deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 06:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updates

Browse Source
This commit is contained in:
Beth Levin
2018-08-14 13:29:27 -07:00
parent 79d514c324
commit a3587c3d8a
10 changed files with 51 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/intelligence/rootkits-malware.md
View File

@ -12,13 +12,13 @@ ms.date: 08/01/2018
---
# Rootkits
Malware authors use rootkits to hide malware on your device, allowing malware to persist on your device as long as possible. A successful rootkit can potentially remain in place for years if it is undetected. During this time it will steal information and resources from your PC.
Malware authors use rootkits to hide malware on your device, allowing malware to persist as long as possible. A successful rootkit can potentially remain in place for years if it is undetected. During this time it will steal information and resources.
## How rootkits work
Rootkits intercepts and change standard operating system processes. After a rootkit infects a device, you cant trust any information that device reports about itself.
Rootkits intercept and change standard operating system processes. After a rootkit infects a device, you cant trust any information that device reports about itself.
For example, if you were to ask your PC to list all of the programs that are running, the rootkit might stealthily remove any programs it doesnt want you to know about. Rootkits are all about hiding things. They want to hide themselves on your PC, and they want to hide malicious activity on your PC.
For example, if you were to ask a device to list all of the programs that are running, the rootkit might stealthily remove any programs it doesnt want you to know about. Rootkits are all about hiding things. They want to hide both themselves and their malicious activity on a device.
Many modern malware families use rootkits to try and avoid detection and removal, including:
@ -46,13 +46,13 @@ Like any other type of malware, the best way to avoid rootkits is to prevent it
For more general tips, see [prevent malware infection](prevent-malware-infection.md).
### What if I think I have a rootkit on my PC?
### What if I think I have a rootkit on my device?
Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you might have a rootkit on your device and your antimalware software isnt detecting it, you might need an extra tool that lets you boot to a known trusted environment.
[Windows Defender Offline](http://windows.microsoft.com/windows/what-is-windows-defender-offline) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. Its designed to be used on PCs that aren't working correctly due to a possible malware infection.
[Windows Defender Offline](http://windows.microsoft.com/windows/what-is-windows-defender-offline) can be launched from Windows Security Center and has the latest anti-malware updates from Microsoft. Its designed to be used on devices that aren't working correctly due to a possible malware infection.
[System Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/) provides in Windows 10 to protect against rootkits and threats that impact system integrity
[System Guard](https://cloudblogs.microsoft.com/microsoftsecure/2017/10/23/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/) in Windows 10 protects against rootkits and threats that impact system integrity.
### What if I cant remove a rootkit?