What You Don’t Know About Rootkits Will Scare You

Lori Cline 06-12-2016

You sit down at your computer and turn it on. It takes a long time to boot up and when you finally get to your desktop, the background has been changed. Nobody else uses your computer, so what’s up?


Maybe you need to clean up your hard drive to make it run faster. Maybe you were sleepwalking again and in your travels you sat down and decided that you absolutely had to have your new nephew’s picture as your wallpaper and you changed it.

Computer Malware Danger
Image Credit: faithie via Shutterstock

Or maybe not. Maybe the reality is that your computer has been hit by a rootkit. If you don’t know anything about rootkits, prepare yourself for a big surprise.

No ordinary antivirus software How to Spot Fake Antivirus and System Cleaning Apps Fake "antivirus" apps that pretend to find malware so you'll buy the premium version of the app are on the rise, and increasingly targeting Mac users. Here are a few tips for identifying these apps... Read More can catch a rootkit on its way in to your computer. Once it’s in, it will hide where you won’t ever find it; you won’t even know it’s there. By the time you do, it will have stolen any sensitive information you had, destroyed your files, and rendered your computer completely useless.

There’s more. Let’s take a look.


The Basic Rootkit

In layman’s terms, a rootkit is a nasty, scary, even dangerous form of malware that is now one of the all-time highest malware security risks. It will enter your computer without your permission, shut down your antivirus protection undetected, and let an attacker become the unauthorized administrator so as to take complete virtual control and have root access to your system. (Note that rootkits have gone mobile now.)

Rootkits don’t discriminate as to what operating system they invade. Whether it’s  Windows, Apple, or Linux, an installed rootkit will stealthily replace sections of a computer’s operating system with ones that look normal, thus evading detection and allowing detrimental commands to be carried out.  A computer’s BIOS The BIOS Explained: Boot Order, Video Memory, Saving, Resets & Optimum Defaults Need to change your PC's boot order or set a password? Here's how to access and use the BIOS, and some commonly modified settings. Read More (Basic Input Output System) is what is used to start the system after the computer is turned on, and a rootkit can take control of it, as well.

Vulnerabilities in the security system (like an unpatched hole), a contaminated torrent, or downloaded software, are just three ways a rootkit can gain access to your computer.

You Can’t Detect Them

rootkits finders keepers
Image Credit: Happy Stock Photo via Shutterstock


Malicious rootkits have evolved ten-fold. The first rootkit engineered (early 1990s) hid effectively enough, but hackers have gotten more advanced; thus, rootkits are more sophisticated and close to impossible to detect. They’re specifically written to be able to defend themselves against ordinary security software, ultimately side-stepping any barriers that should be blocking them from your computer.

You can try to find rootkits by using a free tool such as chkrootkit (for Linux and Mac) or Rootkit Revealer for Windows, but only if you update them consistently. Let it be noted that there is no assurance that you will find a rootkit in this way; they have become far more advanced than any tool’s capabilities to detect them.

One proven way to find a rootkit is to completely shut down the computer and then boot from an uninfected flash drive or a rescue disk. A rootkit can’t hide when it is not being run.

The good news is that sometimes you do find them. The bad news is that when you do, they have probably already destroyed your computer, data files, and taken your sensitive information, too.


But wait, there’s more.

What They Do

Security Backdoor Malware
Image Credit: Spectral-Design via Shutterstock

A rootkit is written almost always for the sole purpose of making money illicitly. Once it has escaped detection, it will hide where nobody can find it, thus providing an attacker  “backdoor access” to the computer. At this point, the cybercriminal has all the elevated privileges a system administrator and programmer has. Armed with full control, he can browse through the computer remotely, taking things like your personal bank information, and rewriting software to his specifications.

Once a rootkit is installed, it will stay hidden, but there are telltale signs that you have been infected:

  1. Your antivirus program stops working and/or can’t be re-installed.
  2. You can’t open a certain program.
  3. Your mouse stops working.
  4. You can’t open a browser and/or your access to the internet has been blocked.
  5. Your screensaver and/or wallpaper changes and you didn’t change it.
  6. Your network suddenly becomes very busy, very slow, or disconnects all together.
  7. You can’t see your taskbar.
  8. Your computer won’t boot up and/or freezes.

Again, there is no other type of malware that can escape immediate detection by antivirus software and a firewall and successfully remain undetected after point of entry except a rootkit.

