EternalAntirootkit is a Windows anti-rootkit that improves detecting kernel based rootkit process hiding its existance by novel PIDB(Process ID Bruteforce). The details of the algorithm is in our paper, "Study on Detection Method and Development of the Kernel Mode Rootkit" and "Dual-Mode Kernel Rootkit Scan and Recovery with Process ID Brute-Force". This is a stable version of EternalAntirootkit and it currently runs on Windows 10.
onePunch_antiRootkit.exe
: Click the right mouse button and select "Run as administrator".
EternalAntirootkit currently works on only Windows and we tested on Windows 10. As a standalone software you do not need to install it. This program consists of 2 component, Windows system driver (.sys), and Driver loader (.exe). onePunch_antiRootkit.exe
loads system driver and scan rootkit.
Senario based demo video.