Love, respect & compassion is all it takes to create heaven on Earth.

How to detect & Remove Rootkits on Windows XP Pro?

How can I best detect AND remove rootkits from my Windows XP Pro system?


Share Send to a friend Watch Report
 

Best Answer

 
12 helpful answers

Nowadays, Almost every respected AntiVirus vendor integrates a rootkit detector in it's product. Removing rootkits can get very bothering. What you, basically want to do, is boot the system in safe mode or even better, boot it from a rescue disc and then start scanning. Sometimes it's even better to restore to a clean safe system. It's always advisable to make a system image which you know is perfectly clean. Otherwise you can specificly search Google for Detecting&Removing rootkits software.

Posted 2006-10-07T11:20:21Z
Helpful?(4)
Rated as Best Answer

 

All Answers
Order by

 

rootkit A type of Trojan that keeps itself, other files, registry keys and network connections hidden from detection. It enables an attacker to have "root" access to the computer, which means it runs at the lowest level of the machine. A rootkit typically intercepts common API calls. For example, it can intercept requests to a file manager such as Explorer and cause it to keep certain files hidden from display, even reporting false file counts and sizes to the user. Rootkits came from the Unix world and started out as a set of altered utilities such as the ls command, which is used to list file names in the directory (folder). Legitimate Rootkits? Rootkits can also be used for what some vendors consider valid purposes. For example, if digital rights management (DRM) software is installed and kept hidden, it can control the use of licensed, copyrighted material and also prevent the user from removing the hidden enforcement program. However, such usage is no more welcomed than a rootkit that does damage or allows spyware to thrive without detection. See Trojan.

For the Windows platform there are many free detection tools such as Blacklight. Another Windows detector is RootkitRevealer from Sysinternals. It will detect all current rootkits by comparing the results from the OS to the actual listing read from the disk itself. However, some rootkits started to add this particular program to a list of files it does not hide from--so in essence, they remove the differences between the two listings, and the detector doesn't report them. However, renaming the rootkitrevealer.exe filename to a random name defeats this. These features are now included in the latest release of Rkdetector and Rootkit Revealer so now there is no need to rename.

Posted 2006-10-08T05:53:14Z
mench was invited by Yedda to answer this question.

 
16 helpful answers
Love, respect & compassion is all it takes to create heaven on Earth.

Kurt Dillardi program manager with Microsoft Solutions for Security, wrote the follwoing piece:  

Detection and removal is still frustrating. Aside from a few established rootkit detection tools, including VICE, Patchfinder2 and klister, many tools were written by the same people who created rootkits. I don't know about you, but I have a hard time entrusting malware authors to clean up compromised computers.

However, several things happened in February to shine the spotlight on rootkits and prompt the creation of new detection tools. Beyond Fear author Bruce Schneier's rootkit mention in his blog and a presentation Mike Danseglio and I gave on Windows rootkits at the RSA Conference received a surprisingly extensive amount of press. Since then, security vendors Sysinternals and F-Secure Corp. have released standalone tools for their existing security suites to deal with rootkits. Microsoft has also added rootkit detection and removal to its Microsoft Malicious Software Removal tool, which it updates monthly.

Unfortunately, each time an existing tool is updated or a new tool is released, many rootkit authors update their malware to avoid detection. This results in an ongoing cat and mouse game that leaves systems administrators and computer users victimized.

All of this may sound terribly depressing, but there are effective measures you can implement to minimize the risk of being afflicted by rootkits or spyware. You should already be taking the following steps to secure your organization against this type of malware:

  • Maintain up-to-date antivirus and antispyware software.
  • Deploy network and host-based firewalls.
  • Stay current on patches for operating systems and applications.
  • Harden the operating system.
  • Use strong authentication.
  • Never use software from sources you don't trust.

We will explore a defense-in-depth approach to protecting your computers and networks in a later article in this series. In the meantime, check out Strider, a Microsoft research project for maintaining system integrity.

 

Posted 2006-10-08T10:11:07Z
 
1 helpful answer

you need a unique software "Rootkit Remover".

Posted 2009-01-07T11:28:36Z

Sign in to participate

Got an answer for Fons? Would you like to comment on the posted answers, or vote for the one which you think is the best?

Sign up for a free account, or sign in (if you're already a member).

Explore Related Questions

Other people asked questions on similar topics, check out the answers they received:


Q:

Security/Virus software for Windows XP Pro on MacBook Pro

I have Windows XP Pro on my Mac but have been afraid to use it without installing a security/virus package. Is there recommended ...
Submitted by RichSC1   2 years ago.
  • viewed 412 times
Last answer posted 7 months ago by optimus3


Q:

Where can I find file deleted by Windows for security reasons?

A friend has sent me via MSN Live Messenger a MP3 file. When the transfer was finished and I tried to open the file, I got a ...
Submitted by Roee Rotman   3 years ago.
  • viewed 720 times
Last answer posted 3 years ago by Afischer


Q:

Is Windows XP getting safer?

It's been quite a while since we saw headlines like "a new computer virus is threatening to blah blah", hasn't it? Is it only my ...
Submitted by george   3 years ago.
  • viewed 1220 times
Last answer posted 3 years ago by gill_bates



» More...

Feed - Subscribe to changes to this Q&A Blog
ADVERTISEMENT
ADVERTISEMENT
AOL Autos Q&A is powered by Yedda an AOL Company
Copyright © 2006-2010, Yedda Inc. and respective copyright owners