RootRepeal is a new rootkit detector currently in public beta. It is designed with the following goals in mind: Easy to use - a user with little to no computer experience should be able to use it. Powerful - it should be able to detect all publicly available rootkits. Stable - it should work on as many different system configurations as possible, and, in the event of an incompatibility, not crash the host computer. Safe - it will not use any rootkit-like techniques (hooking, etc.) to protect itself. Currently, RootRepeal includes the following features: Driver Scan - scans the system for kernel-mode drivers. Displays all drivers currently loaded, and shows if a driver has been hidden, and whether the driver's file is visible on-disk. Files Scan - scans any fixed drive on the system for hidden, locked or falsified* files. Processes Scan - scans the system for processes. Displays all processes currently running, and shows if a processes is hidden or locked. SSDT Scan - shows whether any of the functions in the System Service Descriptor Table (SSDT) are hooked. Stealth Objects Scan - attempts to determine if any rootkits are active by looking for typical symptoms. Hidden Services Scan - scans for hidden system services. Shadow SSDT Scan - counterpart to the SSDT Scan, but deals mostly with graphics and window-related functions. * - falsified files are files which have their size mis-reported to the Windows API. Some rootkits use this to hide data.