Dwight Watt - Newspaper Article #86 12/22/2010

Question: What are rootkits?


Rootkits are malware programs. Malware programs can include viruses, worms, spyware, Trojans and others. Rootkits are different from the others in that the others typically give away their presence by doing destructive actions on your computers.

Rootkits are install on your machine thru some program but then try to stay hidden. They work at the highest security level so have the ability to either make high level changes to your machine or allow people access to your machine to allow them to either change or steal stuff.

Rootkits will often sit undetected for long periods of time.

Rootkits originated on UNIX machines as ways to manage software. About 2004 they began appearing on Windows machines as malware. Most modern anti-malware/virus/spyware programs will detect rootkits. However rootkits are more sophisticated and since operating at highest security are harder to find.

A rootkit that has been appearing recently is Google Redirect. Google did not make it. Basically it keeps sending pages to certain locations usually a Google site. It appears to be adware/spyware but is working at a higher level and will allow backdoors in your computer for hackers to get in. If you get Google Redirect the one program I have heard will remove it is Hitman Pro and the place to get it is CNET.com Apparently there are some evil copies of Hitman at other sites. I have not dealt directly with Google Redirect. You can use the trial version of Hitman Pro for 30 days free. AVG was one of the first programs to look for rootkits and was initially a separate program. If you are running 64 bit Windows you will be redirected to the Hitman website for the 64 bit version

The name rootkit came from its original use. Root for the fact it works at the highest level and on UNIX machines root is your top user, similar to administrator in Windows, but more powerful. It was a kit of programs to better manage software.

Norton, AVG and others will remove rootkits but you need the latest version and sometimes the malware you have they do not have a fix for and you have to find other programs. I strongly suggest running an anti-virus program and anti-spyware program on your PC.

Thanks to Don for the question.