Rootkit originated from the concept of root access in the Unix operating system, which allows full user permissions to change files and settings. All rootkits serve the same general function to hide either their existence or the existence of another piece of malware.
A rootkit may consist of spyware and other programs that enable remote command, control or the ability to monitor activities, Create a “backdoor” into the system for the hacker’s use, alter log files, attack other machines on the network, and alter existing system tools to escape detection.So that it can carry out evil deeds on your system without you ever knowing and that because of the hiding behaviour that makes rootkits often very difficult to remove.
There are essentially three different kinds of Rootkit. The first kind, the “Kernel Rootkits” that usually add their own code to parts of the operating system core, whereas the second kind, the “Usermode Rootkits” are uniquely targeted to Windows to startup up normally during the system start-up, or injected into the system by a something called “Dropper”. The third type are MBR Rootkits or Bootkits which is a kind of malware that infects the Master Boot Record. This infection process enables the malicious program to be executed before the operating system boots.
Many vendors, including Microsoft, F-Secure, and Kaspersky, etc. offer software that can detect the existence of rootkits. However, the only sure way to get rid of the undetected rootkit is to completely erase the computer’s hard drive and reinstall the operating system.