Awareness and prevention of malware Rootkit

What is Rootkit?

Literally, the root-kit is a user disguised as a "root" directory by attackers. It originated from UNIX systems and refers to the "kit (Software Tool Group)" for obtaining the root permission of computers )』, therefore, it is called Rootkit. Rootkit will change some operating system settings so that attackers can become "System Administrators" in the victim's computer. The trouble is that the design of Rootkit, the malware itself, it is difficult for antivirus software to determine whether Rootkit exists in the system and which content is subject to the change of Rootkit.

 

As shown in common Rootkit failure 1, Rootkit tampered with the data that should have been "00000000" on the core layer (Kernel) so that when the application or user accepts the file, the error data of "11111111" is received, and the Rootkit at the core layer is usually more difficult to detect than the Rootkit at the application layer (User mode, currently, the methods used to detect Rootkit programs are divided into two categories: signature-based and behavior-based. For more information about Rootkit classification, see Wikipedia-Rootkit ).

How to handle Rootkit detected when you scan your computer:

First, delete the detected file and scan the virus again. If many infected files are found, reinstall your operating system to completely solve the damage caused by Rootkit, rootkit is highly appealing. Therefore, we recommend that you install anti-virus software immediately after you reinstall the operating system. In addition, if the previously retained installation files (for example, setup.exe) are not compressed into rar or zip files, or are burned to a CD, they cannot be used, because these archives may contain risks of being infected.

If you confirm the poisoning, two useful tools are recommended for you: Microsoft Diagnostics and Recovery Toolset (MS DaRT) and Windows Defender Offline. If you need comprehensive protection, we recommend that you use MS DaRT, because it can not only repair Rootkit, but also repair other viruses and malware, and MS DaRT contains offline Windows Defender, so MS DaRT can be offline boot repair system, so Rootkit will not be started, so that the MS DaRT can enter the system core layer repair.

After learning about Rootkit fundamentals and attack methods. What's important is, how to prevent Rootkit and avoid threats, we suggest you try the MS DaRT tool introduced in this issue, do a good job of system vulnerability assessment and prevention isolation, take the best measures to protect yourself after understanding the risks brought by Rootkit!