• 1 of
  • Previous
    1 - 10 Top Rootkit Scanners
    Next

    10 Top Rootkit Scanners

    Detecting rootkits is a truly tough task. Thankfully, rootkit scanners can help individuals and security pros detect and remove rootkits.
  • Previous
    2 - Avast aswMBR
    Next

    Avast aswMBR

    The Avast aswMBR scanner detects most rootkits. The FixMBR function in Windows is a big help, allowing you to target the master boot record. Also, the latest virus definitions from Avast are downloaded to the tool before use. According to the company, the current version uses "virtualization technology" to improve detection of stealth malware. However, the user interface is clunky, and the results can be hard to interpret for non-technical users.
  • Previous
    3 - BitDefender Rootkit Remover
    Next

    BitDefender Rootkit Remover

    BitDefender Rootkit Remover is designed to deal with known rootkits quickly and effectively within seconds, although it is not the most thorough rootkit scanner of the 10 listed here. The scan takes only seconds and works on Windows XP all the way to Windows 10. It is particularly good at finding and removing bootkits, a type of rootkit that infects the master boot record, volume boot record or boot section during computer startup.
  • Previous
    4 - Emsisoft Emergency Kit
    Next

    Emsisoft Emergency Kit

    The Emsisoft Emergency Kit includes a Custom Scan option that can be tailored to look for rootkits. The tool can be used not only to scan for rootkits but also for viruses, trojans, spyware, adware, worms, dialers, keyloggers and other malware. It has a user-friendly graphical interface that is accessible for non-technical users.
  • Previous
    5 - GMER
    Next

    GMER

    GMER is a rootkit scanner for experienced users. The interface is clunky, and technical knowledge is needed to interpret results. It is a good tool for stubborn rootkit infections, and it can detect system modifications that might indicate rootkit activity.
  • Previous
    6 - Kaspersky TDSSKiller
    Next

    Kaspersky TDSSKiller

    The Kaspersky TDSSKiller has a user-friendly interface, provides quick scanning for rootkits, has a high detection rate and removes infected files. However, it finds a limited range of rootkit types. As its name suggests, it was specifically designed to find and remove the TDSS rootkit, but it can detect and remove other rootkits such as SST, Pihar and ZeroAccess, as well as rootkit-like anomalies.
  • Previous
    7 - Malwarebytes Anti-Rootkit Beta
    Next

    Malwarebytes Anti-Rootkit Beta

    The Malwarebytes Anti-Rootkit Beta offers rootkit detection technology that uncovers deeply embedded rootkits, removes them and checks on the system's security functionality after cleanup. The user interface is easy to use, and the scan is fast yet thorough. It automatically updates the software with the most up-to-date version before scanning.
  • Previous
    8 - McAfee Rootkit Remover
    Next

    McAfee Rootkit Remover

    McAfee Rootkit Remover can detect and remove complex rootkits such as TDSS, Necurs and ZeroAccess. McAfee Labs plans to add coverage for more rootkit families in future versions of the tool. The tool is downloaded and runs directly on the system being scanned. The user interface is a bit old school, but the rootkit scan is quick and accurate.
  • Previous
    9 - Norton Power Eraser
    Next

    Norton Power Eraser

    Norton Power Eraser is a broad-based malware scanning and removal kit. It is able to find and remove deeply embedded malware that traditional virus scanning tools don't always detect. It has an easy-to-use interface, but it requires a computer restart to perform a rootkit scan. Because Norton Power Eraser is an aggressive virus removal tool, it may mark a legitimate program for removal.
  • Previous
    10 - Sophos Virus Removal Tool
    Next

    Sophos Virus Removal Tool

    The Sophos Virus Removal Tool has an easy-to-use interface, but it has few options except deciding where you want to scan. Sophos requires you to provide your name and email address before you can download the tool. It scans, detects and removes not only rootkits, but also other malware. Since it is a full-package malware scanning and removal tool, the scanning and cleaning process could take longer than other dedicated rootkit removal tools.
  • Previous
    11 - Trend Micro Rootkit Buster
    Next

    Trend Micro Rootkit Buster

    Trend Micro Rootkit Buster scans hidden files, registry entries, processes, drivers, services, ports and the master boot record to identify and remove rootkits. Rootkit Buster has been updated to work on computers running Windows 10, and enhancements now prevent some known scanning errors.

A rootkit is a pernicious form of malware because it gains privileged access to a computer's operating system while hiding its presence from anti-virus programs, system and network administrators, and system management utilities.

On some OSes, such as Linux, rootkits modify or replace dozens or hundreds of files. On other OSes, such as Windows, rootkits can modify or replace files or reside in-memory only and modify the use of the OS's built-in system calls.

Many changes made by a rootkit hide evidence of its existence and alterations to the compromised system, making it difficult to determine the rootkit's presence and the changes made.

Once a system is compromised by a rootkit, the attackers are able to steal data such as passwords, gain remote access and/or even recruit the computer into a botnet.

Despite the difficulty of finding rootkits, there are a number of rootkit scanners that can help individuals and IT managers detect and remove rootkits. Most of the big security firms, such as Kaspersky Lab, Intel's McAfee and Symantec's Norton Security, make rootkit scanners, but a number of smaller companies such as Emsisoft offer rootkit scanners as well.

Here, eSecurity Planet looks at the 10 top rootkit scanners. (They are listed in alphabetical order.)

Some of these scanners are better for experienced users, while others are better suited to non-technical users. Some are better at quickly finding common rootkits, while others are better at doing a thorough scan for rootkits that are hard to find and identify.

Using security best practices, such as patch management and anti-virus software, is the best first step to preventing rootkit infections. If you suspect that your computer or network has been infected, then it's time to turn to specialized tools such as rootkit scanners to find and remove the rootkit. Ultimately, you might need to rebuild the compromised computer from the ground up to ensure that the rootkit is removed.