Rootkit Detection

What is a rootkit?

A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a hacker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.

A rootkit may consist of spyware and other programs that monitor traffic and keystrokes. Rootkits hide themselves and other software like keyloggers and remailers in order to intercept and redirect data from your computer, keyboard or network connections without your knowledge. Gaining access through vulnerabilities in your PC such as open ports or Windows security flaws, rootkits and the associated software can record sensitive information and send it to outside parties with the intent of stealing your identity or misusing your data.

Rootkits are hidden from conventional detection; they can’t be detected by looking in file listings or in the registry. Standard virus and spyware softwares can’t detect much less remove rootkits.

Rootkits in the news

This category of malware recently spurred public interest when Sony embedded a rootkit in their digital rights management processes, placing the rootkit on to Windows desktops during installation.

For more informations on rootkits please visit:

• Comprehensive discussion of rootkits
• Rootkits: The Obscure Hacker Attack

PCdefense and rootkit detection

PCdefense identifies rootkits by their behavior vs. their signatures. As with other detection methods, PCdefense may produce some false-positive results. Legitimate or illegitimate rootskits hide processes and data from you. The PCdefense rootkit detection allows you to take the right measures, and provides informational messages regarding the probable nature of the detection

If you detect a rootkit, you might see if Microsoft has a particular fix and removal tool for it. Please visit:

• Microsoft Malicious Software Removal Tools

Many rootkits have no easy fix available. For these, the only safe, sure way to get rid of rootkits is to clean your PC by formatting your harddisk and make a clean install of the OS, all application and your data. PCdefense offers you a unique and easy way to recover your PC from rootkit infections.

The Disaster Recovery function in PCdefense allows you to create a full image of your applications, settings and data, even after a rootkit is detected, as the Disaster Recovery image will not include rootkits. As this process includes formatting drives and reinstalling you operating system, it is important to follow the steps outlined in the PCdefense User Guide carefully. See the rootkit detection section of the PCdefense User Guide (PDF) for more information.

PCdefense rootkit messages

• ZwConnectPort
• Process Explorer by Sysinternals
• Sony DRM (Digital Rights Protection)
• Elite Keylogger
• Alcohol 52%
• Daemeon Tools