Best anti-rootkit tools

A rootkit is a - typically harmful - group of software, generally associated with malware. Rootkits can infiltrate your computer undetected and intercept system functions without you becoming aware of it.

Anti-rootkit tools protect against this harmful software, identifying its presence by detecting suspicious behaviour and then removing any rootkits discovered.

Of course, the risks associated with rootkits can be mitigated to some extent by maintaining up to date antivirus software, but a dedicated anti-rootkit scanner can add another much-needed layer of protection.

The most sophisticated rootkits out there will be difficult to detect and might even trick your antivirus into ignoring them or prevent it from running. Luckily there are dedicated products on hand to help.

Here, we run through the best tools available to keep rootkits at bay.

Read next: Best antivirus for businesses

Additional reporting by Tamlin Magee

Malwarebytes Anti-Rootkit Beta

Malwarebytes Anti-Rootkit Beta

Malwarebytes Anti-Rootkit Betais a standalone product designed to detect and remove rootkits on Windows PCs. The tool performs a deep scan of your computer for any suspicious activity.

It notifies you when it detects a threat and offers to remove them. The scan is then repeated until no threats remain. The scan takes time but it digs deep to detect embedded rootkits. It's currently in beta, hence the name, which means there’s no guarantee that it will cause no errors though.

Rkill
Getty Images/iStockphoto

Rkill

Security website BleepingComputer developed Rkill, a programme designed to find and terminate malware processes, especially when your normal anti malware software is being prevented from running.

The creators say that it stops malware processes and also removes incorrect executable associations, as well as fixing policies that prevent the user from running certain tools.

The developers note that as Rkill just terminates a program's running process rather than deletes files, it is best used to give you space to then run scans that were previously being prevented - restarting your device will probably just restart the malicious processes again.

Zemana
Getty Images/iStockphoto

Zemana

Zemana offers home, business, and mobile versions of its antimalware and antilogging software. The free version promises effective rootkit and bootkit detection and removal.

The company has posted a blog that will guide you through the rootkit removal process, and you can access the free version of the software here.

HitmanPro
Getty Images/iStockphoto

HitmanPro

This is a malware removal tool now owned by Sophos that promises to get "your computer back to a pre-infected state in no time" and works in tandem with whatever your existing security package.

So it's useful in particular as a secondary tool, especially if your normal antimalware software is having trouble running (or is not so great at detection). It's not free, although Sophos does offer a 30-day free trial.

TDSSKiller

TDSSKiller

TDSSKilleris a free anti-rootkit tool developed by Russian security software maker Kaspersky Lab. The software examines the system and provides a summary of the results, or a more advanced report if you desire. It can then remove any rootkits that it finds.

The utility is free and completes a scan in around 15 seconds. It also lets you choose which areas of the computer to scan. It can run unattended and in both normal and safe mode on Microsoft Windows.

McAfee RootkitRemover

McAfee RootkitRemover

McAfee RootkitRemovercan detect and remove the ZeroAccess, Necurs and TDSS family of rootkits, with more families of rootkits planned for future releases of the tool. It's a standalone utility that's free to download. And given McAfee's impeccable cybersecurity credentials, we'd bet on its effectiveness.

Norton Power Eraser

Norton Power Eraser

Norton Power Eraseris another free threat removal tool for Windows that supplements your standard antivirus software. To run the scan in rootkit mode, you need to restart your computer before it launches.

The software checks the results against a list of trusted and malicious applications and marks any of the latter for removal. The scan is so aggressive that it could harm non-malicious files, but the damage can be undone by restoring a removed detection.

chkrootkit

chkrootkit

chkrootkitis the only tool on our list that runs on Linux. The programme searches the local systems for signs of suspicious activity and checks for known rootkit files, scanning servers for compromises.

The software then sends an email report to the system administrator with details of any threats that it discovers. The tool is available for free but new releases aren’t as regular as some of the Windows tools we recommend.

GMER
iStock

GMER

GMERis a free rootkit detection tool for Windows developed by Avast. The software is lightweight and doesn't require a system restart, but it proves a thorough scan that detects deeply-embedded threats.

It isn't that easy to use, however, and the interface is stark. Users need to understand the results it produces, as it may flag potential evidence of a rootkit that is actually something used by legitimate applications that shouldn't be removed. If you want a more straightforward tool, you may be better served by one of the other ones on our list.

aswMBR
iStock

aswMBR

aswMBRfrom Avast is a free rootkit scanner that detects a range of malware including TDL4/3(Alureon), ZAccess, MBRoot (Sinowal), Whistler, SST, Cidox and Pihar. The current version adopts 'Virtualisation Technology' to help detect stealth malware.

You can download from the link as long as your device supports the hardware virtualisation.

Bitdefender Rootkit Remover
iStock

Bitdefender Rootkit Remover

From impressive cybersecurity and anti-virus software company Bitdefender, the Rootkit Remover is another free download. It effortlessly disposes of Mebroot, all TDL families (TDL/SST/Pihar), Mayachok, Mybios, Plite, XPaj, Whistler, Alipop, Cpd, Fengd, Fips, Guntior, MBR Locker, Mebratix, Niwa, Ponreb, Ramnit, Stoned, Yoddos and Yurn, as well as cleaning Necurs infections.

Copyright © 2018 IDG Communications, Inc.