What is a Rootkit?

What is a Rootkit?

Information on rootkits and how to remove them


A Rootkit is a type of software, an application designed to hide its presence, and mask the fact that an operating system (OS) like Microsoft Windows has been compromised; it will sometimes do this by replacing vital executables. These Rootkits allow other threats like viruses, worms and malware to “hide in plain sight” by disguising themselves as necessary files on your system that common antivirus and anti-malware software will overlook. Rootkits can also be used to create hidden directories or folders designed to keep them out of view from operating systems and security software.


Rootkits themselves are not harmful; they are simply used to hide things like viruses, worms and malware. The "rootkit" term comes originally from UNIX system and UNIX-like systems and it is made up of two parts: "root" and "kit". The "root" level on UNIX systems is something like administrator privileges on Windows systems. The "kit" part then explains that these tools came to the system usually as a kit made up of more tools.


Because rootkits are activated before your operating system even boots up to the main screen, they are very difficult to detect and therefore provide a powerful way for attackers to access and use the targeted computer without the owner’s notice. Due to the way rootkits are used and installed, they are notoriously difficult to remove. Rootkits today usually are not used to gain elevated access, but instead are used to mask malware payloads more effectively.


How does a Rootkit infect a system?

Rootkits can get onto a computer system in various ways. The two most common ways are through a Trojan or an email attachment. . Also surfing the web may result in installation of a rootkit, for example when "special" plugin (pretending to be legitimate) is needed to correctly view some webpage, to launch some file, etc. Some software can also carry these Rootkits.


What can they do?

Rootkits can release a range of malicious software from spyware to keylogger software that steals sensitive information from your computer.


How to avoid rootkit infections

Having active and updated antivirus software remains the best means of protection against these infections. However, if you’re running 64 bit Windows, you’re less likely to be affected by rootkits. Statistics show that only 1% of the users affected by rootkits are using Windows 64 bit, and that most infections occur on 32 bit operating systems.


Your anti-virus program might be able to find and remove some rootkits, but a safer solution is to use a dedicated rootkit scanner. Three of the best free options are F-Secure BlackLight, Sophos Anti-Rootkit and McAfee Rootkit Detective.


Rootkit Removal Tools

Rootkit Removal Tools are not a substitute for anti-virus or Internet security software protection. To keep your computer and devices secure, you should install Internet security software.



Kaspersky Rootkit Tool


Malwarebytes Rootkit Removal Tool


Sophos Rootkit Removal Tool


Bitdefender Rootkit Removal Tool



Quick Menu


The information contained on this website is for general purposes only. Whilst we endeavour to keep the information up-to-date and correct, this is a voluntary project and we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability of the information, products, services, or related graphics contained on the website for any purpose.

Any reliance placed on such information is therefore strictly at the user’s own risk.