NEW BLOG POST: Windows Defender AV’s behavior monitoring coupled with cloud-powered machine learning models uncovered and blocked a massive Dofoil (Smoke Loader) coin mining campaign. Read the post
What is a rootkit?
Malware authors use rootkits to hide malware on your PC. Malware hidden by rootkits often monitor, filter, and steal your data or abuse your computer’s resources, such as using your PC for bitcoin mining.
How do hackers use rootkits?
By using a rootkit, a hacker hopes to protect and maintain their hidden presence on your PC for as long as possible. A successful rootkit can potentially remain in place for years if it is undetected. All this time it will steal information and resources from your PC.
How do rootkits work?
Put simply, some of the things your PC does are intercepted by the rootkit. This means that after a rootkit is installed, you can’t trust any information that your PC reports about itself.
For example, if you were to ask your PC to list all of the programs that are running, the rootkit might stealthily remove any programs it doesn’t want you to know about. In other words, rootkits are all about hiding things. They want to hide themselves on your PC, and they want to hide malicious activity on your PC.
How common are rootkits?
Many modern malware families use rootkits to try and avoid detection and removal, including:
How do I protect myself against rootkits?
Like any other type of malware, the best way to avoid rootkits is to prevent it from being installed in the first place.
Windows 10 and Windows 8.1 also have a number of built-in technologies to help protect you from rootkits:
What if I think I have a rootkit on my PC?
Microsoft security software includes a number of technologies designed specifically to remove rootkits. If you think you might have a rootkit on your PC, and your antimalware software isn’t detecting it, you might need an extra tool that lets you to boot to a known good or trusted environment.
In this case, use Windows Defender Offline.
Windows Defender Offline is a standalone tool that has the latest antimalware updates from Microsoft. It’s designed to be used on PC that aren't working correctly due to a possible malware infection.
What if I can’t remove a rootkit?
If the problem persists, we strongly recommend that you reinstall your operating system and your security software. You should then restore your data from backup.