Rootkit Detection and Removal for Windows XP, Vista, Windows 7 & Windows 8.0/8.1

What is a Rootkit?

A Rootkit is a malicious type of software that, much like your Windows PC’s Administrator User Account, gains access to your Windows Operating System memory and makes changes without your knowledge. Of particular concern is the fact that many Rootkits are able to by-pass anti-virus and anti-spyware programs. Rootkit programs can execute local as well as remote commands, change your computer’s configuration and default settings, spy on your online activity and e-mails, monitor everything you type on your keyboard, and even redirect you from a legitimate website to a “Phishing” (look-a-like) website without your knowledge or permission. (Note: Whenever accessing your online banking, financial, or insurance company’s websites, or other online accounts, be sure to check the address bar to be sure you are on the correct website.)

Rootkits can gain “back-door” access to your computer through known vulnerabilities in popular software programs, even through your Windows Operating System programs, or through Instant Messaging (“IM”) programs which, once gaining a foothold on your Administrator User Account, can attach malicious links to your IM program, and send these links to everyone in your contact list. When the recipient clicks on these links, their computer then becomes infected with the Rootkit. Rootkits as well as other forms of malware can also embed themselves in PDF files and other popular document formats.

“User-Mode” Rootkits can run on computers with full “Administrator Rights”, allowing the Rootkit access to your Windows Operating System files that interrupt running services and processes, even disable network ports. User-Mode Rootkits can also copy their malicious files directly to your computer’s hard drive and run automatically every time you boot your PC. The only good thing to say about User-Mode Rootkits is that today’s anti-virus and anti-spyware programs are specifically designed to detect these kinds of threats.

“Kernel-Mode” Rootkits. Realizing that Rootkits running in User-Mode can be detected by Rootkit detection software running in Kernel-Mode, sophisticated Rootkit developers have found a way to embed their malicious software in your Windows Operating System and Rootkit detection software.

“User-Mode/Kernel-Mode” Hybrid Rootkits combine User-Mode Rootkit characteristics, which are easy to use and stable, with the more “stealthy” Kernel-Mode characteristics.

“Firmware” Rootkits display similar characteristics of many other types of Rootkits but operate inside of “firmware” when your computer is shut down; restart your computer and the Firmware Rootkit re-installs itself. Even if a removal program finds and eliminates the Firmware Rootkit, the next time the computer starts, the Rootkit begins running again. (Note:Firmware is legitimate software installed in memory chips built into computer hardware by the manufacturer; in optical drives, network cards, routers, PCI expansion cards, micro-processors, scanners, and other types of peripheral hardware.)

“Polymorphic” Rootkits are probably the most “stealthy” type of Rootkits, making them very difficult to detect. These types of Rootkits can re-write core operating system code, even by-pass behavioral-based (“heuristic”) programs, thus rendering your anti-virus and anti-spyware signature-based programs useless. The only hope of finding Rootkits that use polymorphism is using technology capable of scanning deep inside your Windows Operating System, which then compares the results to a known good “baseline” of the system.

Rootkit Infection Symptoms

  1. Your computer locks up or fails to respond to keyboard and mouse inputs.
  2. The Blue Screen of Death (“BSOD”) displays for no apparent reason.
  3. Your Windows settings have changed without your permission.
  4. Network activity becomes intermittent, slow, erratic or disabled.
  5. Your anti-virus program no longer runs.
  6. Your browser settings, preferences, and add-ons have been disabled or modified.
  7. Your computer becomes very slow, even with no programs opened.
  8. Unusual web browser behavior or redirects to unfamiliar websites.
  9. Incorrect PC time and date stamp, or it constantly changes.

Rootkits are one of the most dangerous forms of malware infection you can encounter because they embed themselves deep within your Windows Operation System thus making them much more difficult to detect and remove. It is often very difficult to know whether or not a Rootkit is installed on a computer, tougher yet, where it might be residing. Even seasoned computer technicians have a difficult time uncovering the whereabouts of Rootkits, which should get the same consideration as other possible reasons for any decrease in the efficiency of your computer.

Many popular anti-virus programs are capable of detecting and removing older Rootkits however other Rootkit infections may require the use of specialized anti-Rootkit programs to remove them. Some advanced anti-Rootkit programs (depending on the user’s experience) may even require the assistance of a more technically-minded user familiar with computers and operating systems. If you don’t know how to recognize the difference between legitimate and illegitimate Rootkits, deleting the wrong one can wreck havoc with your computer’s operating system.

