Home > Step-by-Step Guide: Finding and removing a rootkit
Step-by-Step Guide:
EMAIL THIS LICENSING & REPRINTS

Step-by-Step Guide: Finding and removing a rootkit

18 Oct 2006 | Kevin Beaver, Contributor

Advice for securing Windows
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

In a nutshell, rootkits are nasty programs that can load on boot or temporarily live in memory and run in user mode (aka ring 3 for you processor gurus) and kernel mode (aka protected mode or ring 0).

Rootkits became pervasive in the Unix world, but the technology and its threat are slowly and surely bleeding into the Windows environment. They manipulate Windows by taking over the operating system -- even inside a virtual machine -- with the goal of hiding malware and controlling any or all aspects of the system.

Rootkits are relatively easy to install on victim hosts. To upload a rootkit, a determined attacker can do everything from exploit a Windows vulnerability to crack a password or even obtain physical system access. They can even con users into running an executable file in an email attachment or via a hyperlink distributed via email or instant messaging. Once they're in place, as you're likely to find out, rootkits aren't so easy to find or get rid of.

The rootkit threat is not as widespread as viruses and spyware. Given this fact, and the lack of a truly effective rootkit prevention solution, handling rootkits is largely a reactive process.

Here are various techniques and tools for finding rootkits and removing them from your systems if you suspect an infection:


Finding and removing a rootkit

 Home: Introduction
 Step 1: Is there a problem
 Step 2: Choose the right scanning tool
 Step 3: Clean up the mess
 Step 4: Bulletproof your efforts
ABOUT THE AUTHOR:
Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books including Hacking For Dummies, Hacking Wireless Networks For Dummies, Securing the Mobile Enterprise For Dummies (all by Wiley), as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver ~at~ principlelogic.com. Copyright 2006 TechTarget


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Intrusion detection, prevention and removal
October patches fix four threats
Cool things about security, nothing about Britney Spears
Malware prevention and detection webcast series
Rootkit and malware detection and removal guide
Preventing malware with tools, patches and education
Removing malware from your Windows system
What is malware?
Step 1: Is there a problem
Step 3: Clean up the mess
Step 4: Bulletproof your efforts

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts