Hacktool.Rootkit is a detection name used by Symantec to identify malicious software programs that allows attackers to break into a system and hide the attack from the users.
Hacktool.Rootkit may include a back door allowing a remote attacker to access the compromised computer. They can be made up of a variety of programs and scripts that gain root access on a system and attempt to hide evidence of the intrusion.
There are two main types of rootkits:User-mode rootkits:
User-mode rootkits manipulate processes, services, and applications by targeting system calls sent from applications run by a user.Kernel-mode rootkits:
The kernel-mode rootkit is more sophisticated since it takes control of the operating system by hooking and manipulating system calls and APIs at a lower level.
Once installed, a rootkit may perform any of the following actions on the compromised computer:
- Avoid Detection
- Hide files and folders
- Hide malicious code
- Hide network connections
- Hide system processes
- Log keystrokes
- Modify systems
- Open a back door
If a Symantec antivirus product displays a detection alert for this threat, it means the computer is already protected and the Symantec product will effectively remove this threat from the computer.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.