How do I Check my Computer for Rootkits?

Article Details
  • Written By: R. Kayne
  • Edited By: O. Wallace
  • Last Modified Date: 04 October 2019
  • Copyright Protected:
    Conjecture Corporation
  • Print this Article
Free Widgets for your Site/Blog
Part of Grand Central Station, there is a secret railway platform underneath the Waldorf Astoria hotel in New York.  more...

October 22 ,  1962 :  US President John F. Kennedy ordered an air and naval blockade in Cuba.  more...

Experts generally agree that it is difficult to guesstimate how many computers are compromised by malicious rootkits, but numbers appear to be climbing if the growing list of known rootkits is any indication. Infections are believed highest in the U.S., with as many as one computer out of every four infected, according to at least one estimate. Unfortunately, it isn’t easy to detect a rootkit as one of its main functions is to remain hidden. Software packages called “anti-rootkits” are available to scan for rootkits, but prevention is strongly recommended.

In some cases there can be telltale signs that a rootkit is present on a system. For example, a user might be doing word processing or simple Internet surfing when he or she notices the computer is processing data exceedingly slow. Upon checking the system it may become clear the computer processing unit (CPU) is low on resources. This could be because the CPU is doing background work for a rootkit. A poorly written rootkit might also cause a computer to crash repeatedly, though these problems could also be attributable to other causes.


To be safe it’s best to check your computer for rootkits weekly, then backup the clean system to safeguard against future problems. Some anti-rootkit packages offer to remove certain types of rootkits, but it is generally recommended that if a rootkit is found, the hard drive be reformatted and the system rebuilt. It is very difficult to be sure that a rootkit is completely removed, and in some cases removing a rootkit can leave “holes” in the system, rendering it unstable.

There are several types of rootkits and not all scanning programs look for all types of rootkits. “Signature-based” anti-rootkits look for known rootkits, which can be helpful if your system is infected with a known kit, but new rootkits are released into the wild every day. Other anti-rootkit programs look for rootkits in files, but not in the registry.

Anti-rootkit software from an untrusted source might actually be designed to install a rootkit rather than scan for one, making it wise to stick with programs released by well-known software companies that specialize in security software. A few popular anti-rootkit programs that fall into this category include AVG Anti-Rootkit, F-Secure’s BlackLight, Sophos Anti-Rootkit, and Panda’s Anti-Rootkit.

In April 2007 PC Magazine™ tested and reviewed several anti-rootkit programs for effectiveness. The Editor’s Choice went to Panda’s Anti-Rootkit, reported as delving deeper into the system than the other rootkit finders reviewed at the time. Panda Anti-Rootkit also found all planted rootkits in the test and like many other anti-rootkits, it’s free. Using more than one anti-rootkit program might also be prudent.

A sensible protocol to follow is to scan for rootkits weekly, then clone the hard disk or backup the system to an image located on a secondary drive. Using this strategy, if a rootkit should be found you needn’t rely on removal. A recent disk image allows the option of reformatting the infected drive then restoring the image to ensure a clean, stable system with little downtime.

To prevent downloading rootkits, avoid opening email that arrives from unknown sources, keep your operating system patched with the latest hotfixes, and run anti-virus and anti-spyware programs with current updates. To further minimize risk, use a firewall and don’t allow websites to install software unless you are sure the site can be trusted.


You might also Like


Discuss this Article

Post 6

Like some above, I also work in the I.T. field. My problem started while watching movies (Hulu) on-line. I heard a snap from my speakers and noticed my computers volume control had been set to mute. When resetting the volume my system froze to the point Ctrl/Alt/Delete was not an option. Only a cold shut-down would work. Upon further investigation, I noticed my remote desk top had been accessed (I always keep it disabled).

As days went on, it got worse, to the point it sounded like a faint radio station could be heard through my speakers along with hissing and other R.F.

After having to re-start five times in one night, I re-formatted my drive and all has been good. The strange thing is, this problem would start around a certain time of the evening. Any and all feedback is welcome.

Post 5

Macintosh computers are just as hackable as other PCs. They just have fewer viruses because virtually no one uses them.

Post 4

As a security professional in the computing industry as well as a computer repair technician, I often find root kits installed on my client's computers. This very scary fact is hard for my clients to understand how it happened. One must realize that there is great harm that can be done from viewing malicious websites on the Internet. Very often these kinds of websites can be found on adult entertainment parts of the web.

An individual can take great care to avoid getting a root kit installed on their computer but the reality is that can happen to anybody. Unless you own a computer that is not susceptible to such attacks root kits are a reality of everyday security risks on the Internet for personal computer users. Be sure to run scans often as you do not want to find yourself in a situation where your most vital information has been used by a root kit.

Post 3

I recently discovered a root kit installed on my computer and was absolutely amazed. The weirdest part for me was the fact that my computer did not act different at all. Many users report that when they have a root kit installed on their computer they noticed a significant decrease in performance and in Internet connectivity. I did not recognize either of these and I wonder if the root kit that was installed was simply not activated. Is it possible to have a root kit that is sleeping or is in a zombie like mode?

As the research for the security industry of computers advances, I hope that the ability to detect a rootkits will increase significantly. Only when we err able to get rootkits fully removed from computer systems will be be able to ensure the safety of our computing experiences.

Post 2

His way to ensure that your computer is not infected by a rootkit is to buy a Macintosh computer. Simply put the operating system that Apple Computer uses for its hardware is extremely durable and strong. if you do purchase an Apple Macintosh computer you will find that you do not have to remove root kits from the system because they simply do not exist. This is just one example of how Apple computers are extremely more secure than most Microsoft Windows-based operating system computers.

I recommend that you truly evaluate the security and safety of the computer hardware that you're using as it is extremely important in this day and age that your private data is protected. If you are trying to discover a rootkit on your system I wish you the best of luck and you should look into rootkit protection as a source of every day defense against these malicious software types.

Post 1

I use two scanning tools combined with McAfee Anti-virus software. My regular anti-virus software does a good job picking up most malware before it infects my system, but the other two tools I use will find most everything else that sneaks through.

I use Malwarebytes Anti-Malware tool, and McAfee Advert-stinger. Between these programs I have a two year old laptop that still runs fast, and has never crashed.

I have a lot of things on my hard drive valuable to me, so I take internet security seriously. My computer is central to me, keeping all of my schoolwork, pictures, music, and files safe. Most of the things on my computer would be hard to replace. The best rootkit removal tools are free, so I recommend that anyone with a computer download these applications.

Post your comments

Post Anonymously


forgot password?