A Rootkit virus is a stealth type of malware that is designed to hide the existence of certain processes or programs on your computer from regular detection methods, so as to allow it or another malicious process privileged access to your computer. Sometimes a rootkit may even fool your antivirus software and avoid being detected. It is at such times, that you may need to take help of special Rootkit Remover or Removal Tools.
Rootkit Remover
Here is a list of a few Rootkit Removers, most of which we have already covered on this site.
Kaspersky TDSSKiller
I have a kernel rootkit.!!! AVG scan kill every hidden process that recognize, but, after the boot time the problem is still present. My PC has an high cpu load, temperatures over 90 °C (Notebook) and when I try to scan for virus, malware, spyware, rootkit, it crash in BSOD. I have no AVG detections or any real reason to be suspicious, but ran a GMER scan and it reported 'unknown MBR code.' It does not have any obvious indications of a rootkit (e.g. As sometimes seen in GMER results).
Kaspersky Lab has developed the TDSSKiller utility for removing malicious rootkits. It is among the better rated anti-rootkit tools and can detect and remove most rootkits.
Bitdefender Rootkit Remover
The Bitdefender Rootkit Remover removes all known Rootkits. It is a portable tool that can be launched immediately, without needing to boot into Safe Mode first- although a reboot may be required for complete cleanup.
McAfee Rootkit RemoverMac Rootkit Remover
McAfee Rootkit Remover is ‘command-prompt-look-alike’ tool that can be used to detect and remove complex rootkits and associated malware. To run McAfee Rootkit Remover, navigate to the folder that contains the downloaded RootkitRemover.exe file. Run the tool as an Administrator for best results. The tool has no UI.
Malwarebtytes Anti-Rootkit
Malwarebytes Anti-Rootkit is also a stand-alone portable tool that will help Windows users to detect and remove the nastiest malicious rootkits from their computers. Once you have downloaded the tool, you will have to extract the contents of the zipped file, and from the folder run mbar.exe.
Sophos Rootkit Removal Tool
Sophos Rootkit Removal Tool scans, detects and removes any rootkit that is hidden on your computer using advanced rootkit detection technology. Rootkits can lie hidden on computers and remain undetected by antivirus software. Although new rootkits can be prevented from infecting the system, any rootkits present before your antivirus was installed may never be revealed. You can download it here. This tool requires an installation.
Oshi Unhooker
Oshi Unhooker is a free rootkit scanner that scans and removes any hidden rootkit from your computer. Simply start the executable file and click on Start scan. With just a single click, Oshi Unhooker can identify and remove all the rootkits found on your PC and prevent them from stealing or sharing your private information.
avast! aswMBR Rootkit Scanner
avast! aswMBR is a free rootkit scanner that scans for TDL4/3, MBRoot (Sinowal), Whistler and other rootkits too.
Trend Micro RootkitBuster
Trend Micro RootkitBuster is a free portable tool that scans hidden files, registry entries, processes, drivers, and the master boot. Trend Micro RootkitBuster can find rootkits by checking the Master Boot Record (MBR), Files, Registry entries, Kernel code patches, Operating system service hooks, File streams, Drivers, Ports, Processes and Services.
Also take a look at GMER Rootkit Detector and Remover.
Do let us know if we have missed mentioning some other free rootkit removal tools.
Need a second opinion about the security status of your computer? You might want to check out these Free Standalone On demand Antivirus Scanners for Windows. If you are looking for a a free anti-executable security software to protect your Windows PC from malware, have a look at VoodooShield.
TIP: Download this tool to quickly find & fix Windows errors automatically
Related Posts:
Microsoft yesterday clarified the advice it gave users whose Windows PCs are infected with a new, sophisticated rootkit that buries itself on the hard drive's boot sector.
Several security researchers agreed with Microsoft's revisions, but a noted botnet expert doubted that the advice guaranteed a clean PC.
