In fighting viruses, malware, trojans and spyware, it’s important to know your enemy. A rookit is your biggest enemy and the hardest to fight. Understanding rootkits are your only hope of ridding your machine of them. They can do an enormous amount of damage. I was about to write a long explanation on this and then I found this great explanation over on Online-Tech-Tips.
The term rootkit or root kit originally referred to a maliciously modified set of administrative tools for a Unix-like operating system that granted root access. If an intruder could replace the standard administrative tools on a system with a rootkit, the modified tools would allow the intruder to maintain root access over the system while concealing these activities from the legitimate system administrator.
In Windows world, the term rootkit is also used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities.
A free rootkit revealer from Sysinternals is a very lightweight tool that I use to scan for probable rootkit anomalies. The tool doesn’t tell you if the anomalies are good or bad. Some that are hidden from the Windows API are valid like ongoing file downloads.
You should examine all discrepancies and determine the likelihood that they indicate the presence of a rootkit. Unfortunately, there is no definitive way to determine, based on the output, if a rootkit is present, but you should examine all reported discrepancies to ensure that they are explainable.
If you determine that you have a rootkit installed, search the web for removal instructions. If you are unsure as to how to remove a rootkit you should reformat the system’s hard disk and reinstall Windows.
Download from the Sysinternals Site
Did you find this information helpful? Leave a comment………..
___________________
advertisement
[ad#banner2]
