What is a rootkit?

[Layzie Bone]

Everyone thinks that viruses are the worst thing that could happen. However if you've ever got nasty spyware that your typical cleaning program wont remove you might be a victim of having a rootkit. What a rootkit is software that runs under the aministrator privlages, often called root in Unix based operating sytems. The rootkit keeps the infector's software from either being detected or removed by hiding system files and information from the user. The rootkit is capable of hiding processes (that in Task Manager), memory addresses, and naturally on your hard drive. There are two ways of getting rid of rootkits, either by using software that runs while your computer is running windows or using a boot-time program, which is the best way simply because a rootkit can't do it's job if it isn't running. Alike adware and spyware viruses are now also incorporating rootkits.

F-Secure has released a free trial version of Blacklight, rootkit removal software.

Tips:

1. Don't go to porn sites.
2. No really don't go to porn sites.
3. A good combonation of anti-malware software, AVG anti-virus, Ad-Aware SE Personal, Spybot S&D
4. Clean your startup (Run>msconfig)
5. Run your anti-virus software and keep definitions updated, do the same with Ad-aware & Spybot S&D
6. Do a lot of surfing, delete cookies and temporary files, clear your history.

Because most of us have high-speed connections, the dwonloading of amlware can happen with out you knowing simply because it doesn't take a long time to download files. There isn't any full proof way to aviod getting crap on your computer, the only way is to not use it.

More importantly backup your information, between system glitches, failing hard drives and viruses and spyware, you seriously putting anything important at risk. It doesn't even matter where you store informaion on your computer, if a virus gets on your computer your data can be overwritten easily.

For backups I like two programs, Second Copy and Acronis True Image.

Second Copy is great if you only backing up a small number of files frequently, you can create profiles that are set to copy specific folders and files to another location, which can be another drive, another computer, a flash drive, even a off site FTP.

Acronis True Image is for those who really like everything to stay the same. Acronis makes a disk image of your hard drive and can save it to another drive or another computer on your network. Which these images can be restored by using thier Boot CD, you can have your computer back up and running in a matter of minutes after a system crash.

I use both of these programs and they are fantastic.

[nesman]

I might look into Acronis.
How does it access image files? Right now I'm using NFS (because it's easy) but I guess other easy options would be ftp, ssh, or even http if I were to store my backups in a web-accessible directory.

I've got a machine set up to store backups for the house, running a shell script to backup my folders. It would be great to also have an image to work with. Then, any files that have changed since the last image would be easy to replace. Heck, it wouldn't be too hard to add a "reverse" function to the backup script and use it to restore files and folders.

[Layzie Bone]

Acronis uses it's own image format and compression. You can mount the images in a virtual drive letter and access your files that way. If you're restoring an image you can either use the program through windows or the bootable rescue media. Keep in mind acronis backs up everything on you hard drive, so essentially you have a hard disk image. You can do multi-volume images which append changes to the original image file to save disk space.

[moongirl]

Thanks Wanabe.

I'm editing to add additional information...

AVG Anti-Rootkit Free

AVG Anti-Rootkit is a powerful tool with state-of-the-art technology for detection and removal of rootkits. Rootkits are used to hide the presence of a malicious object like trojans or keyloggers on your computer. If a threat uses rootkit technology to hide itself it is very hard to find the malware on your PC. AVG Anti-Rootkit gives you the power to find and delete the rootkit and to uncover the threat the rootkit is hiding.


* AVG Anti-Rootkit Free is freeware and available free of charge.
* This tool may be used according to the license agreement only.
* AVG Anti-Rootkit Free is absolutely not for use with any type of OEM bundling with software, hardware components, or any service.
http://www.grisoft.com/doc/download-fre ... t/us/crp/0

What is OEM?
http://www.wisegeek.com/what-is-oem.htm

Microsoft RootkitRevealer V1.71(231KB)

RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!

The reason that there is no longer a command-line version is that malware authors have started targetting RootkitRevealer's scan by using its executable name. We've therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service. This type of execution is not conducive to a command-line interface. Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version's behavior.
http://www.microsoft.com/technet/sysint ... ealer.mspx

I believe that all three mentioned here can be run as each one may reveal different rootkits.
1. F-Secure Blacklight Rootkit Revealer
2. AVG Anti-Rootkit Free
3. Microsoft RootkitRevealer