How to find a rootkit

If you suspect that your computer is infected, the following techniques can help you find the rootkit.

Signature scanning: Computers deal with numbers. A software signature is a set of numbers used as its representation in computer language. You can scan your computer against a database of known Rootkit signatures and see if any of them appear.

Memory dump analysis: When your Windows machine crashes, it also generates a file called a memory dump or crash dump. A skilled technician can examine this file to determine the source of the crash and see if it was caused by a rootkit.

System Memory Search: Searches the computer's system memory to see if there are any problems. During the search, check all entry (access) points for signs of called processes and track all incoming library calls from DLLs (dynamic link libraries). Some may be hooked or redirected to other functions.