).
Since persistent rootkits function by changing API results in order that a system watch using APIs differs on the actual view inside storage, RootkitRevealer compares the outcome of a system scan in the highest level with that at the lowest level. The highest level is the Windows API as well as the lowest level is the raw contents of your file system amount or Registry hive (a hive file is the Registry's on-disk storage format).
Thus, rootkits, whether user mode or maybe kernel mode, that manipulate the Windows API or maybe native API to get rid of their presence from your directory listing, one example is, will be viewed by RootkitRevealer being a discrepancy between the information returned by the Windows API understanding that seen in the raw scan of your FAT or NTFS volume's file system structures.