RootRepeal
Overview
RootRepeal was a free rootkit detection and removal tool developed by ADR. It was designed to identify hidden processes, stealth malware, and kernel-level hooks used by rootkits to evade traditional security software. RootRepeal was often used by malware analysts and security professionals for deep system analysis.
Features
- Detects hidden drivers, processes, and files.
- Scans SSDT, IDT, and inline kernel hooks.
- Identifies stealth malware that evades standard antivirus programs.
- Provides detailed system diagnostics.
- Portable and does not require installation.
Compatibility
RootRepeal was compatible with:
- Windows XP
- Windows Vista
- Windows 7
It has been discontinued and may not function properly on modern Windows versions due to enhanced security mechanisms.
Usage
- Download RootRepeal from a trusted security source.
- Run the executable as an administrator (no installation required).
- Select the scan options (Files, Processes, SSDT, Hooks, etc.).
- Start the scan and review the results for suspicious activity.
- Remove detected rootkits or consult an expert before making changes.
Pros & Cons
Pros
- ✔ Effective at detecting stealth rootkits.
- ✔ Lightweight and portable (no installation required).
- ✔ Provides deep system analysis.
Cons
- ✘ Discontinued and no longer updated.
- ✘ Requires advanced knowledge to interpret scan results.
- ✘ Not effective against modern rootkits.
Alternative Software
- GMER – A well-known rootkit detection and removal tool.
- TDSSKiller – Rootkit removal tool from Kaspersky.
- Malwarebytes Anti-Rootkit – Free tool for detecting and removing rootkits.
Developer
- Author: ADR
- Status: Discontinued (No longer maintained)
External Links
- (No official website available)
- May be found on archived security forums (use caution when downloading).