Among the most dangerous threats for Windows PCs we find rootkits, a piece of malware capable of hide in the operating system and act in the shadows without the user being able to do anything.A Rootkit by itself is neither a virus nor a malicious program; a rootkit is software that comes hidden from the operating system: you start with it with root or administrator privileges and then it remains active making all traces disappear and becoming unterminable; an example trivial, I am i driver.
The problem with a rootkit virus is that they can be used to spread other viruses and trojans and allow a hacker to take the total PC control: For this reason they must be stopped before they can lurk in the system and, in case of suspicions, regularly run a virus scan for rootkits and other hidden malware.
In the following guide we will show you how to use anti-rootkit and hidden malware protection on windows adjusting both the antivirus integrated in Windows 11 and in Windows 10 and which programs should be installed to obtain effective protection against all types of malware.
https://www.How2do.org/2008/04/la-best-protection-against-rootkit.html READ ALSO -> Differences between Trojan, Worm and Virus malware and other types
1) Use Windows Defender rootkit protection
Windows 11 and Windows 10 have a great built-in antivirus called Windows Defender; this antivirus is powerful enough to intercept rootkits before they can install on the system and eliminate any that have escaped control in real time.
To adjust Windows Defender to maximum power we open the app Windows Security from the Start menu, press on Virus and threat protectionclick on Manage settings (under section Virus & threat protection settings) and make sure all switches are on.
To strengthen security against rootkits we can also enable core isolation and memory integrity, which uses virtualization to make rootkit attacks even more difficult; to activate this security item, go to the app Windows Security from the Start menu, press on Device securitywe select the item Core insulation detailswe enable the switch present under the section Memory integrity and restart the PC for the changes to take effect.
On the antivirus integrated in Windows we can read our guide on come si usa l’antivirus Microsoft Defender in Windows 10 e 11.
2) Scan your PC with Microsoft Defender Offline
Are we afraid that a rootkit is now nestled deep in our system? Do we notice strange slowdowns and pop-ups whose origin we can’t figure out? To find even the most hidden malware we can rely on the function Microsoft Defender Offlineintegrated within Windows Defender and activated on request.
To use this function we open the app Windows Security from the Start menu, press on Virus and threat protectionclick on the item Analysis optionswe activate the switch next to the entry Antivirus Microsoft Defender (scansione offline)we press on Start analysis and wait for the PC to restart.
Microsoft Defender Offline will load into the recovery environment, thus preventing any hidden rootkits from starting (which may bypass the real-time checks once the system is booted). This tool will also delete any threats found and, at the end of the scan, the PC will automatically restart in normal mode.
3) Scan your PC with anti-rootkit tool
Hijackthis
however, the advice for those who are more experiencedis to check with a free little program called Hijackthis.
After pressing the Scan button, HijackThis will show all the current settings of the registry keys, services, special files that regulate the behavior of Internet Explorer and, in general, of the system; when you notice something strange, after a backup, select and click “fix checked”.
ATTENTION: never press the “Fix checked” button before knowing exactly the meaning of each item selected from the list, you could compromise the system.
The problem is certainly recognizing the dangers, “With the naked eye”; in support we must certainly make use of Google and the appropriate forums, certainly when you meet a voice called BHO or noname you have to be careful.
In another article we wrote a guide to make one scan software loaded at Windows startup with Hijackthis.
For LSP errors that hijackthis fails to fix ( O10 – Unknown file in Winsock LSP) you can use LSP Fix.
Some programs similar to Hijackthis are covered in other posts such as those to clean the infected PC of malware by deleting all traces and those to find hidden processes and suspicious programs to remove in Windows.
In addition to Hijackthis, we can use other third-party tools to scan the system for rootkits and hidden malware:
- Kaspersky TDSSKiller: Kaspersky Lab’s free tool developed to remove well-hidden rootkits on the system.
- Malwarebytes Anti-Rootkit Scanner: another valid tool useful for scanning and removing all hidden viruses, including new rootkits on the web.
- ESET SysRescue Live: a live bootable recovery disk (outside the operating system) with which to scan and remove all types of hidden malware, including the dreaded rootkits.
- AVG Rootkit Scanner Tool: among the best scanners to remove rootkits hidden among Windows system files.
- RootkitRemover: A simple but effective scanning tool against hidden threats.
Most of these free tools they are bootable as live environments: you install them on a CD or USB stick, connect to your PC, change your computer’s boot order and enter the scanning environment, totally separate from your system.
The best rootkit scanner on separate environment is without a doubt ESET SysRescue Livewhich we advise you to try immediately in case of infections that are difficult to eliminate.
Other good programs to scan for rootkits can be seen in our guide to best programs to eliminate hidden Rootkit viruses.
Conclusions
For the best security and the best protection against rootkit-type threats we can use enhanced Windows Defender or use one of the third-party tools designed to eliminate even the most hidden threats.
If we want to significantly increase the level of PC security, we invite you to read our articles on best antivirusessui best antispyware and on i improve firewall.
For more information, we can also read our guide for download and try premium antivirus with free trial.