PCHunter is a toolkit with access to hundreds of settings including your kernels and kernel modules, processes, network, startup and a whole lot more. It was designed to help spot and remove malware including rootkits.
PCHunter is a toolkit with access to hundreds of settings including your kernels and kernel modules, processes, network, startup and a whole lot more. It was designed to help spot and remove malware including rootkits.It's geared more towards the geek, and the main purpose is finding and removing malware, but it can do so much more. It's not that the interface is horrible, but it can easily be confused with an all in one tweaking program, which it is not. PCHunter Features: Process ManagerView system process and thread basic information.Detect hidden processes, threads, process modules.Terminate, suspend and resume processes and threads.View and manipulate process handles, window, and memory regions. Kernel Module ViewerDisplay kernel module information including ImageBase,Size,Driver Object,ImagePath,ServiceName and Load Order.Detect hidden kernel modules.Unload kernel module(dangerous).Dump kernel image memory.Display and delete system driver service information. Hook DetectorView and restore SSDT, Shadow SSDT, sysenter and int2e hooks.View and restore FSD and keyboard dispatch hooks.View and restore kernel code hooks including inline kernel hooks, patches, usermodeIAT and EAT hooks.View and user mode process hooks including inline hooks, patches, IAT and EAT hooks.View and restore message hooks(both global and local).View and restore kernel ObjectType hooks.Display Interrupt Descriptor Table(IDT). System Callback ViewerDisplay and remove Kernel Notifications(Process/Thread/Image/Registry/Lego/Shutdown/Bugcheck/FileSystem/Logon). Network ViewerDisplay current network connections, including the local and remote addresses and state of TCP connections.View and delete IE plugins and context menu.View and restore Tcpip dispatch hooks.Display Winsock providers(SPI).View and edit hosts file. Filter ViewerView and remove filters for common devices including disk, volume, keyboard and network devices. Registry ViewerView and edit system registry.Detect hidden registry entries using live registry hive analysis. File ExplorerDetect hidden files using both disk analysis and driver methods.View and delete locked files and folders.View file basic information including NTFS Alternate Data Streams. Autorun ManagerDisplay and delete common autorun entries. Service ManagerDisplay Win32 service information (for Ring0 modules, it is included in Kernel Module Viewer).Change service status and configuration. DPC TimerEnumerate and delete DPC Timer objects. MiscellaneousView and repair common filetype assosications.View and repair image hijacks.Download