Most of you should be familiar with the term virus, trojan, spyware, adware and worm. What about rootkit? A rootkit allows someone, either legitimate or malicious, to maintain control over a computer system, without the computer system user knowing about it. Rootkits are the toughest malware to detect because they often fools the users to believe they are safe and install themselves as drivers or kernel modules.
The first time I encountered a rootkit is when both my laptop and desktop was infected by a virus called JambanMu. It is a virus but using rootkit method to hide itself. I felt that something was not right on both of my computers but no matter what security software that I used to scan my computers, it would come up nothing. Then I accidentally found out about a tool called GMER which is able to detect and remove rootkit. The name of this tool does sound like a gaming tool but it’s not. Actually I just wanted to take a look at how his tool works but it ended up telling me about the rootkit that is present on my system! Then after a little research, I found out that it was the JambanMu virus that I brought back from one of my work place.
GMER is an application that detects and removes rootkits.
It scans for:
hidden processes hidden threads hidden modules hidden services hidden files hidden Alternate Data Streams hidden registry keys drivers hooking SSDT drivers hooking IDT drivers hooking IRP calls inline hooks
Other than able to detect and remove rootkits, you can also view your computer processes, modules, services and files. It can also scan and list all the programs that are auto started when Windows is booted up. Another good thing about GMER is it has a built-in registry editor in case the rootkit or virus has enabled registry editing restriction. At the final tab, there is a CMD console where you can run command lines if the Windows command prompt has been disabled.
Like I said, GMER did detect a rootkit on my computer but wasn’t able to totally remove it because it is a persistent virus that just kept coming back after cleaning it up. If GMER did not inform me about the rootkit presence on my computer, I could be the source of infecting many other computers with the computer virus.
A lot of advanced trojan is able to use rootkit technology to hide the process by injecting to the kernel level but luckily not often used because it is unstable and will cause the computer to crash if it fails to inject. Although I personally do not worry so much on rootkit infection but it is still good to run GMER once in a while to check on my computer for any suspicious hidden process. It takes only a few seconds to scan your computer. If you can’t run GMER, maybe your computer is already infected by a rootkit that stops GMER from running. Try renaming gmer.exe to another name and then run it. There are actually a lot more free and portable anti-rootkit software, perhaps I should compile a list when I am feeling better from the bad flu that I am currently having.
[ Download GMER ]
Related posts: