Oneupweb : Rootkits Part 2—Removal?
Last time we talked about what rootkits are and some of their characteristics. Now that you know how to avoid them, you should be fine. Right? Unfortunately, rootkits are sophisticated and the people who deploy them are not always of the highest moral character, and even careful users still make mistakes or are taken by surprise. So knowing how you can reduce your risk is a good foundation, but chances are you will run across some of these whether you know it or not. The only surefire way to avoid all rootkits, viruses, malware, etc. is to shut your computer off and put it in a box in the corner, however, they are not quite as useful that way.
As you saw from last month, dealing with a rootkit can be trying. There is software to help find rootkits, but even these are not 100%. Some of the major tools out there are Microsoft’s Rootkit Revealer, Sophos Anti-Rootkit, and ComboFix which is a removal tool that as part, employs Gmer rootkit detection. Most major Anti-Virus vendors also have their own rootkit scanners as well. Many times identifying that you have a rootkit problem is half the game and these tools will help you with that. Then you can research the removal/cleanup necessary for your specific problem. Because many of these load before and hide themselves from the Operating System, it may be necessary to perform the removal from a clean boot—this often involves booting from a CD/DVD that can then scan and assist in removing the infected Operation System offline. Another method is to slave the hard drive into a known “clean” workstation and perform your repair from there. “How to remove rootkits and other spyware without booting hard disk ?” offers a description of the process of performing your repair from a boot CD.
One big problem is that you may be able to remove the active infection and stop the ongoing activities of the infection, but you don’t know what has been left behind and what holes may have been opened up to still leave you vulnerable to other threats. “Rootkits: Is removing them even possible?” looks at this aspect and offers some advice and recommendations.
All in all, not getting infected is the best solution. So take care and be aware of the risks, and hopefully you can minimize the times you will have to deal with malicious software.