How to Detect Rootkits on a Computer or Laptop

Rootkits are used by hackers to hide intrusions into a computer. Rootkits are often used to obtain administrator privileges to the system and to other machines on the network so that they can spread malware, track keystrokes or open a backdoor into the system. Because of their stealthy nature, rootkit detection is difficult.
——————–
Gmer download: http://www.gmer.net/

GMER is an application that detects and removes rootkits .
It scans for:
hidden processes, hidden threads, hidden modules, hidden services, hidden files, hidden Alternate Data Streams, hidden registry keys, drivers hooking SSDT, drivers hooking IDT
drivers hooking IRP calls, inline hooks
———————-
RootRepeal download: http://ad13.geekstogo.com/RootRepeal.zip

The ability to scan and display all currently loaded drivers and tell you whether they are hidden and whether the drivers file is visible on disk.
Scans for hidden, locked or falsified files on the system
Scans and displays the

currently running processes (similar to Process Explorer) but shows if the process is hidden or locked.
Scans the SSDT (system service descriptor table) to see if any services are hooked.
Scans for Stealth objects which looks for rootkit symptoms in general.
Scans for Hidden services and displays them.
Once you have found something malicious, you can right click on the driver/file/service and either copy, wipe or force delete it.
———————–

Rootkit unhooker download: http://www.softpedia.com/get/Security/Security-Related/Rootkit-Unhooker.shtml
——————————

 

Leave a Reply