What is a RootKit & How To Remove a Rootkit?

Rootkits are the applications that help hide various malware on your computer. Rootkits were originally intended to help control a failing or unresponsive computer, but today, rootkits are used to help intruders get access to computers and networks without detection. The main objective of a rootkit is to hide the fact that a computer has been infected by malware.

Manners of infection
A rootkit cannot do anything before it is installed in your system. Installation of a rootkit needs the attacker to gain administrator access to your computer, which can be accomplished by having physical access to your system. Furthermore, the installation of a rootkit can also be done by an administrator if it is coupled with a Trojan and you unknowingly launched it.

Damages on an infected computer
If a rootkit is successfully installed on your system, the intruder can deal a lot of damage to your computer without you knowing about its existence. Vital system executables can be replaced by an attacker, which he can use to hide processes and files that he has installed on your system, along with the presence of the rootkit. There are many other utility tools that can be used to exploit your system which can be hidden using rootkits. These include tools like sniffers and keyloggers. Keyloggers are a type of spyware that is used to record every keystroke you make on your keyboard. All your passwords, credit card numbers, and e-mails are recorded and sent back to the hacker.

Another possible form of abuse is using a compromised computer as a staging ground for further abuse to other computers, making you appear as the attacker to other computers! Moreover, having a rootkit installed on your computer entails that the intruder has the capability of changing your system’s configurations, as well as accessing log files or monitoring activity to covertly spy on your computer. Sometimes such programs can eventually slow the computer down so substantially that it becomes virtually useless.

Rootkit removal
Your skills and effort exerted to detect and delete rootkits will be better spent re-installing the operating system from scratch. You may think I’m joking but the fact is, even if you detect the rootkit, it is difficult to be completely sure that you have removed every piece of it. Despite this seemingly insurmountable task of removing a rootkit, several vendors, including Microsoft, F-Secure, and Sysinternals, offer applications that can detect the presence of rootkits.

Prevention is better than cure
After reinstalling your operating system and making sure that all your files are rootkit free, your main goal now is to prevent the infiltration of another rootkit. If the integrity of the system install disks is trusted, cryptography can be used to monitor the integrity of the system. By “fingerprinting” the system files immediately after a fresh system install and then again after any subsequent changes made to the system, like installing new software, the user or administrator will be alerted to any dangerous changes to the system’s files. You must also keep in mind that most rootkits are launched via Trojan so be careful with your e-mail attachments and software downloads.



Leave a Reply

Your email address will not be published. Required fields are marked *