- Worldstart's Tech Tips And Computer Help - http://www.worldstart.com -

All About Rootkits

Keith from MA asks:

I have been seeing a lot about the dangers of “rootkits” around the internet. I went to your spyware terms page to find it out what it is and it is not listed. Could you tell me what it is?

My bad, I missed that one. I don’t know how I did, since it is one of the most dangerous threats out there! Here you go:

Rootkits are becoming more and more prevalent and are an incredible danger to desktop users. A rootkit (or root kit, it doesn’t matter how you spell it) is a set of tools that are programmed to install on a computer without a user’s knowledge and give the attacker full control over the system with administrator’s rights access.

But doesn’t all spyware install on a computer without the user’s knowledge? What’s different about a rootkit?

Let me delve into this a little bit deeper.

Yes, all spyware is installed without a user’s knowledge. Some are annoying, and some can mess with your computer pretty badly; however, with a bit of help from the forums and spyware removal software, most of the time you can get rid of it without doing a complete reinstall.

Not so with rootkits.

Rootkits are an incredibly dangerous form of malware. They do not discriminate when it comes to operating systems; Windows, Linux, Unix, and even Mac systems are vulnerable. Rootkits hide malware that install a backdoor to allow an attacker to take full administrator rights and have complete access to the infected computer.
A rootkit takes over your entire system and it does this by masking itself as a legitimate file, network connection, registry entry, etc., thus anti-virus/spyware programs do not detect them because they think that the file is a genuine part of the operating system. Once the computer has been hacked then the attacker can mask intrusion – not just to that computer, but to other computers on the network. Because of the way that rootkits are programmed, there is no guarantee that you will rid yourself of a rootkit due to its intricate (programming) code; in addition, removal will most likely damage your operating system due to its stealth capabilities. The stealth capabilities of rootkits are the scariest part of malware; rootkits often hide malware along with themselves (Can anyone say “Rootware”? I am not kidding.) . Because rootkits do so much damage if left undetected, a new install of your operating system is practically inevitable.

Because rootkits have now become a pandemic issue, McAfee, Panda, Symantec, and other internet security manufacturers are now coming out with online scanning tools just for rootkits. There are also rootkit-removal software programs that have now come out with “Anti-Stealth technology”, which seems to be working.

So where do you find all of this stuff to prevent, detect, and destroy? Below are links to various resources concerning rootkits.


Rootkill Remover Software

Avira AntiRootkit Tool
[1] Avira AntiRootkit Tool is geared towards the advanced user. It scans registry entries, processes and files hidden to the user. It provides all necessary information and allows for quarantine.

[2] Even though many experts agree that reinstalling your operating system is the only sure way to get rid of a rootkit infection, f-secure disagrees and says that Blacklight detects rootkits in worms and spyware. This program uses “anti-stealth technology” with good results, the company reports.

[3] This program boasts that it has the “largest real-time threat database”. Written up by PC World for the Editor’s Choice Award for 2009, this program does super-fast 1-2 minute scans, alerts you if your pc is infected, and includes free removal of adware. This program has powerful rootkit detection capabilities. A highly recommended program. This software is free.

RootkitBooster (Trend Micro)
[4] From the manufacturers of HijackThis comes RootkitBooster. This program scans hidden files, registry entries, processes, drivers, and Master Boot Record (MBR) rootkits. You can also clean hidden files or registry entries. A very handy program.

Rootkit Detective (McAfee)
[5] From the well known anti-virus software provider. Kind of geared towards knowledgeable folks. It scans all processes for rootkits; a fairly new rootkit tool.

[6] Claimed by experts to be the best, Sophos detects and removes any rootkits installed on your system. It is easy to use, making the removal of rootkits a breeze, and without compromising your system. This program is free; there are upgrades available, along with a nice list of security software.

Systernals Rootkit Revealer
[7] From the publisher: “RootkitRevealer is an advanced rootkit detection utility. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (Note: RootkitRevealer is not intended to detect rootkits like Fu that don’t attempt to hide their files or registry keys).” I very highly recommended program.

[8] Another highly recommended program, UnhackMe is used by a great deal of malware-busting forums. UnHackMe detects hidden registry entries, processes, services, drivers, etc. It also detects and removes trojans, adware, and spyware.

It has a fully functional evaluation version; after the evaluation period you must purchase it to use it.

Online Scanners

F-Secure Online Scanner

Kapersky Online Scanner Pro

ESET Online Scanner

Panda ActiveScan 2.0

Sites to check out

Rootkit.com [13] – A pretty advanced website dedicated to rootkits.

Antirootkit.com [14] – A great website with lots of rootkit downloads and articles to educate you on rootkits. It also has a pretty extensive list of rootkit removal tools [14].

In a nutshell, a rootkit can cause serious damage to your computer and if you don’t detect and get rid of it, will lead you to a complete re-install. Thus you should make sure of these three things:

1. Make sure that you have security programs installed and running. (Please note that it has to be anti-rootkit software – remember that anti-virus programs miss rootkits a lot of the time)

2. Make sure that you install the latest security updates.

3. Make sure that all of your anti-rootkit software is up-to-date; there are newer versions and patches that must be downloaded so as to keep your system protected against any new-emerging threat.

Spyware. Gotta love it, huh? Keep a close eye on your system so that nobody else can!