What is a Rootkit and How it Infects your PC

Ads by Google

RootkitEveryone knows about computer viruses – and people are rightly fearful of them. Many have also heard about (computer) worms, which are nasty programs designed to spread as much as they can to infect computers.

A rootkit, on the other hand, is devious in a different way. This unwanted code on your desktop is used to gain control over your desktop by hiding deep inside your system. Unlike most viruses, it is not directly destructive and unlike worms, its objective is not to spread infection as wide as possible.

So what does a Rookit  do?

What it does do, is provide access to all your folders – both private data and system files – to a remote user who, through administrative powers, can do whatever he wants with your computer. Needless to say, every user should be aware of the threat they pose.

Rootkits generally go much deeper than the average virus. They may even infect your BIOS – the part of your computer that’s independent of the Operating System – making them harder to remove. And they may not even be Windows-specific, even Linux or Apple machines could be affected. In fact, the first rootkit ever written was for Unix!

Rootkits

Image by Fristle

Is this a new phenomenon?

No, not at all. The earliest known rootkit is in fact two decades old.  However, now that every home and every work desk has a computer that is connected to the internet, the possibilities for using the full potential of a rootkit is only just being realized.

Ads by Google

Possibly the most famous case so far was in 2005, when CDs sold by Sony BMG installed rootkits without user permission that allowed any user logged in at the computer to access the administrator mode. The purpose of that rootkit was to enforce copy protection (called “Digital Rights Management” or DRM) on the CDs, but it compromised the computer it was installed on. This process could easily be hijacked for malicious purposes.

What makes it different from a virus?

Most often, rootkits are used to control and not to destroy. Of course, this control could be used to delete data files, but it can also be used for more nefarious purposes.

More importantly, rootkits run at the same privilege levels as most antivirus programs. This makes them that much harder to remove as the computer cannot decide on which program has a greater authority to shut down the other.

So how I might get infected with a rootkit?

As mentioned above, a rootkit may piggyback along with software that you thought you trusted. When you give this software permission to install on your computer, it also inserts a process that waits silently in the background for a command. And, since to give permission you need administrative access, this means that your rootkit is already in a sensitive location on the computer.

Another way to get infected is by standard viral infection techniques – either through shared disks and drives with infected web content. This infection may not easily get spotted because of the silent nature of rootkits.

There have also been cases where rootkits came pre-installed on purchased computers. The intentions behind such software may be good – for example, anti-theft identification or remote diagnosis – but it has been shown that the mere presence of such a path to the system itself is a vulnerability.

So, that was about what exactly is a rootkit and how does it creep in to computer. In my next article I’ll discuss how to defend your computer from rootkits – from protection to cleaning up.

Stay tuned!

Before You Go...

Just wanted to let you know that we've launched a special course for Microsoft Excel users, called ExcelJump where we'll add great content on Excel. Make sure you check it out and subscribe. It's worth much more than the price we're offering it for.

Get Guiding Tech articles delivered to your inbox.

Also get a free ebook when you subscribe.

We will never share your address. Unsubscribe at any time.



  • Pingback: Top 3 Tools To Remove Rootkits and Prevent Them from Infecting Your PC

  • Muraliporur

    I like to get full .feed of your blog in my google reader

  • Dirk Strauss

    Have you had any experience with, or removed the Zero.Access rootkit before? What are the signs of infection as well as are there many different types of rootkits? Is Sub7 a rootkit?

    • zero2581

      its a little late but for anyone having this problem with the Zero.Access Rootkit, Download the program Hitman Pro from a different computer and put it on a flash drive. It’s in a downloadable 32 or 64 bit software. Run the software from your flash drive, and it should take care of it. It was the only thing that helped me at the time.

  • Nathan

    My AVG picked up that i have 16 Anti-Rookits? what is this and how can i remove them. I have never had a virus, and scan almost every day. Can anyone help?

    • fucker

      anti-rootkits? you dont know what you say

  • Olanrewaju Series Abdulrahaman

    Hi, after being infected by rootkit, my system was very slow and does not load to desktop. but i used to enter through SafeMode. right now it does not power on again. please how can i repair it?