Rootkits

A rootkit is a software system that consists of a program or combination of several programs designed to hide or obscure the fact that a computer system has been compromised. Contrary to what its name implies a rootkit does not grant you administrator access as it requires prior access to execute and tamper with security files and processes.

A hacker may attempt to use a rootkit to replace vital system executables which may then be used to hide processes and files the hacker has installed along with the presence of the rootkit. A rootkit is intended to seize control of the operating system. Typically rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security mechanisms.

Often they are Trojans as well thus fooling users into believing they are safe to run on their systems. Rootkits may also install a “backdoor” in a system by replacing the login mechanism with an executable that accepts a secret login combination which in turn allows an attacker to access the system regardless of changes to the actual accounts on the system.

Fundamentally, rootkits let an otherwise standard user perform tasks requiring admin rights, including but not limited to installing all sorts of software applications onto the targeted computer. Due to their stealthy nature, Rootkits are not only able to conceal their presence on the PC, but also draw a veil over any program installed with their help. These functionalities turn Rootkits into an effective means of smuggling malicious software into computer systems. The implications may vary from simple eavesdropping or monitoring to remote code execution and even ensnaring the host PC into a botnet.

Landing on the PC

While planting a Rootkit onto your PC may be child’s play for a hacker, the latter will have to acquire administrator rights if he/she wants actually to install the rootkit. To gain privileged access, the attacker will need to take advantage of existing software vulnerabilities. Should this fail to yield any results, he/she may try to take possession of your administrator password, either by launching a brute force attack or by deploying some social engineering tricks, say, phishing techniques. Should the attack bear fruit, the intruder will be able to manage your entire PC system. That includes breaking down all barriers to a Rootkit installation, too.

Symptoms

In spite of their secretive nature, Rootkits still leave a trail of footprints indicative of such an infection. So, whenever your system experiences

  • anti-malware program crashes
  • abnormally high network traffic in idle mode
  • sudden changes in your OS settings or
  • freezing USB input devices, there is ample room for concern for an ongoing Rootkit infection.

Consequences

Once a Rootkit has infiltrated your PC, it is likely to remain firmly planted on it. Moreover, it has quite a good chance of lingering on for weeks, months, or even years on end because Rootkits are inherently hard to detect. They may be configured to target various parts of a computer system. While some may affect system memory, others could attack the firmware. Still others may reach as far as the kernel itself. Each Rootkit type requires a different detection technique and is subject to a different removal procedure. What is more, the Rootkit itself may — and most probably will — impede detection by subverting the anti-virus software designed to catch it (yes, Rootkits are capable of doing that). Last but not least, Rootkits can be configured to not only pave the way for backdoor attacks but also conceal the malware’s existence subsequently.

Removal

Rootkits’ dogged persistence and robust self-defense mechanisms may turn pretty much any removal attempt into a somewhat arduous task. Nevertheless, removing a Rootkit is possible, as long as you employ the right method. The table below outlines the three main Rootkit types and their corresponding removal methods:

Rootkit Type Removal Method
Memory Rootkits Signature scan and memory dump analysis
Kernel Rootkits New clean OS installation
Firmware Rootkits Hardware replacement

Memory-embedded Rootkits are best identifiable via the so-called memory dump — a process which examines the system’s memory contents for any system problems and errors. It provides a detailed snapshot of the computer’s state before any crashes or failures. Kernel Rootkits, on the other hand, get to the very heart of the operating system by modifying the kernel. As a result, they become an integral part of the OS, load in parallel with the OS during startup, and are fully capable of curbing any system call, process, or data that may expose them to the user. Finally, firmware-tailored Rootkits may go as far as damage your main hardware and peripheral equipment beyond repair, forcing you into shelling out good money on replacements.

Also, many anti-malware program vendors have already integrated specialized Rootkit scanners into their software solutions. For the time being, however, security researchers cling to the idea that the best way to neutralize a Rootkit infection is to install a clean OS image.

How Can You Detect Rootkits? Check for Rootkits with SpyHunter!

SpyHunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like Rootkits as well as a one-on-one tech support service.

* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy, Cookie Policy & Special Discount Terms. See more Free SpyHunter Remover details.

There are currently 84 articles listed on rootkits.

Name Threat Level Detection Count Date
BackDoor-Spyeye!rootkit February 15, 2010
BDS/ZAccess.AL 100 % (High) 0 October 25, 2012
BDS/ZAccess.V 100 % (High) 0 August 23, 2012
Crisis 100 % (High) 0 August 22, 2012
Facefish Backdoor June 1, 2021
Gen.Rootkit December 9, 2010
Generic Rootkit.ej March 2, 2010
Generic Rootkit.g 60 % (Medium) 0 August 12, 2009
Hack Tool.HOC October 1, 2010
LoJax October 8, 2018
Mal/ZAccess-D 100 % (High) 1 December 12, 2011
MBR:Alureon-K [Rtk] December 2, 2011
MBR:Alureon-L 100 % (High) 0 December 20, 2012
Mebroot March 18, 2015
Moriya Rootkit May 7, 2021
MosaicRegressor October 6, 2020
NTOSKRNL-HOOK July 22, 2009
Perkiler Malware Description March 27, 2021
Phase Bot 80 % (High) 1 January 13, 2015
Podnuha!sd6 August 4, 2009
Rootkit TDSS.d 80 % (High) 2 August 23, 2011
Rootkit Win32.tdss.mbr November 10, 2010
Rootkit.0access.H 100 % (High) 0 March 7, 2012
Rootkit.Agent/Gen-Local June 3, 2011
Rootkit.Boot.Cidox.b 100 % (High) 0 May 29, 2012
1 2 3 4

Search by Letter:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9