What are root kits
Root kits are a set of software tools frequently used by an intruder after gaining access to your computer. These tools can hide running processes, files, and system data, which helps the intruder access your system without your knowledge. Root kits are considered computer trojans.
Risks of root kits
The risks after your computer has been "rooted" (infected by a root kit) are denial of service attacks, key loggers, email spam, access to your files and many more. Because root kits can hide running processes, it allows other trojans to run on your computer without being detected opening up your computer to more intruders.
Detecting and removing root kits
Root kits modify many of the tools and libraries which your operating system depends on. It is very difficult to detect a root kit or trust anything your operating system reports to you. There are a few root kit scanners on the market today. We recommend either Blacklight from F-Secure or Rootkit Revealer from Sysinternals. The best way to scan your computer for root kits is to boot your computer from other media such as a rescue CD or a pre-environment loader or through another computer. Since the drive in question is not booted, the root kit cannot actively hide itself which will allow the scanner to detect its presence. Most experts warn, however, that even though there are programs that are able to detect and remove root kits, a full system format is still recommended if your system becomes infected because the root kit has modified important system files which make your computer not trustable.
September 7th, 2006
