deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-14 10:03:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
Files
ecce8ff1f30706aed289104f8ccce2a70695f3aa
windows-itpro-docs/windows/security/intelligence/rootkits-malware.md
Beth Levin 92bee2676b Updating date
2018-08-03 14:44:14 -07:00

57 lines
3.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Rootkits
description: Learn about rootkits and how they hide malware on your device and what you can do to protect yourself.
keywords: security, malware
ms.prod: w10
ms.mktglfcycl: secure
ms.sitesec: library
ms.localizationpriority: medium
ms.author: dansimp
author: dansimp
ms.date: 08/01/2018
---
# Rootkits
Malware authors use rootkits to hide malware on your device, allowing malware to persist on your device as long as possible. A successful rootkit can potentially remain in place for years if it is undetected. During this time it will steal information and resources from your PC.
## How rootkits work
Rootkits intercepts and change standard operating system processes. After a rootkit infects a device, you cant trust any information that device reports about itself.
For example, if you were to ask your PC to list all of the programs that are running, the rootkit might stealthily remove any programs it doesnt want you to know about. Rootkits are all about hiding things. They want to hide themselves on your PC, and they want to hide malicious activity on your PC.
Many modern malware families use rootkits to try and avoid detection and removal, including:
* [Alureon](http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fAlureon)
* [Sirefef](http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fSirefef)
* [Rustock](http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fRustock)
* [Sinowal](http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fSinowal)
* [Cutwail](http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32%2fCutwail)
## How to protect against rootkits
Like any other type of malware, the best way to avoid rootkits is to prevent it from being installed in the first place.
* Apply the latest updates to operating systems and apps.
* Educate your employees so they can be wary of suspicious websites and emails.
* Back up important files regularly. Use the 3-2-1 rule. Keep three backups of your data, on two different storage types, and at least one backup offsite.
For more general tips, see [prevent malware infection](prevent-malware-infection.md).
### What if I think I have a rootkit on my PC?
Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you might have a rootkit on your PC, and your antimalware software isnt detecting it, you might need an extra tool that lets you boot to a known trusted environment.
In this case, use [Windows Defender Offline](http://windows.microsoft.com/windows/what-is-windows-defender-offline).
Windows Defender Offline is a standalone tool that has the latest anti-malware updates from Microsoft. Its designed to be used on PCs that aren't working correctly due to a possible malware infection.
### What if I cant remove a rootkit?
If the problem persists, we strongly recommend reinstalling the operating system and security software. You should then restore your data from a backup.
Reference in New Issue View Git Blame Copy Permalink