Finding a Hidden Intruder On Your Hard Drive

Doug Hayman, DO-IT Staff

In recent years, DO-IT Scholars have brought in computers exhibiting strange symptoms. When we used traditional tools to scan for virus or malware infection, only a few minor issues were found and removed, but the issues were not resolved and the odd computer behavior persisted.

Photo of DO-IT Scholar using her laptop during a Summer Study lab session.
Phase I Scholar Lindsey uses her DO-IT-issued computer during a Summer Study lab session.

What we found lurking in the computers were root kit intrusions, which are a collection of programs that break through vulnerabilities in your computer's hard drive. A root kit intrusion creates a directory that is hidden from the view of the user and the operating system. Inside is the harmful payload that can be triggered to open and load into memory when the computer boots up, leaving the computer process to run amok again and again despite the best efforts to clean the system. If the operating system cannot see the directory, the virus scanning software doesn't know to look there either.

A couple of free tools for the newer versions of the Microsoft Windows Operating systems are Microsoft's Security Essentials and TDSSkiller by the anti-virus company Kaspersky. The later can be downloaded from www.bleepingcomputer.com/download/tdsskiller. As for Microsoft Security Essentials, it clashes with the latest version of Sophos antivirus we currently use on Scholar machines so it is best not to install both on the same computer.

As always, it is best to be proactive and practice safe computing activities rather than struggle to restore a machine that has become infected.