An advanced rootkit detection/removal utility. Here are some key features of "Rootkit Unhooker":
Service Descriptor Table hooks detection
* Includes Service Descriptor Table hooks removing (unhooking)
SYSENTER/Int 2e hooks detection
* Detection of hooking sysenter instruction handler and system interrupt (IDT) hook
SYSENTER/Int 2e hooks removing (unhooking)
* Restoring original instruction (interrupt) handler
Hidden processes detection
* Detection of processes hidden from Windows API
* Most strong in the world at current time
* Detection of processes with full path and name (unique)
Hidden processes terminating
* Including force-kill powered by PVASE
* (c) PVASE Process Virtual Address Space Erasing
Hidden processes dumping
* With capability to rebuild file for analysis
Hidden drivers detection
* Detection of drivers hidden from Windows API
* combines four different methods of detection and including special five (c) Stealth Walker technology
* and six (c) KMSE - Kernel Memory Scanning Engine
Hidden drivers dumping
* Unique feature that gives you capability to make dump of selected driver
IRP hooks detection
* Look for "References" column on the Hidden Drivers Detector page
Detection of API-based hooks (Code Hooks Detection)
* Includes most strong at this time inline (splicing) hooks detection in drivers and libraries. Detected hooks: on functions and on IRP's (for drivers)
Detection of hidden libraries
* As part of Code Hooks Detector page. Displays address (if can be determined) of hidden library
Hidden files detection
* Includes detection of files hidden from Windows API on the disks. Supported file systems are: FAT32 and NTFS (full support - including ADS).
Low level files operation
* Wipe/Copy functions for visible and hidden files (including ADS).
Update system
* Can check our server for software updates
Report generation
* Automatically generates report with all needed information (not huge and useless like in others programs)
Program self-protection
* Contains some methods that are able to prevent some malware from interrupting work of program. Includes internal integrity checking and antidebugging
Bookmarks