Is your computer running slow or doing odd things? Have you found certain programs or data have been tampered with? Do odd windows or messages pop up during system startup or shutdown? Odd computer behavior is indeed a side effect of a rootkit infection, but strange behavior alone may not be a true indicator.
In fact, it's easy for the assumed presence of a rootkit to have a placebo effect, leading you (or a user) to believe the computer is infected. The truth is, strange behavior could just as easily be legitimate programs doing their things.
To determine if there is truly a rootkit operating behind the scenes, use a system process analyzer such as Sysinternals' ProcessExplorer or, better yet, a network analyzer. By using these tools, you'll likely be surprised to find what programs are doing and what's going in and out of your network adapter. You may also discover that you simply have an over-taxed system running with too little memory or a severely fragmented hard drive. With that in mind, I recommend checking your system configuration and defragmenting your drive(s). Remember, though, that it's better to be safe than sorry, so run a rootkit scan as well.
Finding and removing a rootkit
Step 1: Is there a problem
Step 2: Choose the right scanning tool
Step 3: Clean up the mess
Step 4: Bulletproof your efforts
|About the author:|
|About the author: Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has written six books, including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at firstname.lastname@example.org. Copyright 2006 TechTarget|