Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!


What is NTRootKit?


From McAfee and Network Associates: “The NTRootKit is a hacker tool, used after an attacker has gained admin access to a Windows NT/2K system. Once the NTRootKit has been installed, an attacker can perform various functions…” Read their article. Yet another reason to scan for viruses regularly.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Posted: June 14, 2004 in:
« Previous post:
Next post: »

Leo Who?

I'm Leo Notenboom and I've been playing with computers since I took a required programming class in 1976. I spent over 18 years as a software engineer at Microsoft, and "retired" in 2001. I started Ask Leo! in 2003 as a place to help you find answers and become more confident using all this amazing technology at our fingertips. More about Leo.

2 comments on “NTRootKit”

  1. Hi there, I am really getting cheesed with this “ntrootkit.exe” file that appears each time I turn on the computer. How can I get rid of that screen, as well as the rootkit. I did have NORTON protection, but since last week no more, so I am using only Temporary protection.

    My plan is to get McAfee of such as soon as possible.
    Hope you can drop my a note, to help

  2. Keep in mind that McAfee, while more user-friendly that it used to be, had its engine fail in a VB100 test as recently as last February.

    Not to advertise for anyone, but if you’re not happy with Symantec (formerly known as Norton), go for Avast which is free, and only requires an initial registration followed by an annual registration (which usually works fine) — it’s free, it’s trusted, and it’s been known to find stuff McAfee and Symantec have missed. And I’m speaking as a Symantec partner!

    On the NTRootkit, I’m surprised Symantec didn’t kill it (IF it’s a virus; some malware just isn’t designed to be picked up on AV programs because it’s not a virus). Install Spybot Search and Destroy (another free and highly-trusted download), update it, and let it run — should take about 45 minutes to an hour to run completely — that usually finds *all* the nasties.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.