A rootkit is a collection of tools a hacker uses to mask intrusion and obtain access to a network or system in a way that is difficult to detect. This term can be broken down into two parts. Root is a UNIX/Linux term equivalent to Administrator in Windows. The word kit indicates programs that allow someone to obtain root/admin-level access to the computer by executing the programs in the kit – all of which is done without end-user consent or knowledge.1
Rootkits are a stealthy type of software, often designed to maliciously maintain privileged access to a computer. The term "rootkit" has negative connotations through its association with malware. A rootkit is a direct attack on a system that exploits known vulnerabilities or passwords through computer hacking, privilege escalation, or social engineering. Gaining root/administrator access gives cybercriminals full control over a system so they can modify existing software, including antivirus software that might otherwise be used to detect or circumvent it.
Rootkits are complex and ever changing, which makes it difficult to understand exactly what risks you are facing. Removal can be complicated or practically impossible, and may require hardware replacement, or specialized equipment.2
Because they resist detection by antivirus security software, rootkits can be hard to remove once they get onto a computer. Trend Micro™ RootkitBuster can find rootkits by checking the Master Boot Record, registry entries, kernel code patches, operating system service hooks, file streams, and more. By cleaning or removing hidden files, registry entries, and services, RootkitBuster can eliminate a wide and ever-growing number of rootkit variants.