A rootkit is a program or a set of programs designed to provide priveleged access to the computer system and, at the same time, to hide itself or it’s associated files from detection.
Historically, root kit tools appeared on Unix-like operating systems as programs that provided intruder with most privileged (root) access to the system. Today, rootkits exist for all most popular operating systems from Windows to Linux. Windows rootkits allow the attacker to gain most privileged access to the system.
Rootkits can be divided on kernel-mode and user-mode:
- Kernel-mode rootkits replace or modify parts of the operating system or add code to the operating system. Usually, rootkits of that type are implemented as device drivers (Windows) or loadable kernel modules (Linux). Kernel-level rootkits obtain unrestricted access to all system resources and, as a matter of fact, became a part of an operating system. That is why kernel-mode rootkits are invisible for most anti-spyware and anti-virus applications. This is most dangerous and hard to remove type of rootkits. When you are trying to remove kernel-mode rootkits, you need to operate at the lowest system level. This should be done very carefully, because every wrong action can lead to system crash. Exterminate It! successfully works on this level.
- User-mode rootkits intercept and replace system calls in order to protect themselves from detection and hide information about intruder. Such rootkits are implemented as dynamic link libraries (DLLs) on Windows operating system.
User-mode rootkit hooking can be performed in different ways: - DLLs (libraries with executable code) can be loaded to different processes and could act on their behalf.
- File / process patching can be used on disk or directly in memory.
Such rootkits could change behavior of regular applications.
Rootkits differ from other malicious software in their function. The main function of the rootkit is to maintain control over the infected computer system, hide itself and associated malware files and to provide access for the intruder.
Rootkit do not infect other programs like virus and it do not spread over the local network like worm. It hides from detecting software and keeps “doors open” for a malefactor, who can use infected system for malicious actions such as sending SPAM, DDoS attacks, information stealing, etc. However, a worm spreading over local area network or trojan disguised as legitimate software, may install rootkit on infected computer. Most recent infection sometimes are using combined approach when trojan installs the rootkit and afterward rootkit protects other trojans installed from the Internet.
Technically rootkit software is very complex. It can be developed only by highly qualified specialists, because a bug in such software (especially kernel-mode rootkits) may cause total system crash and make crashed system useless for malefactor’s needs. Also rootkit should effectively resist modern anti-malware scanners.
Due to their nature, rootkits are very hard to detect and even harder to remove. Re-installation of operating system only may help in some complex cases. But all is not so bad. Fortunately, some anti-malware applications already implemented anti-rootkit functionality and Exterminate It! is one of them.
Exterminate It! provides rootkit unhooking, direct disk scanning and removal techniques which are working in most cases. Also custom solutions can be provided in case of difficult rootkit infections. So you won’t be left alone in face of rootkit infection.
Note that this functionality is in beta now, but you already can turn it on on Exterminate It! Options page. Anti-rootkit functionality is available in activated Exterminate It! copies only.
I believe my computer is being hacked into. I need this software.. Where do I go to get it?? Best Buy?
John (941)228-7743
— John LaBonte · Jan 12, 09:02 PM ·
2 John:
You can purchase Exterminate It! antimalware using this link:
http://www.exterminate-it.com/purchase/
Click Buy Now! button located on this page to proceed.
After activating Exterminate It! please use Submit State to check whether you have non-detected / hidden infection on your PC.
— Exterminate It! Support · Jan 14, 05:50 AM ·
If I buy this software can I use it on another computer which has Malicious software on it. I live in Australia, not sure whether I can buy it out here.
— Keith Goodwin · Jan 18, 12:07 AM ·
2 Keith:
Thanks for your question!
You can purchase Exterminate It! antimalware in any country – by using credit card and internet. Received activation code you can use on any PC.
— Exterminate It! Support · Jan 20, 05:48 AM ·
When i went to http://www.coolbuster.net, it mentioned that the AskBar toolbar is a Browser Helper Object or BHO. A BHO is a DLL module designed as a plugin for a web browser to provide added functionality. COOLBUSTER.net conducted a test using Firefox to uninstall Askbar toolbar. They found that AskBar is also intergrated in File Transfer Protocol or FTP Program installations. They also discovered that files associated to AskBar are not completed removed during the browser uninstallation process.
They also recommended installing CCleaner and HijackThis! to clean registry files for the removal of the AskBar toolbar and BHO files.
Question – Are these software programs safe to use or can “Exterminate It!” remove malicious malware in the form of toolbars and BHO’s as well as rootkits?
— Robin · Feb 5, 10:49 AM ·
2 Robin:
Exterminate It! removes malware BHO and Toolbars.
If toolbar or BHO was not detected during scanning procedure please use Submit State and briefly describe your symptoms.
With Submit State you can remove non-detected / recurring infection from your PC.
Check this link for further information:
http://www.exterminate-it.com/power-of-submit-state-feature
— Exterminate It! Support · Feb 7, 05:57 AM ·
I’m having a lot of problems with the scanning. It has stopped in the middle of the scan 3 times now. Meaning my PC shuts down.
— Fumiko Imahashi · Mar 15, 01:09 AM ·