We have previously discussed what rootkits are and how you may get infected. Now we will see how to defend against them.
I may have a rootkit, how do I get rid of it?
If you suspect you have been infected, there are a few steps you can do. First, run a regular virus scan. The simplest ones can be removed with the most up-to-date antivirus programs. The scans can be run in safe or regular mode, however true rootkits may not show up easily. A better option is to use specialized rootkit detectors like the ones below.
1. TREND MICRO ROOTKIT BUSTER
Trend Micro makes a small but powerful Rootkit Buster that scans your computer’s system folders and Master Boot Records (MBR) for rootkits. It allows you to perform a selective target scan for different locations such as Registry Keys and File Streams.
2. SOPHOS ANTI-ROOTKIT
Sophos makes the free Anti-rootkit application that is a simple yet powerful tool for both new users and experienced ones. It provides a graphical and a command line user interface that allows selective operation. The scanner checks the entries it finds with those in its database and provides with detailed information on them. It is also available for a large variety of platforms.
3. MICROSOFT ROOTKIT REVEALER
Microsoft also makes its Rootkit Revealer that uses advanced tactics such as name hopping to stop smart rootkits from recognizing the scan and hiding. It however does not include a command-line interface like Sophos anti-rootkit.
It is best if these are run when the computer is disconnected from all networks. A more complex option is to run a boot disk/drive that will start your computer independently and allow you to scan hard drives and boot records.
If you have no other alternative, then a format and re-install of your operating system may be in order. This will not affect computers with an infected BIOS; however such infections are rare and cannot be contracted through ordinary means. They can only be removed by experts.
So how do I protect my PC?
It is said that an ounce of prevention is better than a pound of cure. Needless to say that all conventional methods for protecting a computer against viruses must be practiced anyway, but additionally, the user can take the following steps:
- Install software only from trusted sources. Non-essential programs should be locally installed for the user so that they do not have access to system spaces.
- A strong firewall will make it harder for an external attacker to make use of an infected computer.
- Regular scans of the computer will ensure any problems are nipped in the bud.
Rootkits will continue to be a threat with the spread of the internet to all corners of the world. A little safe computing and knowledge will keep your forearmed.
We at Guiding Tech are committed to share all the knowledge we have on computer security and time and again we will publish such articles to acquaint you with the dangers of computing in a networked world and how it keep your data and files safe. Keep reading!