RootkitRevealer helps users with rootkit detection on Windows XP and Windows Server 2003 (32-bit-versions only). Its output lists Windows Registry and file system API discrepancies that may betoken the presence of a rootkit. Although it is not under active development nowadays, RootkitRevealer triggered one of the most popular media scandals of the 2000s.
The term rootkit is utilized to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, endeavor to obnubilate their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit relegations depending on whether the malware survives reboot and whether it executes in utilizer mode or kernel mode.
There are also persistent rootkits associated with malware that activates each time the system boots. Because such malware contain code that must be executed automatically each system start or when you authenticate, they must store code in a sedulously assiduous store, such as the Registry or file system, and configure a method by which the code executes without your intervention.
Alongside these, you can find the memory-based rootkits, which have no sedulously assiduous code and therefore does not survive a reboot. Since persistent rootkits work by transmuting API results so that a system view utilizing APIs differs from the genuine view in storage, RootkitRevealer compares the results of a system scan at the highest caliber with that at the lowest caliber.
Thus, rootkits, whether user mode or kernel mode, that manipulate the Windows API or native API to remove their presence from a directory listing, for example, will be seen by RootkitRevealer as a discrepancy between the information returned by the Windows API and that seen in the raw scan of a FAT or NTFS volume's file system structures.
All in all, RootkitRevealer was and still is a great tool to use whenever you want and that is how people learned of many illegal activities performed by industry giants such as Sony back in 2005, when the Sony BMG CD copy protection rootkit scandal erupted. In the end, you can never be to safe when it comes to data thieves.