Manage Learn to apply best practices and optimize your operations.

Step 1: Is there a problem

It's difficult -- but not impossible -- to be totally sure that your system is 100% rootkit free, says Windows security expert Kevin Beaver. In this step-by-step guide, Beaver shows you how to strengthen your Windows systems against the rootkit threat.

Is your computer running slow or doing odd things? Have you found certain programs or data have been tampered with? Do odd windows or messages pop up during system startup or shutdown? Odd computer behavior is indeed a side effect of a rootkit infection, but strange behavior alone may not be a true indicator.

In fact, it's easy for the assumed presence of a rootkit to have a placebo effect, leading you (or a user) to believe the computer is infected. The truth is, strange behavior could just as easily be legitimate programs doing their things.

To determine if there is truly a rootkit operating behind the scenes, use a system process analyzer such as Sysinternals' ProcessExplorer or, better yet, a network analyzer. By using these tools, you'll likely be surprised to find what programs are doing and what's going in and out of your network adapter. You may also discover that you simply have an over-taxed system running with too little memory or a severely fragmented hard drive. With that in mind, I recommend checking your system configuration and defragmenting your drive(s). Remember, though, that it's better to be safe than sorry, so run a rootkit scan as well.

Finding and removing a rootkit

 Home: Introduction
 Step 1: Is there a problem
 Step 2: Choose the right scanning tool
 Step 3: Clean up the mess
 Step 4: Bulletproof your efforts
About the author:
About the author: Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has written six books, including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at Copyright 2006 TechTarget

Dig Deeper on Enterprise desktop management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.