WHAT ARE ROOTKITS? They’re nasty little tree-like creatures that hide and grow their roots in your computer and wreak havoc on it, that’s what they are!
Actually, a rootkit was originally a Unix term, having to do with granting root access to a file or person. And even now a rootkit is not really a bad thing in itself, it’s just that they are being used to do bad things to your computer.
Sometimes referred to as the ultimate backdoor, a rootkit is software that loads when you boot, or reboot, your system. Hackers can put trojans, viruses, spyware, and the like inside the rootkit.
This software can manipulate files and logs so that there is no trace of it, and it can remain undetected for years. A rootkit will remove all traces of a particular piece of malware so that your anti-virus doesn’t see anything. It can erase entries from log files. It can make directories, files, and processes invisible.
So how can you know if you have a rootkit on your machine?
Sysinternals from Microsoft’s TechNet has a freely downloadable program called RootKit Revealer that will check your system for rootkits. It runs on Windows NT and higher.
They also have a long page of information on Rootkits – what they are and how they work, plus lots of info on how to use RootKit Revealer. If you’re not a techie, don’t be scared – it isn’t as difficult as they make it look. Forget the command line stuff and just run it in default mode.
You’ll find the download link near the bottom of the page, or you can just
download the zip file from here. (no longer available) Happy hunting!