There is no single anti-Rootkit tool capable of eliminating all known Rootkits, let alone those yet to be identified or those that are – and will be – created in the future. Therefore, today’s computer user must use a combination of the best anti-Rootkit programs available if they expect to stand a chance at winning the Rootkit war.

Best Anti-Rootkit Software

Sophos Anti-Rootkit
Malwarebytes Anti-Rootkit
aswMBR
Kaspersky TDSSKiller

The consensus opinion gathered from numerous forums, independent testing labs, and computer users worldwide consistently rate Sophos Anti-Rootkit, Malwarebytes Anti-Rootkit, aswMBR, and Kaspersky TDDSKiller as the most effective anti-Rookit programs available for today’s Windows XP, Vista, Windows 7, and Windows 8 users. Each of these programs offers a slightly different user interface, and one or another of these programs may be more to your liking. The important point is that you include 1, 2, 3 or 4 of these top anti-Rootkit programs in your arsenal to identify and eliminate Rootkits from your system. I highly recommend that you install these anti-Rootkit programs, as well as Malwarebytes Anti-Malware (Free) and Malwarebytes Chameleon (Free), on a USB drive for ready use in the event that your computer is compromised by a Rootkit or some other form of malicious malware.

Best Practices to Protecting Your Computer against Rootkits

Below are some important best practices all computer users should employ to keep their computer malware-free, or at the least, protected against the most serious threats. Implementing these practices makes it much more difficult for hackers to install Rootkits and other forms of malicious software on your computer.

  1. Make sure that your Windows Firewall is turned on at all times.

    Note:
    Unless you are an experienced user familiar with firewall technology, never modify your default Windows Firewall settings.
  2. Perform daily (or at a minimum) weekly scans with your on-board anti-virus and program and with Malwarebytes Anti-Malware (Free), especially if you download a lot of software onto your computer. To avoid downloading infected software or drivers, only download from the author’s or driver manufacturer’s website.
  3. Avoid online gambling, gaming and porn sites, and never click on links at unfamiliar websites or on links inside of unsolicited e-mails.If you are interested in reading an article, or finding out more about a product displayed on an a website, copy and paste the article’s title, or the product’s name into Google’s search engine, and conduct your research only from within known news organization or from the product manufacturer’s website. “Drive-bys” and “Car-jacking” are two of the latest “tricks” hackers use to download malicious software onto computers. Today’s sophisticated hackers are able to breach websites and embed Rootkits and other form of malware into legitimate product advertisements and article links and, just by clicking the article link or product ad, a Rootkit or other form of malicious software can be installed onto your computer without your knowledge.
  4. Never open e-mail attachments unless you are absolutely sure of the source, and develop the habit scanning every file or photo (even those received from trusted friends and sources), or software programs, with your on-board anti-virus program, and with Malwarebytes Anti-Malware (Free) before opening the file, viewing the image, or installing the software.In 2013, more than 400,000 new malware programs were detected worldwide, with many of these being categorized as “Zero-day Attacks”, meaning they had yet to be discovered and reported to your anti-virus program provider. Consequently, your provider may not have written and deployed an update to your anti-virus program to protect you from these Zero-day Attacks.
  5. Non-essential software programs should be installed only on a local “Standard” user account, (i.e. without Administrator Rights) so they will not have access to your Windows Operating System.
  6. Make sure that Windows Updates is set to Automatic so Critical Updates are always installed as soon as they are released by Microsoft.Windows Updates, or “patches”, protects your Windows Operating System from know vulnerabilities which, if left un-patched, leave your computer open to any number of external threats.Also make sure that all of your installed programs are always up-to-date with the latest security patches. DownloadFilepuma Update Detector (Free). Update Detector scans your computer for installed applications and sends the current version’s information to Filepuma to see if there are any new updates or patches available. New updates will appear in your browser window along with download links for all applications that need to be updated.
  7. Never enter a site rated “Red” by Web of Trust (Free) or LinkExtend (Free). LinkExtend and Web of Trust help protect you and your family, and your computer from a wide variety of online threats, including viruses, malware, scams, rogue websites, worms, and etc. that many anti-virus programs cannot detect. Website ratings are provided by millions of users world-wide on the site’s computer safety, child safety and company ethics giving you a safer browsing experience. Consider installing one of these programs on all of your computers to ensure safe Internet surfing for you and your family.
  8. Never run software from home-made CDs or DVDs, or removable media (USB or Flash drives) without first scanning the content of the media. If you lend your removable media to someone, be sure to scan it for viruses, malware and Rootkits upon its return.
  9. If you need e-mail services, consider using Thunderbird or Opera Mail along with an inconspicuous @gmail.com address.
  10. Never download pirated or “cracked” software from any website. First of all, it’s unethical, and certainly not worth the price you will pay if your free cracked software crashes your computer causing you to potentially lose all of your data and valuable photos, or worse yet, having to reinstall your Windows Operating System.

