Rootkit and Hidden File Scanning
Applicable Products
Total Defense Anti-Virus V8, Total Defense Internet Security Suite V8
Problem Summary
What is Rootkit and how do I enable or disable Rootkit scanning option?
Problem Resolution
What is a Rootkit
 
A Rootkit is a set of software tools that can be used to take control of a system while avoiding detection. Rootkits can be persistent, embedding themselves within the host system to survive a system restart, or can reside only in memory and thus disappear after a reboot. Rootkits that change libraries and executables used by system users and administrators are called user-mode Rootkits, while those that work at a deeper level, changing parts of the operating system, are called kernel-mode Rootkits.
 
Rootkits avoid detection by hiding their components and by-products from the host system. For example, some Rootkits remove self-incriminating names from file and process lists before sending the results on to the requesting application.
 
Some Rootkits are so intrusive they can hijack the operating system. According to research reports, there have been some noteworthy recent trends in Rootkits:
  • Rootkits spread beyond Trojans to others forms of malware
  • Rootkit sophistication is increasing
  • Embedded windows Rootkits are becoming more dominant
  • Rootkit attack vectors have been found in both illegitimate and legitimate software 
The RootKit and Hidden File Scanning is enabled by default when the Total Defense Security Suite is installed. In order to disable the Root Kit scanning follows the steps given below:
 
1. Open Total Defense Security Center.
 
    To do this, from the Start menu, select All Programs, Total Defense, Internet Security Suite and Security Center.  (OR)
    You can also Right click the Total Defense icon on the bottom right of your computer screen (in the system tray) and select Home.
 
    The Total Defense Security Center window will open.
 
2. Click the Update Settings listed on the My Computer panel.

           The Settings tab would be selected by default.
 
3. Click the Threat Settings sub tab and scroll down.
 
      4. Clear the box for Use Rootkit and Hidden Files Scanning.
 
 
         
Currently this capability is available only through Full and Quick Scan options not through Folder Scan. This option will not be effective if you perform folder scan on a Rootkit infected folder.
 
Restoring Rootkit will not restore all hooks they have placed in a system – it restores only files and registry entries.