Rootkit

Rootkit

Rootkits are becoming more and more prevalent and are an incredible danger to desktop users. A Rootkit is a set of tools that are programmed to install on a computer without a user’s knowledge, and give the attacker full control over the system with administrator’s rights access, this is why they are so dangerous.

Spyware is an entirely different setup to Rootkits most of the time they can be removed without problems.

This is not the case with Rootkits.

Rootkits are an incredibly dangerous form of malware. They operate in all systems i.e. Windows, Linux, Unix, and even Mac systems. Rootkits hide malware that install a backdoor to allow an attacker to take full administrator rights and have complete access to the infected computer.

A Rootkit takes over your entire system and it does this by masking itself as a legitimate file, network connection, registry entry, etc.

Consequentially, anti-virus/spyware programs do not detect them because they think that the file is a genuine part of the operating system.

Once the computer has been hacked then the attacker can mask intrusion not just to that computer, but to other computers on the network.

Because of the way that Rootkits are programmed, there is no guarantee that you will rid yourself of a Rootkit due to its intricate (programming) code; in addition, removal will most likely damage your operating system due to its stealth capabilities. The stealth capabilities of Rootkits are the most frightening part of malware; Rootkits often hide malware along with themselves. Because Rootkits do so much damage if left undetected, a new install of your operating system is practically inevitable.

Because Rootkits have now become a pandemic issue, McAfee, Panda, Symantec, and other internet security manufacturers are now bringing out online scanning tools just for Rootkits. There are also Rootkit-removal software programs that have now come out with “Anti-Stealth technology”, which appear to work.

Below is a short list of sources

Rootkill Remover Software

[] Avira AntiRootkit Tool is geared towards the advanced user. It scans registry entries, processes and files hidden to the user. It provides all necessary information and allows for quarantine.

[|http://www.f-secure.com/en/web/home_glo ... y/overview] Blacklight Even though many experts agree that reinstalling your operating system is the only sure way to get rid of a Rootkit infection, f-secure disagrees and says that Blacklight detects Rootkits in worms and spyware. This program uses “anti-stealth technology” with good results, the company reports.

[] Prevx This program boasts that it has the “largest real-time threat database”. Written up by PC World for the Editor’s Choice Award for 2009, this program does super-fast 1-2 minute scans, alerts you if your pc is infected, and includes free removal of adware. This program has powerful Rootkit detection capabilities. A highly recommended program. And pleasingly this software is free.

[] RootkitBooster (Trend Micro) From the manufacturers of HijackThis comes RootkitBooster. This program scans hidden files, registry entries, processes, drivers, and Master Boot Record (MBR) Rootkits. You can also clean hidden files or registry entries. A very handy program.

[|http://www.mcafee.com/us/downloads/free ... inger.aspx] Rootkit Detective (McAfee) From the well known anti-virus software provider. This is inclined to be geared towards knowledgeable people. It scans all processes for Rootkits; and is a fairly new Rootkit tool.

[|http://www.sophos.com/products/free-too ... otkit.html] Sophos Claimed by experts to be the best, Sophos detects and removes any Rootkits installed on your system. It is easy to use, making the removal of Rootkits a breeze, and without compromising your system. This program is free; there are upgrades available, along with a nice list of security software.

[|http://technet.microsoft.com/en-us/sysi ... 97445.aspx] Systernals Rootkit Revealer From the publisher: “RootkitRevealer is an advanced Rootkit detection utility. RootkitRevealer successfully detects many persistent Rootkits including AFX, Vanquish and HackerDefender (Note: RootkitRevealer is not intended to detect Rootkits like Fu that don't attempt to hide their files or registry keys).”

[] UnhackMe Another program is UnhackMe this you will find is used by a great deal of malware-busting forums. UnHackMe detects hidden registry entries, processes, services, drivers, etc. It also detects and removes trojans, adware, and spyware. It has a fully functional evaluation version. However, it does solicit after the evaluation period a purchase.

Sites to check out:

[] Rootkit.com - A pretty advanced website dedicated to Rootkits.

[] AntiRootkit.com - A great website with lots of Rootkit downloads and articles to educate you on Rootkits. It also has a pretty extensive list of Rootkit removal tools.

Thus you should make sure of these three things:

1. Make sure that you have security programs installed and running. (Please note that it has to be anti-Rootkit software – remember that anti-virus programs miss Rootkits a lot of the time)

2. Make sure that you install the latest security updates.

3. Make sure that all of your anti-Rootkit software is up-to-date; there are newer versions and patches that must be downloaded so as to keep your system protected against any new-emerging threat. 