Rootkits
Malware authors use rootkits to hide malware on your device, allowing malware to persist as long as possible. A successful rootkit can potentially remain in place for years if it's undetected. During this time, it steals information and resources.
How rootkits work
Rootkits intercept and change standard operating system processes. After a rootkit infects a device, you can't trust any information that device reports about itself.
If asked a device to list all of the programs that are running, the rootkit might stealthily remove any programs it doesn't want you to know about. Rootkits are all about hiding things. They want to hide both themselves and their malicious activity on a device.
Many modern malware families use rootkits to try to avoid detection and removal, including:
How to protect against rootkits
Like any other type of malware, the best way to avoid rootkits is to prevent it from being installed in the first place.
Apply the latest updates to operating systems and apps.
Educate your employees so they can be wary of suspicious websites and emails.
Back up important files regularly. Use the 3-2-1 rule. Keep three backups of your data, on two different storage types, and at least one backup offsite.
For more general tips, see prevent malware infection.
What if I think I have a rootkit on my device?
Microsoft security software includes many technologies designed specifically to remove rootkits. If you think you have a rootkit, you might need an extra tool that helps you boot to a known trusted environment.
Microsoft Defender Offline can be launched from the Windows Security app and has the latest antimalware updates from Microsoft. It's designed to be used on devices that aren't working correctly because of a possible malware infection.
System Guard in Windows 10 protects against rootkits and threats that affect system integrity.
What if I can't remove a rootkit?
If the problem persists, we strongly recommend reinstalling the operating system and security software. Then restore your data from a backup.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for