Rootkits

We are seeing some dangerous rootkit infections lately. Many of them alter the master boot record, which effectively takes total control of a PC. Some can also create a small hidden partition on your hard drive and make it the “active” partition.

A PC user would never see this, and likely not even know they were infected. Of course many types of malware such as “trojan droppers” will download other viruses, and eventually a PC will get errors or become so slow they will realize that something is wrong.

There are many good tools to scan for rootkits, including, perhaps the best and most frequently updated TDSSKiller from Kaspersky. Users should be careful actually removing rootkits and other malware on their own, however, because they can render their PC unable to boot. Rootkits don’t go quietly, so always back up first before attempting your own repairs!

Some common examples are rootkit.boot.sst.b, Rootkit.0access.H., and ZeroAccess rootkit (Sirefef)

This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.