Rootkits work by using an array of methods to manipulate the Windows operating system, and in effect the user cannot detect the malware program running while running normal Windows programs. For instance, you won't be able to view any of the malware files by using Windows Explorer or any other typical file viewer.

So how do you know if your system is in fact infected with a rootkit? Unfortunately, the vast majority of antivirus and antispyware scanners are not capable of detecting them, though that technology may become in the near future. However, for the time being, in order to successfully detect a rootkit, you'll need a special rootkit detector.

Rootkit detectors must work from within the system of the potentially infected computer. Detecting rootkits under these circumstances can prove to be very difficult, even though there are several different techniques that can be used. The problem lies in the fact that the developers of the the rootkits are also aware of these methods, and they are constantly adapting and evolving their malicious products to make them more difficult to remove. Because of the ever changing nature of this process, there is no such thing as a flawless rootkit detector. Depending on how advanced the rootkit in your system is, standard rootkit detection may or may not be successful.

Because of the fast pace at which rootkits and their rival detectors evolve, it is highly recommended that instead of depending solely on one rootkit detector, that you employ a variety of them to maximize your chances of extinguishing the problem.

One popular and effective rootkit detector is RootkitRevealer from Sysinternals. This free application works by comparing the user's mode information to kernel mode and then illustrates the differences between the Registry and the file system. It is a simple executable file, so you will not need to perform any sort of installation to use the utility. RootkitRevealer also allows you to scan NTFS alternate data streams for the purpose of detecting hidden code. By default this option is set to off, and it should be noted that using it may result in several false positives, and therefore may be best reserved for more experienced users. RockitRevealer may effectively remove rootkits, but at this time it does not offer rootkit removal. There are some rootkit detection tools however that do support rootkit removal.

Removing a rootkit is not a simple process, as it requires the removal of the rootkit itself as well as the removal of the malware that was being concealed by the rootkit in the first place. Because of the fact that rootkits function by altering the Windows operating system, it may not be entirely possible to completely remove the rootkit without jeopardizing the stability or functionality of Windows itself. Removing the malware after successfully removing the rootkit presents the same problems as removing any other malware from your system. However, if your system becomes unstable as a direct result of the removal of the rootkit, it may not be possible to then successfully remove the malware.

If you have a backup image of your drive, you can potentially use that to restore your drive, assuming of course that you created the drive image prior to the drive being infected by the rootkit. It is also necessary that your imaging program restores your disk's boot sector, otherwise the problem will persist.

In the event that you are still unable to effectively remove the rootkit from your system, you may want to consider hiring a qualified technician to evaluate the situation and further advise you on your options.