The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, anti-virus, and system management utilities. There are several root kit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.
Persistent Root kits
A persistent root kit is one associated with malware that activates each time the system boots. Usually such malware consists of a code that starts working as soon as the system is rebooted.
A persistent root kit is one associated with malware that activates each time the system boots. Usually such malware consists of a code that starts working as soon as the system is rebooted.
Memory-Based Rootkits
Memory-based root kits are malware that has no persistent code and therefore does not survive a reboot. Once the system is rebooted it stops to execute.
Memory-based root kits are malware that has no persistent code and therefore does not survive a reboot. Once the system is rebooted it stops to execute.
Removing Root kits:
As there are chances that temp, %temp% and prefetch folders may get infected with them first we need to delete the files in that folder, these will make the system slow.
- We need to boot the system in boot logging mode.
- We need to search for the file rot.sys. win32k.sys, msivx, seneka, hacktool, Stuxnet and disable file permissions.
- Eg: cacls C:WINDOWSsystem32drivers win32k.sys /d everyone
- Restart the computer
- Search for the files using file search option with full name along with extension and delete them.
There are two different modes of Root kit attack one is Kernel mode which is very dangerous level of infecting the kernel level files and the other is User mode root kits.
For information of this go to the site
Download some good anti-root kit programs like Root kit revealer, Anti-Root kit, Sophos Anti-Root kit.
0 comments:
Post a Comment