A rootkit is a set of software tools intended to conceal running processes, files or system data from the operating system. Rootkits have their origin in relatively benign applications, but in recent years have been used increasingly by malware, helping an intruder to maintain access to a system whilst avoiding detection. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules.

A rootkit's only purpose is to hide files, network connections, memory addresses, or registry entries from other programs. However, a rootkit may be incorporated with other files which have other purposes. It is important to note that the utilities bundled with the rootkit may be malicious in intent, but a rootkit is essentially a technology; it may be used for both productive and destructive purposes.

There are inherent limitations to any program that attempts to detect rootkits while the program is running under the suspect system. Rootkits are suites of programs which modify many of the tools and libraries upon which all programs on the system depend.

The best and most reliable method for rootkit detection is to shut down the computer suspected of infection and check its storage by booting from an alternative media (e.g. rescue CD-ROM or USB flash drive). A non-running rootkit cannot hide its presence and most established antivirus programs will identify rootkits armed via standard OS calls (which are supposedly doctored by the rootkit) and lower level queries, which ought to remain reliable. If there is a difference the presence of a rootkit infection can be assumed. Rootkits attempt to protect themselves by monitoring running processes and suspending their activity until the scanning has finished.

Security vendors envision a solution by integrating rootkit detection into traditional antivirus products. Should a rootkit decide to hide during the scan process, it will be identified by the stealth detector. If it decides to temporarily unload from the system, the traditional antivirus will find it using fingerprint detection. This combined defense may force attackers to implement counter-attack mechanisms (so called retro routines) in their rootkit code that will forcibly remove security software processes from memory, effectively killing the antivirus program. As with computer viruses the detection and elimination of rootkits will be an ongoing struggle between the creators of the tools on both sides of this conflict.

1) SmartScan uses a different and unique approach: its duty is the complete ERASING of virus, tojans and rootkits after these threats have reached your pc. So, it will be used not to prevent the threats but to CLEAN your pc out of them!

2) SmartScan does another innovative step forward respect the other similar programs because it's virtually the only which is conceived to work on a normal MS Windows session (so, it doesn't need to re-boot in Safe Mode neither in MS-DOS). SmartScan works by searching the infective traces in the computer memory, inoculating our code to block the activity of the virus process to finally stop it and then cleaning the Registry calls whiches it uses to replicate at each re-start.

SmartScan's research will be done process by process, modules by process, modules by modules then in the whole memory area hold by each process...

Time by time SmartScan will use the right technic to defeat the virus depending on the instructions loaded with the definitions file *.dat.

3) SmartScan has also a process monitor which controls the running Tasks and the state of the Services whiches are currently running. Each Task/Service is identified by its process ID and by right-clicking on its name the user can choose what to do:

- scanning the single process
- removing the single process
- dumping the file which has started the process (*)
- dumping the whole memory used by the process (*)

(*) Both these functions are intended to be used to study the virus proces and life

4) SmartScan runs in Self-Hiding Mode so it cannot be detected and stopped by any viral agent which try to detect and kill any antivirus.

5) SmartScan download and reload its definitions list and any necessary *.dll by using its Live Update utility. So you'll be sure you'll have always the newest update each time it has been issued .