Rootkit Protection

© 2019 Eric Skagerberg (All rights reserved. This material may not be reproduced in printed or electronic format without the express permission of the author.)
Adjunct Instructor, Computer Studies Department
Santa Rosa Junior College, California

Page last updated 29 April, 2011

What is a Rootkit?
- Subverts the core of the operating system, making it present false information to you and to programs
- Can take full control of your computer
- Used to hide viruses, spyware, parasites, and other malware
- Once infected, a rootkit may be impossible to remove, except by wiping out the hard drive and rebuilding from scratch

Rootkit Prevention, Detection or Removal
- Limited User Accounts can prevent infection
- RootkitRevealer by Microsoft Sysinternals
- Blacklight by F-Secure
  - Part of F-Secure's Online Scan
  - Part of F-Secure Internet Security 2008
- Sophos Anti-Rootkit
- Spy Sweeper
- Some protection from Antivirus, Antispyware, and Internet security packages