15 AntiRootkits to Detect and Remove Malware that Uses Rootkit Technology

Unlike the previous list of antirootkit detection tools which is meant for average computer users to automatically recognize rootkit infections and offer to remove them, the 5 free utilities below are meant for advanced users to manually analyze hidden processes, drivers, registry keys, files, startup entries, services, scheduled tasks, ring0 and ring3 hooks, etc and self determine if the items are safe or malicious. Other than using them to detect rootkits, it can also be used to find other malware such as trojan, rogueware, worms and viruses.

11. AntiSpy

AntiSpy is a new portable tool that the first version was released early 2013 and a new version has been released every month. The official website is in Chinese but the program is fully in English. Running the executable file will open up a window with a couple tabs allowing you to view both visible and hidden items.


As you can see from the AntiSpy screenshot above, a process colored in red is found to be suspicious and right clicking on the item provides many options to investigate or take action such as kill and delete file. The registry, service and autostart tab is worth looking at because you are able to delete protected registry keys that cannot be done from regedit.exe, view hidden services that don’t show up in services.msc and reveal hidden items that autostart with Windows. As good as it is, AntiSpy is short of a low-level file browser to view hidden files and folders.

Download AntiSpy

12. GMER

GMER has been around since 2006 and is still being actively developed today with full 64-bit support. An advantage in GMER is it will automatically start a quick scan upon running to find system modification which might have been caused by rootkit activity.


We found that GMER is more of an analyzer rather than a tool to remove antirootkits because you can only kill process but without an option to delete running processes, modules, registry keys and autostart items. The “Files” tab where you can access your files from in an Explorer-like interface also doesn’t seem to show files and folders that are hidden by rootkits.

Download GMER

13. NoVirusThanks Anti-Rootkit

This anti-rootkit tool by NoVirusThanks is free for non commercial use and is recommended to be used by experienced users because the program shows a lot of technical information especially code hooks although the less experienced users can still run a quick scan on the Quick Report tab to find any process that runs hidden and is labeled as suspicious. There is a “Hosts File” tab which is often ignored by most antirootkit tools to check if it has been modified by malware block security websites.

NovirusThanks Anti-Rootkit

The program requires installation and works from Windows 2000 to 7 on 32-bit only.

Download NoVirusThanks Anti-Rootkit

14. PC Hunter

PC Hunter is a free anti-rootkit that is developed from XueTr (also an anti-rootkit tool) that comes in both Free and Pro version. Compare to the rest, PC Hunter seems to have the most options to view processes, kernel module, ring0 and ring3 hooks, network connections, startup info, file association, firewall rules, and even useful tools like a registry editor, file manager, safeboot repair, enable disabled registry and task manager.

PC Hunter

If you’re stuck with interpreting the results, it is possible to generate a report from the “Computer Examination” tab, export it to a external text file and send it to an expert to get help in identifying rootkits. PC Hunter works from Windows 2000 to 8 and even has a special 64-bit build that can be used from Windows 7 x64 onwards.

Download PC Hunter

15. PowerTool

PowerTool is not just another rootkit analyzer tool because it has its own unique features. Other than viewing hidden process, kernel module, hooks, file, registry, startup items, services and network connections, some of the useful features found in PowerTool are showing the status of item that are normally disabled by malware from the System > Repair tab.


The loophole tab shows the critical patches that isn’t installed on your Windows operating system and the hardware tab analyzes the basic hardware on your computer together with the CPU, hard drive and video card temperature. The PowerTool for 32-bit is currently at version 4.3 while you should download the version 1.2 if you’re looking for the 64-bit. During testing we occasionally experienced the program crashing with a runtime error.

Download PowerTool

Additional Tests: There are some standalone offline on-demand malware scanners offered for free usage by antivirus companies that claims to detect rootkits. We’ve tested COMODO Cleaning Essentials, Dr.Web CureIt!, F-Secure Safe Easy Clean, Sophos Virus Removal Tool, VIPRE Rescue and VirIT eXplorer Lite but unfortunately none of them detected any of the 3 rootkit keyloggers installed on our test system.

Final Note: No matter how user friendly or easy it is to use the anti-rootkit tools, you must use it with care to avoid wrongly disabling an important process/driver that may cause Windows not to boot up properly. Always get advice from tech support forums or perhaps send the suspicious file to antivirus companies using X-Ray to get confirmation if the file is a rootkit.

34 Comments - Write a Comment

  1. austin o'brien 3 years ago
  2. weeble 5 years ago
  3. janice marlow 7 years ago
  4. Jo 7 years ago
  5. Bill 9 years ago
  6. Alexandre Marcondes Machado 9 years ago
  7. owolabi,babatunde oluwaseyyi 9 years ago
  8. John 9 years ago
  9. leonardo 9 years ago
  10. joe 9 years ago
    • Raymond 9 years ago
  11. Icaro 9 years ago
    • Raymond 9 years ago
  12. actionjksn 9 years ago
  13. Chuck 9 years ago
  14. taory manoj 9 years ago
  15. B-boy/StyLe/ 9 years ago
  16. tray 9 years ago
  17. billy13 9 years ago
  18. Smith 9 years ago
  19. Jim 9 years ago
    • Raymond 9 years ago
  20. kash 9 years ago
  21. MarkN.P 9 years ago
    • Raymond 9 years ago
  22. sinela 9 years ago
  23. Charlie 9 years ago
  24. Ron15 12 years ago
  25. Merlin_Magii 12 years ago
  26. AtOdds 12 years ago
  27. Nicks 12 years ago
  28. Sujay 12 years ago
  29. Mohamed 12 years ago
  30. Ahmad Saleem 12 years ago

Leave a Reply

Your email address will not be published.

Note: Your comment is subject to approval. Read our Terms of Use. If you are seeking additional information on this article, please contact us directly.