PDA

View Full Version : Rootkit virus - What is rootkit virus and how to remove it?



techie
14-11-10, 12:05 PM
Rootkit virus is the most evil virus out there especially for windows PC users. This will hide from all views, admins cant detect it, normal users will die to remove this virus.

If you visit mp3 songs download sites or porn sites, you have more chance of getting your pc/laptop infected with this virus.

Typically, an attacker installs a rootkit on a computer after first obtaining root-level access, either by exploiting a known vulnerability or cracking a password. Once a rootkit is installed, it allows an attacker to mask the active intrusion and to maintain privileged access to a computer by circumventing normal authentication and authorization mechanisms. (source for this para: http://en.wikipedia.org/wiki/Rootkit)

If you are not a tech user, there were times that you must re-install your operating system to get rid of rootkit virus. Kaspersky anti-virus gives you better alternative. If you have kaspersky anti-virus or internet security products, it will remove the rootkit virus. You will need to download http://support.kaspersky.com/downloads/utils/tdsskiller.zip from kaspersky website to kill the rootkit virus. Rootkit resides with name something like Rootkit.Win32.TDSS.d

There were multiple forms of rootkit virus. Persistent rootkits, memory based rootkits, user-mode rootkits and kernel mode rootkits. Kernel mode is more powerful and dangerous. You can read more about this at http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx. In this page, Microsoft also gives you "Rootkit revealer" product that detects rootkits.