You can have computer help for free. Helpero is a website that helps every Internet user, from all over the world, solve any computer related problem.
Helpero.com
 

advanced search
 
Ask Helpero
Home Home Home News News News Games Games Games How To How To How To Check this out Check this out Check this out
Helpero

How does the root viruses work?

Security Helpero/Helpero Viruses


A root virus aka RootKit typically hides logins, processes, files, and logs and may include software to intercept data from terminals, network connections, and the keyboard. In many instances, rootkits are counted as trojan horses.

Root viruses are a set of software tools frequently used by a third party (usually an intruder) after gaining access to a computer system. These tools are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge. Rootkits are known to exist for a variety of operating systems such as Linux, Solaris and versions of Microsoft Windows.

The best and most reliable method for rootkit detection is to shut down the computer suspected of infection and check its storage by booting from an alternative media (e.g. rescue CD-ROM, USB flash drive). A non-running rootkit cannot hide its presence and most established antivirus programs will identify rootkits armed via standard OS calls (which are supposedly doctored by the rootkit) and lower level queries, which ought to remain reliable. If there is a difference the presence of a rootkit infection can be assumed. Rootkits try to protect themselves by monitoring running processes and suspending their activity until the scanning has finished as non-stealthy malware will not be identified by rootkit scanners.

There are several programs available to detect rootkits. On Unix based systems two of the most popular of these are chkrootkit and rkhunter. For the Windows platform a free for personal use stealth scanner, named Blacklight, is available in beta on F-Secure's website. Another Windows detector is Rootkit Revealer from Sysinternals. It will detect all current rootkits by comparing the results from the OS to the actual listing read from the disk itself. However, some rootkits started to add this particular program to a list of files it does not hide from. So in essence, removing the differences between the two listings, the detector doesn't report them. However, renaming the rootkitrevealer.exe filename to a random name defeats this. These features are now included in the latest release of Rkdetector and Rootkit Revealer so now there is no need to rename.












Subscribe to our newsletter

Join our mailing list to receive free, up-to-date computer news.

Tags

,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,

Links

  • Our answers are free, but we need 120$ every month to pay the server bills.

    30$ Raised this month.
-->

Home Helpero|Helpero Terms & Conditions Helpero|Helpero Contact
Copyright 2006-2008 Helpero.com

Computer Help Company