Skip to content

What is rootkit?

FAQ » Virus FAQ » What is rootkit?

Print Copy link

Rootkit is an application (or set of applications), that hides its presence or presence of another application (virus, spyware, etc.) on the computer, using some of the lower layers of the operating system (API function redirection, using of undocumented OS functions, etc.), which makes them almost undetectable by common anti-malware software.

Please note that rootkits can be either correct or malicious. Correct rootkits may be installed as a part of legitimate application. The list of some well-known rootkits can be found in the FAQ 2346. Because of that it is necessary to pay close attention to the Anti-Rootkit results.

The "rootkit" term comes originally from UNIX system and UNIX-like systems and it is made up of two parts: "root" and "kit". The "root" level on UNIX systems is something like administrator privileges on Windows systems. The "kit" part then explains that these tools came to the system usually as a kit made up of more tools.

Rootkit can get to a computer using various ways. The most common way is through some trojan horse or some suspicious email attachment. Also surfing the web may result in installation of a rootkit, for example when "special" plugin (pretending to be legitimate) is needed to correctly view some webpage, to launch some file, etc.

Was this information helpful to you?

I want to know more: Read user guide