Table of contents: 1. What are rootkits? 2. How to determine that your computer has a rootkit 3. How to remove rootkits
WHAT ARE ROOTKITS
Rootkits are harmful programs that penetrate computers in various ways. For example, a rootkit may get into your computer along with a program downloaded from the Internet, or with a file from any message. By activating rootkit on his computer, user actually allows attackers to access his PC. After activation, rootkit makes changes to the Windows registry and library, opening the possibility for its “owner” to manage this computer.
Regular antivirus products can “catch” the rootkit at the stage when it is downloading from the Internet and loading. But after the rootkit had already made changes to the system, they do not see that the virus has hit the computer and cannot solve the problem.
For example: The rootkit got its way into the user’s computer. After some time, the Internet provider disconnected it from the network, explaining it with a “massive flood”. As it turned out, the user’s computer was distributing broadcast data packages to all network users at a speed of several thousand per minute through the network (whereas in a normal mode one user is able to send only 10-15 of such packages).
There are hundreds of ways for hackers to use rootkits on a user’s computer. So it is obvious that these viruses are extremely dangerous, and you should not allow them to infect your PC.
Please pay attention: Sometimes rootkits penetrate computers quite legally, along with one of the programs downloaded from the Internet. Users rarely read license agreements, and inside those agreements program creators may specify that a rootkit will be installed along with their application.
HOW TO DETERMINE THAT YOUR COMPUTER HAS A ROOTKIT
In terms of detection rootkit is an extremely unpleasant virus. Not all antivirus programs are able to see it, especially after it was infiltrated into the system. In addition to that, there are practically no obvious signs that the rootkit had “settled” in a computer. Among the signs that may indicate the presence of a rootkit on a computer, it is worth highlighting:
- Sending really large amounts of data over the network while all applications interacting with the Internet are deactivated. Unlike many “common” viruses, rootkits often mask this factor, since many of them work in a “manual” mode. It means that the data cannot be sent en masse all the time, but only at some certain moments, so it’s very difficult to “catch” this case.
- Computer is freezing. Depending on what actions the owner of the rootkit is performing with the victim’s computer, the hardware load varies. If for some unknown reason your computer (especially a low-power one) is permanently freezing, and it’s difficult to connect this fact to some kind of activity of any running applications, it’s probably the infectious rootkit’s fault.
HOW TO REMOVE ROOTKITS
Antivirus discs are the best remedies for rootkits. Many large companies specializing in fighting viruses offer their antivirus solutions. Windows Defender Offline and Kaspersky Rescue Disc are doing very well in these matters.
Choosing anti-virus disc to fight rootkits has to be done with the consideration that viruses cannot prevent the system from being checked when the antivirus disc is started. This is due to the fact that antivirus discs work when Windows itself is not running, and associated programs, including viruses and rootkits, are not running along with it.
There are also several applications that are effective in fighting rootkits:
- TDSSKiller (from Kaspersky);
- Dr.Web Cureit;
- AVZ.
All these utilities are distributed free of charge, and they can easily cope with common rootkits.