5 Best Rootkit Scanners and Removers: Anti-Rootkit Tools

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

A rootkit is a dangerous and stealthy malware type that enables hackers to take control of your system without your knowledge. Individuals and small businesses employ rootkit scanners to detect and remove rootkit malware.

As “root” refers to operating system-level control, rootkits are serious threats indeed. Unfortunately, there is no guaranteed method for recovering an infiltrated system upon the detection of rootkit malware. Ultimately, you might need to rebuild the compromised computer from the ground up to ensure the rootkit is removed. Nevertheless, an initial scan can help you determine how to proceed when protecting your systems.

An important note of caution for all businesses: Most rootkit scanners are designed for personal device use. An enterprise-level network security tool for removing malware will be more advanced. If your business is considering a rootkit scanner, it’s better to invest in business-grade anti-malware technology, like advanced antivirus software or endpoint detection and response (EDR). This will be the case for most businesses that have more than 10 employees. Startups with only a few personnel may find that a rootkit scanner with multiple features fits their security needs, but if they plan to scale, buying a more advanced security tool up front typically makes more sense.

Best Rootkit Scanners and Removers

Avast One: Best Overall Scanner

Avast One rootkit scanner navigation window

Avast One is an all-in-one service that provides comprehensive protection with antivirus, device cleanup, data breach monitoring, and virtual private network (VPN) tools to help you stay private in today’s ever-increasing threat landscape.

Avast One’s family license offers protection for up to 30 devices, making it a valid choice for businesses of under five employees or individual contractors and freelancers.

Key features

  • Avast One detects and removes rootkit infections on your system and prevents the installation of future rootkit infections before they can cause any damage.
  • The defenses of Avast One make it difficult for rootkit malware to infiltrate your system.
  • Rootkit scanning and removal are available in the free version and paid versions of Avast One.
  • Other features include ransomware protection, a firewall feature, and malicious behavior monitoring.
  • Avast One has disk cleaning features to improve system hardware performance.
  • Avast One is available for Windows, macOS, Android, and iOS.


Avast One Essential is available for free and comes with basic features. A single Avast One Individual license can be used by up to five devices; standard price starts at $8.33 per month, billed annually for the first year. A single Avast One Family license can be used by up to 30 devices and also starts at $8.33 per month, billed annually for the first year.

Malwarebytes Anti-Rootkit Scanner: Best for Businesses Seeking a Free Trial

Malwarebytes Anti-Rootkit scanner dashboard

Malwarebytes Anti-Rootkit Scanner is a part of the Malwarebyte software package. The rootkit scanner detects and removes rootkits and provides proactive system protection. The scan report lists threats detected and reveals whether any detections were quarantined.

Key Features

  • Malwarebytes manually scans systems for rootkits and removes threats when you give it permission to do so. You can also schedule periodic scans.
  • Alternatively, you can also leverage automatic, proactive protection to scan and remove rootkit malware.
  • The free trial of the paid plan includes features like real-time malware protection, protection against zero-day exploits, and automated monthly reports.
  • Malwarebytes is available for Windows and macOS.
  • Malwarebytes offers a free trial before requiring a plan upgrade.


You can download a 14-day free trial of Malwarebytes. To continue using the rootkit software after the trial period, you must upgrade to Malwarebytes for Teams ($49.99 per device per year), Malwarebytes Endpoint Protection ($69.99 per device per year), or Malwarebytes Endpoint Detection and Response ($84.99 per device per year). We recommend this for businesses with more than five employees. An early investment in malware prevention will help your business as it scales.

Learn more about malware and common methods of protecting your systems from it.

AVG AntiVirus: Best Free Remover

AVG Antivirus FREE rootkit scanning status report

AVG AntiVirus FREE is a robust rootkit scanner that detects and removes rootkit malware from your system and protects against several other threat types, including unsafe internet downloads, email attachments, and spyware. AVG also scans your PC for performance issues.

AVG AntiVirus also has paid plans. The Internet Security plan blocks multiple internet threats, protects computer webcams, and protects computers against ransomware. AVG Ultimate includes VPN protection, device tuneups, and online identity tracker blocking features.

Key Differentiators

  • AVG AntiVirus FREE is quick and lightweight.
  • The rootkit software provides always-on rootkit detection and removal.
  • AVG AntiVirus FREE is regularly updated by the AVG Technologies team to keep up with the latest rootkit threats.
  • AVG AntiVirus FREE is available for Windows, macOS, Android, and iOS.


