A rootkit is a malicious type of software which hides its presence in your PC. This type of malware is very stealthy since it positions itself in the inner most layers of the operating system to avoid detection by your antivirus/anti-malware program. For this reason rootkits can be challenging to identify and remove since they are very difficult to locate in your PC’s operating system. Sometimes even computer experts have a difficult time locating them.
Once a rootkit is hidden deep within your PC it is designed to alter your PC’s software and hardware which can compromise the operating system and create unexplained events during normal computing tasks. A rootkit uses malicious methods to enter your PC including sneaking past your antivirus/anti-malware program or entering through a vulnerability in a program or application. Once it is present, it is used to perform malicious acts such as spying on your activities, recording personal information, hijacking your computer to commit criminal acts, creating a backdoor to take control of your PC, and other malicious intentions.
It is extremely difficult to identify a rootkit. However, if you have a handle on the different types of rootkits that exist and the symptoms they exhibit, you stand a better chance of identifying and removing a rootkit from your PC.
Dissemination of a Rootkit
Rootkits are unable to disseminate on their own and instead have a triple part process for entering your PC. The installation of the rootkit is initiated by what is known as a dropper. When the dropper is activated by the user it starts the loader which then removes itself. The loader is responsible for creating a buffer overflow which allows the rootkit to install itself into the operating system.
Symptoms of Rootkits
Rootkits produce a variety of different symptoms when they are present in your PC’s operating system. Depending upon the type of rootkit which has been installed on the operating system you will experience a variety of unexplained events. This is because a rootkit has third party administrator control in which the third party user can change computer settings, execute and hide files, and take control of the software on your PC. Here are a few of the symptoms you may experience:
• Unexplained System Crashes: Your PC may crash for no apparent reason and the crash may be preceded by strange behavior in the operating system. These are usually symptoms of a kernel mode rootkit which takes control of the operating system.
• Problems with System Drives and Disappearing Files: You may experience problems with your operating system drives or your files may disappear. You may also have difficulty with network access and different services on your PC, and you may notice your Windows settings have been altered. These are symptoms of a user mode rootkit which runs on the administrative privileges of your PC and copies the files to your hard drive so they will restart every time you start up your PC.
• Hardware Problems: Hardware problems can occur such as problems during initialization and difficulty with connecting digital devices. These problems among others associated with hardware can be a symptom of a firmware rootkit. This type of rootkit is very difficult to locate since it hides in the firmware or BIOS (basic input/output) of your PC and reinstalls every time you boot up. The worst part about a firmware rootkit is if you are lucky enough to find it, it can reinstall itself again the next time you start your PC.
The type of rootkit which is present on your PC will determine how well your PC can be cleaned. For example, if the rootkit is capable of reinstalling itself even after you have cleaned your registry or removed the files manually from the registry, you may have to choose another route such as a professional rootkit remover.
There are a number of reputable applications from vendors such as Microsoft and Sysinternals which are capable of detecting a rootkit. Once a rootkit has been detected, the worst case scenario for completely removing it is to wipe the entire hard drive clean and then reinstall the operating system.
You can also take additional security measures to protect your PC from the future presence of a rootkit. There are a variety of reputable anti-rootkit software programs which will scan your PC regularly for signs of a rootkit. This type of software is often used in conjunction with a quality antivirus/anti-malware program and regular security updates. Although there is no 100 percent foolproof application, if you take a few extra security measures, this may reduce your chances of having to endure the headaches of trying to locate and remove a rootkit from your PC.