Episode nine of Steve Gibson’s Security Now podcast covered Rootkits – I thought I knew what a root kit is but was wrong. As always Steve’s podcast starts out very basic, but the latter half generally has a few nuggets for more technical peeps . This week is no exception, I learned that to be infected by rootkit technology means your operating system has been compromised, and as yet AdAware and cannot help.
You can listen to the podcast or Google for more information on Rootkits, but the most important point is that SysInternals have the only tool that can help. SysInternals Root Kit Detectors will read your file system and registry without using high level OS calls and compare the results to those when using OS calls. Any differences indicate an OS call has been intercepted.
Get the free tool here: http://www.sysinternals.com/Utilities/RootkitRevealer.html
Security Now is here: http://www.grc.com/securitynow.htm
So I have run this program and its showing results….what do I do now?
how do I know if I have to do anything at all?
This post is four years old and there may be a better solutions these days. Personally if I were infected by a root kit I would backup all my data, then re-install Windows reformatting the hard disc in the process. A root kit is about as bad as it gets