AVG AntiVirus FREE is a free plan. The standard cost of the Internet Security plan is $8.33/month for the first year for up to 10 devices. The standard cost of AVG Ultimate is $129.99 a year. Note that AVG Ultimate only protects 10 devices, so it won’t be a good choice for businesses of more than five people. However, freelancers and contractors that manage their own websites and do email marketing will benefit from its email and internet security features.

GMER: Best for Deep Scanning on Personal Windows Computers

GMER scanner and rootkit remover window

GMER is a rootkit software that detects and removes rootkit malware. Note that though GMER is a free solution, it is an older tool and doesn’t run on any Apple devices. If you want to scan many sections of an older Windows computer, GMER is a good choice. But if you’re a freelancer or you need software for your home office technology, it’s probably best to look elsewhere.

Key Differentiators

  • GMER is fast and lightweight.
  • GMER scans for hidden items like modules, services, files, and disk sectors (MBR).
  • Users can delete detected hidden processes.
  • GMER is only available on Windows.


You can download the rootkit malware software for free.

Sophos Rootkit and Bootkit Detection and Removal: Best for Comprehensive Security

Sophos’ solution for rootkit removal helps individuals and small and home offices find the rootkits that traditional antivirus software might not uncover. It protects both Windows and Mac machines and also permits remote access for family computers in other locations. This is also a beneficial feature for people who work for themselves but have one or two remote assistants whose devices they also want to secure.

Key Differentiators

  • Sophos offers Access Anywhere for remote rootkit detection.
  • Category blocking allows users to block certain websites and social media platforms.
  • Sophos offers technical support to Sophos Home users.
  • The detection and removal plan uses anti-ransomware security technology.


This solution, offered through Sophos Home, typically costs $59.99/year, though Sophos sometimes offers discounts. Sophos does not specify a device limit, so if your small business is considering this plan, you’ll want to check with Sophos first and make sure the rootkit removal solution will support all the tech you need.

Linux Rootkit Scanners

Linux computer systems are also subject to malware like viruses and rootkits. Businesses with small data centers in particular will want to employ protective software for their Linux servers. The following rootkit removal tools are designed for Linux systems and other similar operating systems, like UNIX. They’re all open source and thus free to use.


Lynis is a security and auditing solution for Linux and UNIX operating systems, but it also runs on macOS computers. It also functions as a compliance testing tool. Lynis runs on QNAP NAS devices, so consider Lynis if your business has Linux-based servers or uses QNAP for network-attached storage.

Linux Malware Detect 

Linux Malware Detect (LMD) scans Linux computer systems for malicious software, using existing threat data from intrusion detection platforms to identify threats. LMD serves the shared hosting sector, which traditionally doesn’t receive a lot of dedicated and quality antivirus resources. LMD features include quarantining scan results, HEX pattern matching, and an integration with ClamAV, another open source malware scanner. 


Chrootkit is a rootkit detection scanner. Chrootkit runs on Linux operating systems, Solaris, OpenBSD, and macOS X as well as other systems. It searches locally on a computer for signs of rootkits and also looks for potential trojans and lastlog deletions. Chrootkit scans for more than 70 types of rootkits, LKMs, and computer worms. 

Choosing a Rootkit Scanner

Before selecting one of these solutions, ask yourself the following questions:

  • Am I protecting personal devices only or work devices? Note that even if you’re a contractor or have your own startup, personal computers and phones that you rely on for all work processes still count as work machines.
  • If I employ a couple of other people, how many devices between us need to be protected? If you have multiple phones, computers, and tablets, you might exceed a device limit quickly.
  • How much am I willing to pay? Do you need a free plan, or can you afford to pay $8 a month or $50 a year to protect all my devices?
  • Am I trying to fit my SMB into an affordable rootkit scanner? In other words, do you have 20 employees, and if so, would a small-business endpoint protection plan be a better call?
  • Which extra features do I need? Is VPN functionality critical for you alongside rootkit removal features, or would you rather have email security features?

Make sure you’ve answered these questions and know exactly what scanning features you need, either for your home devices or work machines, before beginning the buying process. This will help you narrow down the options and find a solution suitable for your needs.

Rootkit scanners are beneficial tools for individuals and very small startups, helping you debug your computer systems of malware and improve device performance. But keep in mind that they’re not for most businesses. Larger startups and offices will likely need a more comprehensive endpoint security solution, especially if they plan to scale in the next few years. 

Looking for a more advanced endpoint tool? Read Top Endpoint Detection & Response (EDR) Solutions next.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Jenna Phipps Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis