Rootkit Unhooker - an advanced rootkit detection/removal utility

Here are some key features of "Rootkit Unhooker":

Service Descriptor Table hooks detection
· Includes Service Descriptor Table hooks removing (unhooking)

SYSENTER/Int 2e hooks detection
· Detection of hooking sysenter instruction handler and system interrupt (IDT) hook

SYSENTER/Int 2e hooks removing (unhooking)
· Restoring original instruction (interrupt) handler

Hidden processes detection
· Detection of processes hidden from Windows API
· Most powerful in the world at current time
· Detection of processes with full path and name (unique)

Hidden processes terminating
· Including force-kill powered by PVASE
· (c) PVASE Process Virtual Address Space Erasing

Hidden processes dumping
· With ability to rebuild file for analysis

Hidden drivers detection
· Detection of drivers hidden from Windows API
· combines four different methods of detection and including special five (c) Stealth Walker technology
· and six (c) KMSE - Kernel Memory Scanning Engine

Hidden drivers dumping
· Unique feature that gives you ability to make dump of selected driver

IRP hooks detection
· Look for "References" column on the Hidden Drivers Detector page

Detection of API-based hooks (Code Hooks Detection)
· Includes most powerful at this time inline (splicing) hooks detection in drivers and libraries. Detected hooks: on functions and on IRP's (for drivers)

Detection of hidden libraries
· As part of Code Hooks Detector page. Displays address (if can be determined) of hidden library

Hidden files detection
· Includes detection of files hidden from Windows API on the disks. Supported file systems are: FAT32 and NTFS (full support - including ADS).

Low level files operation
· Wipe/Copy functions for visible and hidden files (including ADS).

Update system
· Can check our server for program updates

Report generation
· Automatically generates report with all needed information (not huge and useless like in others programs)

Program self-protection
· Contains some methods that are able to prevent some malware from interrupting work of program. Includes internal integrity checking and antidebugging

What's New in This Release: [ read full changelog ]

· Improved: overall speed of all scanning engines
· Fixed: some bugs in ILHA hooks detection engine
· Further internal optimisation
· VM detection moved as separate function in "Tools" menu
· Updated: program help file