A rootkit is a type of malware that can hide the existence of certain processes or programs.
These processes or programs can evade normal methods of detection. If your computer is infected with a rootkit it will reload itself each time your computer is restarted.
If an attacker can gain root or Administrator access they can install a rootkit. This can be done by exploiting a known vulnerability, acquiring a password or by social engineering. Emails with attachments are one of the most common attacks. A seemingly innocent attachment can carry a dangerous payload. Once the malware is installed it becomes possible to hide the intrusion as well as to maintain privileged access. Most root kits disable software that might otherwise be used to detect or circumvent it.
A ‘clean boot’ and scan or re-installation of the operating system may sometimes be the only available solution to this type of infection.
The Spybot S&D liveCD can often fix this type of problem as it will allow you to do a clean boot of Windows. Doing a clean boot using Linux and running a scan is not as effective as it will not scan all the registry hives.