Helping people with computers... one answer at a time.

NTRootKit appears to be a hacker tool that once installed in your computer can gain admin access and perform various functions.

What is NTRootKit?

From McAfee and Network Associates: "The NTRootKit is a hacker tool, used after an attacker has gained admin access to a Windows NT/2K system. Once the NTRootKit has been installed, an attacker can perform various functions..." Read their article. Yet another reason to scan for viruses regularly.

Article C2040 - June 14, 2004 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

September 30, 2004 10:20 PM

Hi there, I am really getting cheesed with this "ntrootkit.exe" file that appears each time I turn on the computer. How can I get rid of that screen, as well as the rootkit. I did have NORTON protection, but since last week no more, so I am using only Temporary protection.

My plan is to get McAfee of such as soon as possible.
Hope you can drop my a note, to help

Chris Yost
April 3, 2009 7:55 AM

Keep in mind that McAfee, while more user-friendly that it used to be, had its engine fail in a VB100 test as recently as last February.

Not to advertise for anyone, but if you're not happy with Symantec (formerly known as Norton), go for Avast which is free, and only requires an initial registration followed by an annual registration (which usually works fine) -- it's free, it's trusted, and it's been known to find stuff McAfee and Symantec have missed. And I'm speaking as a Symantec partner!

On the NTRootkit, I'm surprised Symantec didn't kill it (IF it's a virus; some malware just isn't designed to be picked up on AV programs because it's not a virus). Install Spybot Search and Destroy (another free and highly-trusted download), update it, and let it run -- should take about 45 minutes to an hour to run completely -- that usually finds *all* the nasties.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.