How To Scan For Rootkits


What Is A Rootkit

Rootkits according to Wikipedia:

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.

I thought I had one because when I went to reply to some comments from here (or to comment on another site), I would go to the email field, click on it and the auto-fill options would display. A strange email would display that wasn’t mine: correo@ejemplo.com. I thought it was a browser issue but couldn’t find it in any of the saved data. I checked online forums but couldn’t find any suitable solution. So I put the address in a search engine and it would end up at some Spanish websites. I was convinced it was a Spanish email so I put the words correo and ejemplo in Google translate. Correo means mail and ejemplo means example. So, in English it’s mail@example.com. Now I understood. It was giving an example of how to format an email address, but in Spanish, so I didn’t understand what it meant. This happens only on a WordPress site.

email-field-correo-at-ejemplo

Some Recommendations

So I found no Rootkit but if you suspect one on your system, here are my recommended scanners:

1. Malwarebytes


malwarebytes-settings-protection-scan-for-rootkits

Open Malwarebytes. Click on Settings, down the left-hand side, then the Protection tab across the top. In the Scan Options section, click on the little switch by Scan for rootkits if not already on.

2. SUPERAntiSpyware

This one also scans for Rootkits but I couldn’t find any specific settings that referenced it.

3. TDSSKILLER


kaspersky-tdsskiller-change-parameters

Accept the license agreement and statement when starting. It’s recommended to click on Change parameters, then check both Verify file digital signatures and Detect TDLFS file system. Then click OK, and then Start scan.

kaspersky-tdsskiler-additional-options

4. Trend Micro RootkitBuster

trend-micro-rootkit-buster

Make sure all options are checked and click on the Scan Now button.

5. Bitdefender Removal Tool


bitdefender-removal-tool

Just hit the Start Scan button.

I also tried one called aswMBR but it caused my system to Blue Screen so I’m hesitant to recommend it. So, what are your recommendations? Mention your choice in the comments.

About the Author

Terry Hollett

Terry is a self-taught computer aficionado, who after being exposed to Windows 3.1 in the early 1990's devoured every book and magazine on the subject he could get his hands on. A published author with over 20 years' experience building and servicing computers for friends and family he started his first website in 2002 at Hit Any Key.

4 Comments

  1. Well Terry, I rely on KIS and Malwarebytes. Both are registered versions (not the free ones). They work very well together. Highly recommend both as I have used them for many years. The reason we install security software is not to just remove something once you are infected, rather to protect and prevent you from getting infected. Hope this makes perfect sense to all, Mindblower!

  2. Doesn’t Windows Defender Offline also scan for rootkits? And what about Microsoft’s Malicious Software Removal Tool? Both of these are built into Windows.

  3. Most anti-virus programs should be able to scan for rootkits today. At one time Malwarebytes use to have the rootkit scanner disabled by default. Keep in mind no program, paid or free is 100% perfect so it doesn’t hurt to have a second opinion or even a third.

Leave a Reply

Your email address will not be published. Required fields are marked *