What is a Rootkit?

June 15, 2018 by
What is a Rootkit?
Lighthouse IT Solutions, Matthew Almendinger

A Rootkit is a piece of malicious software that hides itself on your computer and gives an unauthorized person control of the machine and access to the information on it. It goes without saying that this is not a good thing, as it means that someone could get a hold of your personal information, cause performance issues, and break your computer.


Rootkits can spread through several means but they all require some form of user interaction, usually clicking a malicious link. Once the link is clicked, they can begin to download themselves onto your system and go into hiding while having control. Their ability to cover their tracks and control what your systems do makes them difficult to detect and remove.


There are several symptoms that can indicate a potential rootkit. Things to look out for can include sudden changes to your systems settings that you did not make, your keyboard or mouse suddenly quitting on you or other devices disconnecting, your antivirus stopping, and large amounts of network traffic when there should not be. There are also programs that can scan for rootkits and you should probably run one if you suspect your computer is infected. Our trusted partner in antivirus (Sophos) can help here.


Obviously, the best thing to do is to try and prevent them from getting on your computer in the first place. This is a two-part effort in which you should keep all your software updated, especially your antivirus program, and secondly you need to stay vigilant and not click on suspicious or untrustworthy links.

However, in the unfortunate event that your system does get infected there are steps that you can take to try and remove the rootkit. Firstly, isolate the infected device by disconnecting it from everything, including the internet. This stops the rootkit from spreading to other devices on your network and prevents the attacker from connecting to the rootkit and stealing your information or messing with your systems. From there you will want to run your anti-virus tool of choice, or perhaps more ideally, there are also software that specifically try to remove rootkits, we recommend Sophos' free anti rootkit tool. If that does not work then it is time to take more drastic measures, which unfortunately means having to factory reset your device and losing everything on it. While it is incredibly annoying to have to lose everything on your device, it at least means you do not have to purchase a new one. Although, if you follow good practice for backing up your data you should be able to recover it! Of course that does not stop all of this from being a big hassle, so for your own sake please keep safe and do your best to not get infected with malware of any kind.

We offer a cyber-security toolkit if want to stay as safe as possible.

Read It Here