To truly bulletproof your rootkit detection and cleanup process, make sure you always read the current user instructions for your scanning tools to see what special steps you need to take before, during and after the clean-up process. Then, after you've found and cleaned a rootkit, rescan the system once you reboot to double-check that it was fully cleaned and the malware hasn't returned.
As of now, rootkit infections typically occur in targeted attacks, but given the way things have progressed with malware in the past decade, I wouldn't be surprised to see this as a widespread problem in the future. As always, the bad guys are using their knowledge and technical skills to stay a step or two ahead.
Still a little paranoid about rootkit infections? Want to be sure your system is truly clean? The best and most reliable method is to repartition, reformat and reload Windows. It's painful, but it's really the best way to go if you really need some closure.
Finding and removing a rootkit
Step 1: Is there a problem
Step 2: Choose the right scanning tool
Step 3: Clean up the mess
Step 4: Bulletproof your efforts
|About the author:|
|About the author: Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has written six books, including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at firstname.lastname@example.org. Copyright 2006 TechTarget|