You Can’t Get Rid of Them

RIP Keyboard Button Key
Image Credit: Pop Paul-Catalin via Shutterstock

So now you know. If you are sitting at your computer some day and your antivirus program shuts down or your browser won’t open or your screensaver changes unexpectedly, you quite likely have a rootkit. RIP.

Just kidding. Kind of.

Rootkits give a whole new meaning to that point in your day when your computer is wigging out and you realize that you haven’t done a backup These Guys Didn't Back Up Their Files, Now Look What Happened If there is anything I learned during those early years of working with computers (and the people that use them), it was how critical it is to not only save important stuff, but also to... Read More in a long time.

If a rootkit is found, most often it cannot be deleted.  Many programs advertise the ability to delete a rootkit, but it’s only a small possibility, at best. As we previously discussed, an attacker with high system administrator privileges can do anything to a computer; to check every piece of software, every file of the operating system 6 Underappreciated Features of the Windows Operating System There are plenty of Windows features you use every day, but some you might not have ever seen. Let's give these underrated tools some credit. Read More , etc., for any remainder of the infection would be almost impossible.

Using an antivirus program and doing manual clean up are not options for removal. Note that using System Restore What You Need To Know About Windows System Restore Imagine the trouble you could find yourself in, if your system failed! The Windows System Restore feature could save your butt. This article explains how to create and use Windows restore points. Read More is not an option, either; rootkits infect the very core (the root, for lack of a better pun) of your machine so any restore point is most likely infected by it, as well.

There is only one way to get rid of a rootkit once it has entered your computer and compromised your system, and that is to wipe your hard drive and install a new, clean copy of the operating system. You will never know if you “got it all” and the only way you can guarantee that the infection is gone.

Website Address Checker
Image Credit: Gazlast via Shutterstock

What You Can Do

At present, there is no cure for a rootkit. There are, however, preventative measures you can take:

  1. Update your computer regularly. This means the whole computer, not just Windows, not just your Malwarebytes definitions, not just your graphics card drivers. It means update everything — religiously.
  2. Only surf safe sites Understanding How to Stay Safe Online in 2016 Why do some users blindly wander the Internet with the bare minimum of online security software installed? Let's look at some commonly misconstrued security statements, and make the right security decisions. Read More . You wouldn’t go shopping in an area of the city that is known for vehicle theft, so don’t go surfing in any “bad” areas of the internet. (Note: Get an add-on for your browser called an ad-blocker. It will tell you if you have entered a bad site.)
  3. Have a reliable, always updated security system in place. This would consist of firewall and antivirus software, or a security suite that includes both. Fortunately, it is relatively inexpensive (if not completely free) to provide your computer with Grade-A security software. Do some research in order to choose the option that best fits your needs.
  4. Watch what you download. Many programs today come pre-installed with software (labeled bloatware Tired of Bloatware? How to Purge Windows 10 Store Apps For Microsoft, Windows 10 is a cash machine. With future updates, more apps will be pre-installed and promoted on the Start Menu. Let us show you how to easily remove pre-installed Windows Store apps. Read More ) or add-ons (i.e. a toolbar) that carry malware, such as rootkits. When installing software, pay attention to what’s happening rather than clicking through the installation. Make sure nothing additional is being installed, or you may be sorry.
  5. Never open anything How to Spot Unsafe Email Attachments: 6 Red Flags Reading an email should be safe, but attachments can be harmful. Look for these red flags to spot unsafe email attachments. Read More you don’t recognize or expect — even if the sender is someone you know! When spyware is part of a rootkit’s arsenal of programs, it uses things like social engineering tactics to trick a user into unknowingly installing it.

Ultimately, use common sense. Treat your computer like you would your house. Don’t just have a sign that says, “Warning! Guard dog on the Premises!” make sure you have the dog, too.

Have you had the misfortune of unknowingly installing a rootkit, or know someone who has? Share your story below.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Mike Donovan
    December 7, 2016 at 11:44 am

    Why Instant Restore software isn't used more widely by consumers is a mystery to me. You get your computer in a "perfect state" and then turn on the Instant Restore software (Shadow defender, Deep Freeze, Drive Vaccine, Toolwiz...there are many and some free). Then every time you reboot, the IR software throws out everything on the system drive and returns your computer to the exact same state as the last time you booted up. You can get trashed by all kinds of malware - reboot - and it's gone! The only real learning curve is getting used to changing all your default locations to save data files to another partition or drive so they are not lost at reboot.