How to Clean Your Computer of Rootkits and Malicious Software

When removing Rootkits or other forms of malicious malware, you’ll want to reboot your computer into Safe Mode with Networking by continuously tapping the F8 key several times immediately upon depressing the start button. When the Safe Mode menu appears, select Safe Mode with Networking and click the enter key. Your computer will then boot to a modified desktop where you can then access your on-board anti-virus program, Malwarebytes Anti-Malware (Free), Windows tools, or other non-Windows cleaning tools installed on your computer. Rebooting in Safe Mode prevents installed Rootkits or other malicious software from starting up.

Step 1: Launch your on-board anti-virus program and immediately update it, and then run a FULL scan of your computer, following the prompts to delete any detections.

Step 2: Reboot your computer in Safe Mode with Networking, launch and update Malwarebytes Anti-Malware (Free), and then run a FULL scan, following the prompts to delete any detections.

Step 3: Reboot your computer in Safe Mode with Networking, launch and update, and then run, each of your Anti-Rootkit programs from your USB drive, and follow the prompts to delete any detections.>

Step 4: Download CCleaner (Free) and scan you Windows Registry to improve your computer’s performance by cleaning invalid and empty registry keys. Always remember to save a back of your Windows Registry before deleting invalid registry keys.

Step 5: Download BleachBit Cleaner (Free) to deep clean your computer of unnecessary temporary files.

Step 6: Download Auslogics DiskDefrag (Free) to defrag and optimize your disk drive.

Step 7: Download Complete Internet Repair (Free) to repair and reset your Internet TCP/IP settings after ridding your computer of Rootkits and other forms of malware.

Step 8: Visit Microsoft Fix-It Solution Center (Free) which can automatically detect and repair many problems with your Windows Operating System, including Internet Explorer, Windows Media Player, Entertainment applications, Microsoft Office applications and much more.

Step 9: Download WinPatrol (Free) for an added layer of protection against external threats to your Windows PC. WinPatrol alerts you about any new program activations as well as changes to your system which may be generated by many forms of malware. With a click of your mouse, you can “Allow” or “Block” any system alerts.

Step 10: Download Revo Uninstaller (Free) to uninstall all toolbars and unnecessary or unfamiliar programs. Also check your Windows Programs folders, and delete any folders associated with toolbars, Rootkits, malware, spyware and other malicious programs that you have deleted from your computer.

Step 11: Protect Your Identity. Some malware threats don’t necessarily attack your computer. Granted, Phishing attacks, and Rootkits can cause a lot of “dirty work” to your Windows Operating System, but rarely will they do any damage to your hardware. On the other hand, malware or Rootkits that hook their claws into your PC greatly increase the chance of an unknown party obtaining your personal information.

Once you discover that your computer has been infected with malware, a Rootkit or other form of malicious software, you should immediately reset all of your passwords, preferably from another computer. This includes banking portals, e-mail accounts, social networking sites, etc.

Never underestimate what cyber-criminals can do with your account information. Losing control of this information can leave you with fraudulent charges on your credit cards, damaged credit, or wipe out your entire life savings. A compromised social media account can damage your personal relationships or put your friends and family at risk, as your account may be used to spread the malware that infected your computer to all of your contacts.

WindowsXP8Support Remote Support Service

I trust that this information has increased your knowledge and awareness about the dangers of Rootkits. If you have experienced any of the symptoms outlined above, consider using WindowsXP8Support’s Quick Support (“QS”) Remote Computer Repair Services to safely and quickly clean your computer for you.WindowsXP8Support will perform all of the above operations, returning your computer to its original performance. No spending hours trying to implement all these steps yourself, and no lugging your computer to the repair shop only to be left without your computer for several days.

We’ll log onto your computer over a secure Internet connection using BeamYourScreen and will have you up-and-running in a few hours. You don’t even have to be present however if you would like to learn how to clean, repair and maintain your computer, you’re more than welcome to sit back and watch the show!

Call 619-955-6246 or Email Jeff.Meyers@WindowsXP8Support.com