Help      |      Chebucto Home      |      News      |      Contact Us     

128. Dealing with rootkits

By Andrew D. Wright

By now nearly everyone has heard the message that they need to protect their computer from the bad guys.

If you're running a Windows computer, this takes the form of running Windows Update on the second Tuesday of the month to get the latest updates to the Windows operating system, or setting up the automatic updates option to download these critical updates.

You should also have a good anti-virus program and make sure that it has today's virus definitions.

There are also several good free anti-spyware programs to help keep malware off your computer, malware being programs which may look innocent but which do bad things you may not necessarily be aware of.

Basically the name of the game is for criminal networks to gain access to your computer and use it to do bad things. It has become big business: millions of home and small business computers have been taken over by the bad guys and these computers have become slaves of the botnets.

These slave computers live secret other lives, sending out their user's passwords and confidential information to crime networks on the other side of the world. Your online banking session may be encrypted and safe from prying eyes but if your computer is on a botnet your keystrokes can be read and sent off to strangers. Your computer might be filling up with loads of new Viagra ads or fake Rolex ads or cheap pharmaceuticals ads and spewing them out by the millions to beseiged mail servers all over the internet.

Back in the good old days, the main way to get at your computer was with a virus. This still happens but it is a lot harder for the bad guys than it used to be - most mail servers scan for viruses before the mail hits your mailbox and many users do use anti-virus products. Sending infected attached files in email is still done but many users simply stopped opening attachments.

Ever resourceful, the bad guys started putting links in their mail. Click here for a card from a friend. Click here for free money. Click here for naked pictures of the starlet of the week. When you click here, you get some malware. If you are the careful sort and virus and spyware scan any new files you download before opening them, you can stop most if not all of these attempts at taking over your computer.

Suppose you let one through though. These days the bad guys don't want their precious payload detected out in the open on your hard drive, they put too much work in getting it there, so they hide it with rootkits.

A rootkit is a program that runs when the computer starts up and uses its early start up position to hide itself from the rest of the operating system. It tells the host operating system everything is fine and uses various tricks to make sure that nothing can find it.

Your anti-virus program will pass it by, not knowing it is there. You won't be able to find its files on your hard drive and your spyware program won't know anything is amiss. The rootkit is the ghost in your machine.

The thing is, nothing is perfect and there are ways to find rootkits. Several anti-virus and anti-malware companies have made available free anti-rootkit software you can use to find rootkits and remove them.


Chebucto Community Net recommended software
(includes anti-virus and anti-spyware programs with free versions):


Sophos anti-rootkit software (free):


AVG anti-rootkit software (free): [NO LONGER AVAILABLE]


F-Secure BlackLight rootkit eliminator (free - link on page):


Avira anti-rootkit tool (free - link on page):


Microsoft Sysinternals Rootkit Revealer (free):


The Mousepad runs every two weeks. It's a service of Chebucto Community Net, a community-owned Internet provider. If you have a question about computing, email or click here. If we use your question in a column, we'll send you a free mousepad.


The Mousepad Index


Originally published 21 March 2008


Our community is online here!


This column is provided as a community service by