I just ran across the new McAfee Rootkit Detective 1.0. There are so many anti-rootkit tools available now, and it's about time that McAfee comes out with its own free rootkit detection utility.

Latest posts by Michael Pietroforte (see all)

I usually don't worry so much about viruses and worms anymore because it seems to me that this threat is mostly under control nowadays. However, I always feel a bit uncomfortable when I think about rootkits. Viruses try to spread and often enough they damage their hosts, which makes them easier to detect. But rootkits just hide. It lies in their nature that you simply don't know of them.

Rootkit DetectiveI just played a little with McAfee Rootkit Detective and it indeed found a couple of hidden registry entries and hooked services on my system. The hooked services belong to my Sunbelt Personal Firewall. I wasn't able to track down the application that created the hidden registry keys, so I just deleted them all. Since this is a test system it is quite probable that they belong to spyware that was installed with one of the tools I tested.

Note that this was just a virtual machine and I created a snapshot before I deleted registry keys. If you intend to mess with the registry on one of your computers, I highly recommend creating a backup of the registry database before you do this even though McAfee Detective has an undo function. I like it that one can delete suspicious registry entries with McAfee Detective. This is an advantage over Sysinternals RootkitRevealer which I usually use when I am on the hunt for rootkits.

Subscribe to 4sysops newsletter!

I don't like the window size of Rootkit Detective though, it is quite small and one can't resize it. So you always have to scroll to read the full path of a registry entry. Another downside of the tool is that it doesn't support Vista. This is quite strange considering that it was just released recently.

What is your favorite rootkit hunting tool?


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account