How to Defeat a Rootkit
A rootkit is a software package used by hackers to gain administrative access to a computer and to help them keep that access by disabling antivirus and antimalware programs. The best way to defeat a rootkit is to prevent the hackers from getting into a system in the first place. If a rootkit ends up on a computer system, the only sure way to remove the hackers and defeat the rootkit is to reinstall the computer from scratch. This is necessary because the hackers may have added numerous other security holes to let themselves back in even if the rootkit has been deleted by antirootkit software.
Other People Are Reading
Instructions
-
-
1
Disconnect the network cable from the rootkit-infected computer. If the network connection is wireless, remove the wireless network card. This will prevent the hackers from infecting other computers on the local network using the current rootkit-infected computer.
-
2
Reboot the computer and follow the on-screen prompts to get into the BIOS setup. This procedure varies depending on the computer, but it usually involves pressing a key, such as F1, F2, Esc, Delete or F10, during the initial bootup.
-
-
3
Select the BIOS menu option to set the boot order as follows: CD-ROM, external hard drive, then internal hard drive.
-
4
Connect an external hard drive to the computer. The external hard drive will be used temporarily for backing up data on the rootkit-infected system.
-
5
Insert the operating system CD/DVD and reboot the system. The system will boot to the operating system CD/DVD due to the BIOS change in Step 3.
-
6
Install the operating system on the external hard drive; then remove the operating system CD/DVD from the drive after the installation is complete.
-
7
Reboot the system, which should boot from the operating system installed on the external drive since the CD/DVD drive is now empty.
-
8
Copy any data to be saved from the computer's internal drives to the external drive. Any data not copied will be destroyed in the subsequent steps. In Windows, click on the "My Computer" icon to copy and paste files from the internal hard drive to the external hard drive.
-
9
Remove the external hard drive from the computer after the file backup is completed; then put the operating system CD or DVD back into the CD/DVD drive.
-
10
Reboot the system, which should boot into the operating system CD/DVD due to the BIOS change from Step 3, and remove the external hard drive.
-
11
Reconnect the network cable to the computer. If the network connection is wireless, reinstall the wireless network card.
-
12
Reinstall the operating system on the computer's internal drives. Make sure all internal drives are reformatted during this process. This will remove any traces of the rootkit and any additional security holes installed by the hackers. On most operating systems, the reformat can be done during the install program when you are asked which disks should be used for the operating system.
-
13
Reboot the computer after the operating system install is complete.
-
14
Reattach the external hard drive, and then copy the data back to the computer's internal hard drives if any backed-up data is needed from the external hard drive. In Windows, click on the "My Computer" icon; then copy/paste the files from the external hard drive to the internal hard drive.
-
1
Tips & Warnings
Using rootkit removal software is no guarantee that the hacker did not leave other security holes to let himself back in. It is much better to reinstall the rootkit-infected system from scratch. Better yet, install security patches from the operating system vendor that prevent the installation of rootkits in the first place.
