Penguin

Differences between current version and previous revision of RootKit.

Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History

Newer page: version 4 Last edited on Tuesday, December 27, 2005 10:50:42 am by zcat(1)
Older page: version 3 Last edited on Tuesday, November 15, 2005 11:30:28 am by zcat(1) Revert
@@ -3,6 +3,5 @@
 A rootkit is a patch or series of patches applied to your OperatingSystem to hide the presence of files and processes which are (from the user or sysadmin's perspective) not supposed to be there. 
  
 Early rootkits involved replacing many of the system binaries (ls, ps, who, top) with modified versions which would filter the 'hidden' information from their output. These days it's usually done by loading a kernel module which filters the hidden files and processes from low-level system calls. 
  
-  
-( a kernel hacker might be able to explain this better :) 
+Security tools such as [chkrootkit|http://www.chkrootkit.org/] or [tiger|http://savannah.nongnu.org/projects/tiger/] will check for telltale signs that a rootkit may have been installed. (or if you're using Windows, [Rootkit Revealer|http ://www.sysinternals.com/Utilities/RootkitRevealer.html] ). If you do find a rootkit don't bother looking for a 'rootkit remover'. Usually the fastest and surest way of removing it is to back up your data and reinstall the operating system.