RootKit
A rootkit is a type of malicious software designed to give unauthorized access to a computer when it is encrypted. Rootkits are commonly used to maintain control over infected systems by modifying operating system settings, files, and logs.
Characteristics:
It works somewhere deep in the operating system.
They hide their own opinions and those of others.
It can block antivirus software and other security tools.
It is often used to install spyware, ransomware, or other malware.
Types of Rootkits:
- Kernel-Level Rootkits: Modify operating system basics.
- User-Level Rootkits: Modify system binaries or modify system processes.
- Firmware Rootkits: Inhabit firmware such as BIOS or UEFI.
- Virtualized Rootkits: Create virtual machines that will run the target OS under their control.
Pumakit
PUM (Potentially Unwanted Modification) Akit is a class used by Malwarebytes and other security tools to report potentially unwanted modifications to a system configuration. Usually it refers to a change that could compromise the security or performance of the system, although it is not necessarily malicious.
Typical issues with Pumakit:
- Change the registry key.
- System settings have been changed (e.g., security settings or task scheduler changes).
- Change settings that make it easier for malware to exploit.
Signs of Effects
- Unexplained slow performance.
- The safety devices are activated.
- Modified or missing files.
- Abnormal system behavior, such as an unexpected reboot.
Removal Steps
- Use antivirus and anti-malware tools: Use tools like Malwarebytes, Norton, or Kaspersky.
- Boot in safe mode: Prevent malware intrusion by isolating the system.
- Check system logs and processes: Identify anomalies and eliminate bad processes.
- Restore the modified settings: Use a trusted registry cleaner or manual checks to correct the changes.
- Consider reinstalling the OS: If the rootkit is deeply embedded, reinstalling it may be the safest option.
