Rootkit+explanation+of

Rootkit explanation of

Rootkit are becoming more and more prevalent and are an incredible danger to desktop users. A Rootkit (or root kit, it doesn’t matter how you spell it) is a set of tools that are programmed to install on a computer without a user’s knowledge and give the attacker full control over the system with administrator’s rights access.

It is correct to say that all spyware is installed without a user’s knowledge. Some are annoying, and some can mess with your computer pretty badly; however, with a bit of help from the forums and spyware removal software, most of the time you can get rid of it without doing a complete reinstall.

This sadly is not the case with Rootkit. Rootkits are an incredibly dangerous form of malware. They do not discriminate when it comes to operating systems; Windows, Linux, Unix, and even Mac systems are vulnerable. Rootkits hide malware that install a backdoor to allow an attacker to take full administrator rights and have complete access to the infected computer.

A Rootkit takes over your entire system and it does this by masking itself as a legitimate file, network connection, registry entry, etc., thus anti-virus/spyware programs do not detect them because they think that the file is a genuine part of the operating system. Once the computer has been hacked then the attacker can mask intrusion – not just to that computer, but to other computers on the network. Because of the way that Rootkit are programmed, there is no guarantee that you will rid yourself of a Rootkit due to its intricate (programming) code; in addition, removal will most likely damage your operating system due to its stealth capabilities. The stealth capabilities of Rootkit are the scariest part of malware; Rootkit often hide malware along with themselves (Can anyone say “Rootware”?). Because Rootkit do so much damage if left undetected, a new install of your operating system is practically inevitable. Because Rootkit have now become a pandemic issue, McAfee, Panda, Symantec, and other internet security manufacturers are now coming out with online scanning tools just for Rootkit. There are also Rootkit-removal software programs that have now come out with “Anti-Stealth technology”, which seems to be working. So where do you find all of this stuff to prevent, detect, and destroy? Below are links to various resources concerning Rootkit. RESOURCES Rootkitll Remover Software Avira AntiRootkitt Tool Avira AntiRootkitt Tool is geared towards the advanced user. It scans registry entries, processes and files hidden to the user. It provides all necessary information and allows for quarantine. Blacklight Even though many experts agree that reinstalling your operating system is the only sure way to get rid of a Rootkitt infection, f-secure disagrees and says that Blacklight detects Rootkit in worms and spyware. This program uses “anti-stealth technology” with good results, the company reports. htpp://%20info.Prevx.com/downloadcsi.asp This program boasts that it has the “largest real-time threat database”. Written up by PC World for the Editor’s Choice Award for 2009, this program does super-fast 1-2 minute scans, alerts you if your pc is infected, and includes free removal of adware. This program has powerful Rootkitt detection capabilities. A highly recommended program. This software is free. RootkittBooster (Trend Micro) From the manufacturers of HijackThis comes RootkittBooster. This program scans hidden files, registry entries, processes, drivers, and Master Boot Record (MBR) Rootkit. You can also clean hidden files or registry entries. A very handy program. Rootkitt Detective (McAfee) From the well known anti-virus software provider. Kind of geared towards knowledgeable folks. It scans all processes for Rootkit; a fairly new Rootkitt tool. http:/www.Sophos.com Claimed by experts to be the best, Sophos detects and removes any Rootkit installed on your system. It is easy to use, making the removal of Rootkit a breeze, and without compromising your system. This program is free; there are upgrades available, along with a nice list of security software. Systernals Rootkitt Revealer From the publisher: “RootkittRevealer is an advanced Rootkitt detection utility. RootkittRevealer successfully detects many persistent Rootkit including AFX, Vanquish and HackerDefender (Note: RootkittRevealer is not intended to detect Rootkit like Fu that don’t attempt to hide their files or registry keys).” I very highly recommended program. UnhackMe Another highly recommended program, UnhackMe is used by a great deal of malware-busting forums. UnHackMe detects hidden registry entries, processes, services, drivers, etc. It also detects and removes trojans, adware, and spyware. It has a fully functional evaluation version; after the evaluation period you must purchase it to use it.

Online Scanners

F-Secure Online Scanner

Kapersky Online Scanner Pro

ESET Online Scanner

Panda ActiveScan 2.0

Sites to check out

Rootkitt.com – A pretty advanced website dedicated to Rootkit. AntiRootkitt.com – A great website with lots of Rootkitt downloads and articles to educate you on Rootkit. It also has a pretty extensive list of Rootkit removal tools. In a nutshell, a Rootkitt can cause serious damage to your computer and if you don’t detect and get rid of it, will lead you to a complete re-install. Thus you should make sure of these three things: 1. Make sure that you have security programs installed and running. (Please note that it has to be anti-Rootkit software – remember that anti-virus programs miss Rootkit a lot of the time) 2. Make sure that you install the latest security updates. 3. Make sure that all of your anti-Rootkit software is up-to-date; there are newer versions and patches that must be downloaded so as to keep your system protected against any new-emerging threat. S

Please post your comments in :- [|Queries and Comments]

To print off for your Crib Sheet:- Copy and Paste to Word.doc then Print  