We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.

How do I Check my Computer for Rootkits?

By R. Kayne
Updated May 17, 2024
Our promise to you
WiseGeek is dedicated to creating trustworthy, high-quality content that always prioritizes transparency, integrity, and inclusivity above all else. Our ensure that our content creation and review process includes rigorous fact-checking, evidence-based, and continual updates to ensure accuracy and reliability.

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

Editorial Standards

At WiseGeek, we are committed to creating content that you can trust. Our editorial process is designed to ensure that every piece of content we publish is accurate, reliable, and informative.

Our team of experienced writers and editors follows a strict set of guidelines to ensure the highest quality content. We conduct thorough research, fact-check all information, and rely on credible sources to back up our claims. Our content is reviewed by subject-matter experts to ensure accuracy and clarity.

We believe in transparency and maintain editorial independence from our advertisers. Our team does not receive direct compensation from advertisers, allowing us to create unbiased content that prioritizes your interests.

Experts generally agree that it is difficult to guesstimate how many computers are compromised by malicious rootkits, but numbers appear to be climbing if the growing list of known rootkits is any indication. Infections are believed highest in the U.S., with as many as one computer out of every four infected, according to at least one estimate. Unfortunately, it isn’t easy to detect a rootkit as one of its main functions is to remain hidden. Software packages called “anti-rootkits” are available to scan for rootkits, but prevention is strongly recommended.

In some cases there can be telltale signs that a rootkit is present on a system. For example, a user might be doing word processing or simple Internet surfing when he or she notices the computer is processing data exceedingly slow. Upon checking the system it may become clear the computer processing unit (CPU) is low on resources. This could be because the CPU is doing background work for a rootkit. A poorly written rootkit might also cause a computer to crash repeatedly, though these problems could also be attributable to other causes.

To be safe it’s best to check your computer for rootkits weekly, then backup the clean system to safeguard against future problems. Some anti-rootkit packages offer to remove certain types of rootkits, but it is generally recommended that if a rootkit is found, the hard drive be reformatted and the system rebuilt. It is very difficult to be sure that a rootkit is completely removed, and in some cases removing a rootkit can leave “holes” in the system, rendering it unstable.

There are several types of rootkits and not all scanning programs look for all types of rootkits. “Signature-based” anti-rootkits look for known rootkits, which can be helpful if your system is infected with a known kit, but new rootkits are released into the wild every day. Other anti-rootkit programs look for rootkits in files, but not in the registry.

Anti-rootkit software from an untrusted source might actually be designed to install a rootkit rather than scan for one, making it wise to stick with programs released by well-known software companies that specialize in security software. A few popular anti-rootkit programs that fall into this category include AVG Anti-Rootkit, F-Secure’s BlackLight, Sophos Anti-Rootkit, and Panda’s Anti-Rootkit.

In April 2007 PC Magazine™ tested and reviewed several anti-rootkit programs for effectiveness. The Editor’s Choice went to Panda’s Anti-Rootkit, reported as delving deeper into the system than the other rootkit finders reviewed at the time. Panda Anti-Rootkit also found all planted rootkits in the test and like many other anti-rootkits, it’s free. Using more than one anti-rootkit program might also be prudent.

A sensible protocol to follow is to scan for rootkits weekly, then clone the hard disk or backup the system to an image located on a secondary drive. Using this strategy, if a rootkit should be found you needn’t rely on removal. A recent disk image allows the option of reformatting the infected drive then restoring the image to ensure a clean, stable system with little downtime.

To prevent downloading rootkits, avoid opening email that arrives from unknown sources, keep your operating system patched with the latest hotfixes, and run anti-virus and anti-spyware programs with current updates. To further minimize risk, use a firewall and don’t allow websites to install software unless you are sure the site can be trusted.

WiseGeek is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Discussion Comments
By voice49 — On Nov 07, 2011

Like some above, I also work in the I.T. field. My problem started while watching movies (Hulu) on-line. I heard a snap from my speakers and noticed my computers volume control had been set to mute. When resetting the volume my system froze to the point Ctrl/Alt/Delete was not an option. Only a cold shut-down would work. Upon further investigation, I noticed my remote desk top had been accessed (I always keep it disabled).

As days went on, it got worse, to the point it sounded like a faint radio station could be heard through my speakers along with hissing and other R.F.

After having to re-start five times in one night, I re-formatted my drive and all has been good. The strange thing is, this problem would start around a certain time of the evening. Any and all feedback is welcome.

By anon195627 — On Jul 12, 2011

Macintosh computers are just as hackable as other PCs. They just have fewer viruses because virtually no one uses them.

By ronburg44 — On Oct 21, 2010

As a security professional in the computing industry as well as a computer repair technician, I often find root kits installed on my client's computers. This very scary fact is hard for my clients to understand how it happened. One must realize that there is great harm that can be done from viewing malicious websites on the Internet. Very often these kinds of websites can be found on adult entertainment parts of the web.

An individual can take great care to avoid getting a root kit installed on their computer but the reality is that can happen to anybody. Unless you own a computer that is not susceptible to such attacks root kits are a reality of everyday security risks on the Internet for personal computer users. Be sure to run scans often as you do not want to find yourself in a situation where your most vital information has been used by a root kit.

By JoseJames — On Oct 21, 2010

I recently discovered a root kit installed on my computer and was absolutely amazed. The weirdest part for me was the fact that my computer did not act different at all. Many users report that when they have a root kit installed on their computer they noticed a significant decrease in performance and in Internet connectivity. I did not recognize either of these and I wonder if the root kit that was installed was simply not activated. Is it possible to have a root kit that is sleeping or is in a zombie like mode?

As the research for the security industry of computers advances, I hope that the ability to detect a rootkits will increase significantly. Only when we err able to get rootkits fully removed from computer systems will be be able to ensure the safety of our computing experiences.

By FrogFriend — On Oct 21, 2010

His way to ensure that your computer is not infected by a rootkit is to buy a Macintosh computer. Simply put the operating system that Apple Computer uses for its hardware is extremely durable and strong. if you do purchase an Apple Macintosh computer you will find that you do not have to remove root kits from the system because they simply do not exist. This is just one example of how Apple computers are extremely more secure than most Microsoft Windows-based operating system computers.

I recommend that you truly evaluate the security and safety of the computer hardware that you're using as it is extremely important in this day and age that your private data is protected. If you are trying to discover a rootkit on your system I wish you the best of luck and you should look into rootkit protection as a source of every day defense against these malicious software types.

By GlassAxe — On Aug 14, 2010

I use two scanning tools combined with McAfee Anti-virus software. My regular anti-virus software does a good job picking up most malware before it infects my system, but the other two tools I use will find most everything else that sneaks through.

I use Malwarebytes Anti-Malware tool, and McAfee Advert-stinger. Between these programs I have a two year old laptop that still runs fast, and has never crashed.

I have a lot of things on my hard drive valuable to me, so I take internet security seriously. My computer is central to me, keeping all of my schoolwork, pictures, music, and files safe. Most of the things on my computer would be hard to replace. The best rootkit removal tools are free, so I recommend that anyone with a computer download these applications.

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.