capsule review

McAfee Rootkit Detective

At a Glance
  • Generic Company Place Holder McAfee Rootkit Detective

Rootkits--a stealth technology used by malware writers to hide their creations on your PC--are notoriously difficult to find and purge. McAfee's free Rootkit Detective aims to help with that.

Installing the app was a breeze, and getting scan results took just 5 minutes on my system. You can choose from five display options: View hidden processes and files, View hidden registry keys/values, View hooked services, View hooked imports/exports, View all processes. However, it's highly technical data, with no hints as to whether a hidden file or process might be a rootkit or part of a legit application. You definitely don't want to take any action based on what it finds unless you either get help or really know what you're doing (a fact McAfee acknowledges on the tool's download page).

If you know something is malicious, you can choose to rename files, delete registry entries or terminate processes. If you're not sure but are suspicious, you can get help from McAfee by selecting a file using the check-box next to it and then clicking the Submit button to send the info to the firm for analysis (this option only works for files, not other items in the scan). In that Submit window, enter your e-mail address and anything you might know or suspect about the file, then click Send. A McAfee tech will get back to you.

Tip: It's hard to read the information in the non-resizable program window, so try reading it in the data in the scan log. The log sits as a .txt file in the location you choose before the scan.

--Erik Larkin

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
At a Glance
  • Generic Company Place Holder McAfee Rootkit Detective

Shop Tech Products at Amazon