McAfee表示，Rootkit Detective可察覺潛在的系統執行程序、註冊登錄及檔案，以讓使用者可安全移除或關閉這些惡意活動，此外，Rootkit Detective也可掃描個人電腦的核心記憶體並顯示任何的修改，以讓使用者了解系統是否被入侵。
McAfee Rootkit Detective 1.0 is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system.
McAfee Rootkit Detective should only be used by knowledgeable individuals at the direction of, and with the support of, a representative from McAfee Avert Labs or McAfee Technical Support. Improper usage of this tool could result in damage to your applications or operating system.
Following are the features of this program that are designed to proactively detect and clean rootkits from the system. This program is not dependent on any signatures and can proactively detect most of the existing and upcoming rootkits and allow the user to clean them.
* Designed to proactively detect the system objects like processes, files and registry that are hidden to the user.
* Provides information about all running processes in the system.
* Provides information about various system hooks like SSDT(System Service Descriptor Table) hooks, user/kernel IAT/EAT(Import/Export Address Table) hooks.
* Allows the user to clean/remove the malicious objects from the system by renaming/deleting the hidden files/registry.
* Allows the user to terminate the malicious processes.
* Users can submit samples using the submission feature present in the tool.
* Users can also collect the samples manually after renaming them and submit to firstname.lastname@example.org for further analysis.
Rootkit Detective log file contains details of the hidden files. The files once renamed after reboot will have a .REN extension. User can search for the same on the system and can submit these files for further analysis with your comments to email@example.com. Zip the files and password protect with “infected” and mention “Rootkit Detective” in the subject line when you send the mail.
Supported Operating Systems
* Windows XP Home Edition with SP2
* Windows XP Professional Edition with SP2
* Windows 2000 with SP4
* Windows 2000 Server
* Windows 2003 Server SP1