What is a "Rootkit"?

A rootkit is a set of software tools frequently used by a third party (usually an intruder) after gaining access to a computer system. These tools are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge. Rootkits are known to exist for a variety of operating systems such as Linux, Solaris and versions of Microsoft Windows. Rootkits are not new, they've been around for many years, but recently have been rediscovered by hackers and malicious programmers seeking to gain access to personal computers for nefarious reasons.

A rootkit typically hides logins, processes, files, and logs and may include software to intercept data from terminals, network connections, and the keyboard. In many instances, rootkits are counted as trojan horses.

A rootkit is often used to hide utilities used to abuse a compromised system. Backdoors and Trojans are examples. Recently, Sony Corp. was found to be installing Rootkits as part of a copy-protection scheme on its CDs. Sony is now capitulating and offering "rootkit free" disks to livid customers in exchange for the infected CDs they purchased.

Detecting Rootkits

We used a tool called "Rootkit Revealer" by Sysinternals. The following is an actual, unedited, scan log of  rootkits being detected by the Rootkit Revealer" application. These rootkits were being detected in some Incredimail files. What's interesting is that Incredimail was uninstalled from this particular computer (one of ours) over six months ago using Incredimail's uninstaller. We're not sure why Incredimail would be using rootkits or even if these are indeed rootkits, but it's very suspicious. If any of you use Incredimail and run Rootkit Revealer and see similar results

D:\Program Files\IncrediMail\bin\ Im3D.dll 9/25/1619 4:47 AM 80.04 KB Visible in Windows API, but not in MFT or directory index.
D:\Program Files\IncrediMail\bin\ ImLc.exe 1/1/1601 2:34 AM 284.04 KB Visible in Windows API, but not in MFT or directory index.
D:\Program Files\IncrediMail\bin\ SftTv32.dll 1/1/1601 2:34 AM 226.50 KB Visible in Windows API, but not in MFT or directory index.
D:\Program Files\IncrediMail\bin\ SSCE5232.dll 1/1/1601 2:34 AM 152.00 KB Visible in Windows API, but not in MFT or directory index.
D:\Program Files\IncrediMail\bin\ xaudio.dll 1/1/1601 2:34 AM 249.00 KB Visible in Windows API, but not in MFT or directory index.
D:\Program Files\IncrediMail\bin\Im3D.dll 7/16/12165 12:59 AM 80.04 KB Hidden from Windows API.
D:\Program Files\IncrediMail\bin\ImLc.exe 4/11/12193 1:45 AM 284.04 KB Hidden from Windows API.
D:\Program Files\IncrediMail\bin\SftTv32.dll 5/23/29092 7:28 AM 226.50 KB Hidden from Windows API.
D:\Program Files\IncrediMail\bin\SSCE5232.dll 1/23/29092 2:27 AM 152.00 KB Hidden from Windows API.
D:\Program Files\IncrediMail\bin\xaudio.dll 1/23/29092 2:27 AM 249.00 KB Hidden from Windows API.
 

How to find out if your computer is infected with rootkits:
You can get free program to check your computer for rootkits from Sysinternals by clicking here. SpySweeper is one of the only anti-spyware applications that will detect and remove rootkits. If you're using SpySweeper make sure you get the free upgrade to version 4.5. Spy Sweeper version 4.5 has been awarded the PC Magazine Editors’ Choice Award in the anti-spyware software category and remains our number one choice for anti-spyware protection.


Help Support Our Site!
Make our new Start page - Your new Start page!
Click the start button

 

Move up to InfoAve Premium Edition - We hope you will join the thousands who have already made the switch. Our InfoAve Premium Newsletter contains almost three times more information than Information Avenue free edition, and no third party advertisements!  Upgrade to InfoAve Premium right now! An InfoAve Premium Newsletter Subscription is only $11.95 per year, that's 52 great issues of news, tips, tricks, and features you can really use. Subscribe today, and save 50% on our new super Premium E-book !

Close This Window

©2005 Cloudeight Internet LLC

The above advertisements are provided by Google. Content of these ads is the responsibilty of Google, Inc.