Rootkit Revealer is a rootkit detection utility that runs on Windows NT 4 and higher versions. The output of this utility provides Registry and file system API discrepancies that may designate if there is any user-mode or kernel-mode rootkit.
This utility is highly powerful to detect numerous stubborn rootkits, excluding those rootkits that never put any efforts to hide their files or registry keys.
A Rootkit is a term which is used to describe the methods and practices which a malware employs to hide its presence from antivirus/spyware blockers and system management utilities.
The rootkits such as AFX, Vanquish, and HackerDefender, affects the system by making a change in the API results, which in turn make a huge difference in a system view using APIs and the actually stored view of the system. This utility compares the system scan results, from the highest level to the lowest level, where highest level consists of the Windows API and the lowest level consists of the raw content of the Registry stored on-disk or a file system volume.
Therefore, user mode rootkits or kernel mode rootkits, whosoever operates the Windows API or built-in API with the aim of removing their existence from a directory listing, will get caught by RootkitRevealer as a discrepancy between the information on Windows API and that observed in the raw scan.
The utility scans your PC effectively and lists down all Registry and discrepancies found in the API of the file system that may contain kernel-mode or user-mode rootkit. The results of the scan make this freeware highly efficient to detect the popular rootkits.
The scan can be done manually or automatically, where there is no definitive way to interpret the output and to determine if a rootkit is present. But all reported discrepancies are required to be examined to ensure that a rootkit has been installed. Simply, look for rootkit removal instructions over the web, and if nothing found, just reformat the hard disk and install Windows again.