What is rootkit?

A rootkit is a piece of software or hardware designed with the intent to gain unauthorized root-level access over computer’s operating system in a stealthy way, without being detected.

Rootkits typically target the kernel mode of the operating system, computer’s BIOS, boot loader located on MBR, and they can alter user mode libraries and applications as well.

Rootkit infections are ubiquitous and tend to plague especially Microsoft Windows-based operating systems along with other malicious software, such as viruses, trojan horses, spyware that make our lives miserable.

How to you uproot a rootkit? (no pun intended)

As rootkit contaminations are a growing and get more elaborate, you would think and expect that there would be plenty of software tools out on the market, readily accessible, to fight them off. On the contrary, there aren’t many mainstream programs readily available that are able to detect and eradicate rootkit infiltrations effectively.

An important thing to note is that there isn’t and never will be a universal rootkit scanner/remover and the best results are achieved by combining on-line/off-line comparison scanners with solid antivirus program(s).

There are quite a few tools out there, developed either by independent programmers or little known software groups that we have had pretty successful rate with rootkit detection or better yet, preventing infections.

Free tools

Aside from tools by Bitdefender, F-secure BlackLight, Malwarebytes or Sophos Anti-Rootkit, we’ve used tools by some obscure names from all over the world. Since, at most instances those tools are accompanied by little or no documentation whatsoever and you don’t know what they actually do, we don’t recommend or endorse any. Use at your own risk and always exercise caution!

GMER (www.gmer.net) – a rootkit detector by a Polish developer scans for and detects: hidden processes, hidden threads, hidden modules, hidden services, hidden files, hidden Alternate Data Streams, hidden registry keys, drivers hooking SSDT/IDT/ IRP calls, inline hooks. Though the last release is dated 03/2009 we’ve had quite a success with detecting and removing MBR rootkits with this tool.

FLISTER – a rootkit detector tool by another talented Polish researcher targets windows rootkits (at both user and kernel mode) by exploiting their bug: failure to hide properly the files or directories which should have need hidden.

ARIES Rootkit Remover by Lavasoft claims to reliably locate and permanently remove the rootkit that was developed by First4Internet and used by Sony BMG to hide their digital rights management (DRM) software.

Combofix –is an effective tool against rootkits and other malware that incorporates GMER technology in its scans. Although it had some stability issues and bugs in the past, it is rather powerful and should be used under guidance of tech support at the one of these forums. Combofix is normally available on Bleeping Computer forums all the Bleeping Computer forums where its available for download.

Avira Rootkit Detection A beta version of Avira Rootkit Detection will reveal active rootkits and hidden objects and will present you with actions to take against its findings.

Penn Asian Senior Services

13:23 25 Jul 19

Penn Asian Senior Services (PASSi) has worked with Kontech on numerous occasions, and what we've consistently observed is service that combines top-notch knowledge with care & attention to detail. We are a nonprofit that provides services throughout the Greater Philadelphia area from our home base in East Oak Lane -- as may be the case with many nonprofits of a similar size, we come across a wide variety of IT needs within the office, many of which we try to handle in-house. However, there are times where we really do need the guidance/assistance of professional IT consulting. And, whenever we have this need, Kontech is our go-to solution -- we highly recommend the company, which we find to be trustworthy with fairly-priced services. - PASSi

Anita Rodriguez Morrison

18:05 02 May 19

Greetings from Michigan! Our company contacted KonTech IT Services to take care of a UPS battery install for our customer with an office in Philadelphia. KonTech did an awesome job with the installation and documentation. WE will definitely use them again when business takes us back to PA!

Keith Dewey

19:04 12 Feb 19

Working in a demanding field like the hospitality business we are in constant need of upgrades and installations to better our IT systems. Kontech IT services is a solid company that helps us with all our IT needs in a timely and professional manner. Their techs are very knowledgeable and great at making recommendations for your systems as well. I recommend Kontech anyday!!

Haley Klinghoffer

11:34 17 Aug 18

Very responsive and reliable! They have been able to solve all of our technological nightmares. Highly recommend!!

Sambath Phea

01:32 19 May 18

Highly recommend Kontech IT Services for your electrical needs. We had them install a video door bell with 3 indoor monitors and 3 surveillance cameras. Till this day, any questions or troubleshooting we need help with, Kontech IT Services are just a phone call or an email away.

Technolo Sales

19:34 01 Mar 18

We use Kontech IT Services for all our cabling needs in the Philly area. We love the quality of work and their range of expertise. We would highly recommend these guys.

Adam Schran

16:56 21 Feb 18

Konrad visited us and was able to solve a tricky network cabling issue that others were not able to fix. Plus, he explained why it happened and what else we could do to optimize our network equipment and cabling. Friendly, super intelligent guy we would welcome back to our premises any time for additional work as needed. Highly recommended.

brian seyller

12:53 29 Sep 17

Kontech has gone above and beyond to help me with our customers. I would highly recommend using them!