Rootkits are extremely difficult to detect because they modify or replace vital system files, then insert code to hide the rootkit and and it's payload from anti-virus.
The goal of a rootkit is to give an attacker complete access and control of the system- whenever the attacker wants.
Rootkits usually install trojans and keyloggers, which are also invisible to anti-virus when they are part of a rootkit.
There are 2 freeware tools designed to detect rootkits.
Take note that these are detection tools only- you have to manually remove the rootkit and related files.
More information on the two tools, and download links, are further down the page.
Those who download music should read the Wikipedia article on the highly controversial 2005 Sony Rootkit scandal.
Removing a rootkit is very time consuming, and requires a skilled system administrator.
If you find a rootkit on your computer, your best course of action may be to back up your data, then do a clean install of the system, or re-install the system from a rescue or backup image.
Be sure to scan your backed up data BEFORE moving it to your freshly installed system.
The best rootkit detection methods are to boot up from a live CD or USB flash drive equipped with up to date anti-virus, or slave the hard drive in another computer with up to date anti-virus, and scan.
To detect a rootkit using anti-virus, you must scan from outside the suspected rootkitted system using one of the above methods.
When scanning for rootkits, use advanced heuristics and rootkit detection if you have those options.
Rootkit Revealer is available at Microsoft TechNet. The tool is continually updated to cope with changes in rootkit threats.
Rootkit Revealer examines registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.
You have to determine whether or not items flagged by the scan are rootkit components.
Rootkit Revealer's download is near the bottom of the MS TechNet page linked to.
The other freeware tool which can be used to scan for rootkits is Eset's System Inspector.
In addition to it's use as a rootkit detector, System Inspector can be used to find lingering traces of other hard to remove infections.
For more information about rootkits use the FAQ/Glossary, links go to Wikipedia articles.
| Privacy Policy | Contact Us | ©2010 www.freeinternetsecurityguide.com