Last week, the Microsoft Malware Protection Center (MMPC) highlighted a new Trojan, dubbed 'Popureb,' and said that the only way to eradicate the malware was to use a recovery disc.
Because a recovery disc returns Windows to its factory settings, Microsoft was essentially telling users that they needed to reinstall Windows to completely clean an infected PC.
That recommendation was similar to what Microsoft had offered more than a year ago, when another Trojan buried rootkit code into the master boot record (MBR) of the PC's hard drive.
On Wednesday, MMPC engineer Chun Feng clarified Microsoft's advice.
'If your system is infected with Trojan:Win32/Popureb.E, we advise fixing the MBR using the Windows Recovery Console to return the MBR to a clean state,' Feng wrote on an updated blog yesterday.
Feng provided links to instructions on how to use the Recovery Console for Windows XP, Vista and Windows 7.
Once the MBR has been scrubbed, users can run antivirus software to scan the PC for additional malware for removal, Feng added.
Malware like Popureb is especially difficult to detect and delete once it's on a system because it overwrites the hard drive's MBR, the first sector -- sector 0 -- where code is stored to bootstrap the operating system after the computer's BIOS does its start-up checks. Because it hides on the MBR, the rootkit installed by Popureb makes not only itself, but any follow-on malware installed by it later, invisible to both the operating system and security software.
MBR rootkit malware is among the most advanced of all threats, researchers said yesterday during interviews about a different family, called 'TDL-4,' a bot whose collection of compromised computers they called 'practically indestructible.'
Several security firms have also weighed in on the debate about whether users need to reinstall Windows.
'Reinstalling is definitely overkill for this malware problem,' said Vikram Thakur, principal security response manager with Symantec, in an interview today. 'It can be resolved simply by fixing the MBR via an external disk.'
Symantec offers a tool to help users do that.
Named 'Norton Bootable Discovery Tool,' the free download creates a boot disc for starting up the PC without accessing the hard drive -- and thus without loading the infected MBR. Once the Windows machine boots using the recovery disc, the tool downloads new malware signatures -- the digital 'fingerprints' antivirus software uses to detect threats -- sniffs out signs of infection and if necessary, cleans the MBR.
'When you fix the MBR, you pretty much expose the threat itself to other applications, including antivirus applications,' said Thakur. 'They can then pick up on the threat, and delete it.'
Other researchers with Webroot and CA agreed with Thakur that Popureb could be removed without reinstalling Windows.
But an internationally-known botnet expert disagreed.
![]()
Joe Stewart, director of malware research at Dell SecureWorks, said that reinstalling Windows was the only way to insure that MBR rootkits and the additional malware they install are completely removed.
'Once you're infected, the best advice is to [reinstall] Windows and start over,' said Stewart. '[MBR rootkits] download any number of other malware. How much of that are you going to catch? This puts the user in a tough position.'
Marco Giuliani, the Webroot threat research analyst who published his own analysis of Popureb, cautioned that users may end up having to reinstall Windows after all.
'What is really a nightmare is that [Popureb] looks like it has bugs and sometimes it hangs the system during the reboot stage,' Giuliani wrote on the Webroot blog. 'This could become a problem that would require you to perform a full system reinstall.'
Mac Rootkit Detector
In a follow-up statement today, Microsoft seemed to acknowledge that users could encounter problems with the MMPC advice, and may need to restore their PC from a recent backup.
'Microsoft recommends that customers whose systems are infected with Trojan:Win32/Popureb.E, contact Microsoft PCSafety, who can help them identify and remove malware from their systems,' said Jerry Bryant, general manager of with Microsoft's Trustworthy Computing group, in an e-mailed statement. 'While using the recovery console to address Master Boot Record (MBR) issues is not designed to affect personal files, we continue to recommend customers practice reasonable back-up processes.'
Avast for mac: what do blue shields info means in urdu. PCSafety is a toll-free telephone support line that Microsoft operates for customers with malware-infection problems. The number in the U.S. is: 866-727-2338.
Gmer
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is [email protected].
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |