Site icon Tech Tips » Surfnetkids

Rootkits: An Inside Look

Switch to Desktop/Mobile View

Most people are familiar with viruses, worms and other malware that can infect and damage your computer but most people are not familiar with rootkits. A rootkit is computer software that allows people to control other computers from a remote location. For example, you can control a computer from hundreds of miles away without the computer’s owner knowing that you are controlling their computer. Using a rootkit, one can execute files, access log files, change the configuration of a computer and monitor activities on that same computer.

It’s important to understand that rootkits are unique computer software because they have legitimate and malicious uses, depending upon who is using the software. Although rootkits can be used for good purposes, by parents or employers, for example, most of the media coverage about rootkits is focused on how they can inflict great harm on a computer. This is likely because most people using rootkits are hackers who are using them to gain access to your personal or business computers.

All of this said, it is important to know how to detect rootkits and how to protect your computer from them. You will also need to know how to get rid of a rootkit if your system is compromised by one.

When it comes to detecting rootkits, there are two important points to know about rootkits. First, there are several different types of rootkits, including memory and kernel rootkits. The second important point to remember is that software meant to detect and remove viruses, Trojans and other malware probably will not detect rootkits in your computer system. Because rootkits are not actually viruses, but a complex form of malware, while there are programs that can and will detect some rootkits, they will not detect and uninstall rootkits automatically in your computer system, as they would a virus or Trojan. The best thing that you can do to detect rootkits is to be vigilant and know your system. If things are happening or changing that you know you didn’t do or change, run a scan to rule out virues, Trojans and other malware. Also, try to log into your e-mail, bank and maybe another account that would hold sensitive information as hackers will log in to your computer as you and change your passwords or security questions. Keep track of when you’re accessing accounts and cross-check your dates and times with what your account logs show. If you’re keeping records diligently and there are times or dates listed that are not in your records, first notify the entity, your bank, for example, by phone. If sensitive information is changed without your knowledge, that is a strong indicator that your system is infected with a rootkit.

Protect yourself from rootkits by keeping your anti-virus software updated, making sure that your firewall is always on and that you install all updates for your operating system and other software programs as, most of the time, rootkits actually attach themselves to other viruses to invade your system.

Now that you know what to look for when trying to detect rootkits the next thing you need to know is how to get rid of rootkits, should you discover one. While there is no software available that will automatically detect and remove rootkits in general, there are some that will target specific rootkits. Once you confirm that you’ve become a victim of a rootkit the best thing that you can do, unfortunately, is to rebuild your entire system which involves erasing everything on your hard drive and rebuilding your hard drive.