Welcome to the world of rootkits. Never heard of a rootkit? Well you will learn some stuff about them here on this page. In very simple terms a rootkit hides applications and/or utilities on your system creating a backdoor which enables the attacker to gain control over your system. Once they gain control they can use your computer to stage attacks against other systems or networks. How do you know if you have one? Well that's the tough part because the files are hidden. I don't mean as in regular hidden files where you can check "show hidden files" in Windows and see them. It can effectively hide its presence by intercepting and modifying low-level API functions.
Rootkit symptoms
  • Excessive network traffic/slow or no network connection
  • Free space on the hard drive not being reported accurately or missing
  • Random lockups
  • Anti virus program no longer runs
  • Windows settings have changed
  • Unrecognized sites showing up in Trused Internet Sites in IE
  • Folders showing up with long HEX names
  • Folders you didn't create showing up with files in them
  • Services running that you do not recognize or haven't noticed before
  • Accounts(usually hidden) showing up that you didn't create
These are some of the potential symptoms. Keep in mind with many rootkits you may not notice any symptoms. They are designed to not be noticed.

Where does a rootkit come from?

Rootkits can be introduced into your computer from any number of sources:

  • Via an internet connection:
    • Downloading/sharing files
    • Web browsing
    • Unsecure network
  • Inserting compromised optical media and USB/external drives
  • Programs
  • Cracks

 The term rootkit originated with a reference to the root user account on UNIX systems. Experts predict rootkits are going to used more and more for malicous intent on the Windows platform. While there's programs that can discover a rootkit, removing it without destroying crucial data can be a different story. Even programs that claim they can find a rootkit and remove them completely and safely from your system aren't guaranteed to work.

A variant of a rootkit called a bootkit is becoming more common. We have seen more systems infected with bootkits and they can be equally as difficult to remove as rootkits, if not more so in some cases. Bootkits compromise the bootloader by replacing it with one controlled by an attacker and persists through the transition to protected mode when the kernel has loaded.

Is there a doctor in the house?

NC Computer Tech doesn't want you to lose data or settings. We will attempt to neutralize your rootkit utilizing every technological solution, and we can backup your data.

NC Computer Tech will not give your system back until it's 100% clean.

Home | Troubleshooting/Repair | Upgrades | Data Recovery | Remote Assistance | Virus removal | Spyware removal | Rootkit removal | Home/Business Networking | Contact | About Us | Tech Talk

© 2013 - 2019 NC Computer Tech