WHAT IS A ROOTKIT (RK)? It is a program designed to look like a portion of the operating system. The RK loads at a very low level, often lower (before) your Antivirus software.

WHAT DOES A RK DO TO MY COMPUTER? The RK disables your Antivirus, and then does its mischief. Typically this type of viral infection is developed by criminal gangs and their purpose is to make money by either redirecting your computer to a fake web site which offers to remove the infection (A Fake Antivirus Program or Fake AV) or sometimes to send spam from a computer and / or access personal banking or credit card information.

HOW CAN I REMOVE A ROOTKIT?

Here is a list of 100% Free Rootkit Scanners and Repair Utilities



If your computer has been infected by the TDSS Alureon TDL rootkit, use Combofix to remove it

1. Combo-fix FREE - bleepingcomputer.com/download/anti-virus/Combofix
This is a great Free RK Removal Program, but you must read and follow all of the instructions or your computer may become inoperable. Your existing Antivirus program must be disabled before use.

2. HitmanPro 30 Day Trial - surfright.nl/en/hitmanpro
This is a fast second opinion, Hitman Pro can run even if your existing Antivirus program is running / Active. Ensure you download the appropriate version 32 bit or 64 bit.

3. GMER - FREE - gmer.net
Yet another great RK removal tool. ENSURE you read and follow their instructions. It's nice to see there are a lot of nerds wearing white hats.

4. Kaspersky RK removal program - support.kaspersky.com/viruses/solutions?qid=208280684
Disinfects an infected computer. Download the TDSSKiller.exe and run the application. This program can run while your Antivirus is active. Kaspersky's RK remover is fast but looks primarily for TDSS, Aleron, and Tidserv type RK variants.

5. SOPHOS Anti-RK - Free RK detection and removal tool - sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx
Yet another RK scan, detect and repair tool. SOPHOS is one of the best Malware prevention systems and removal kit available. Highly recommended by nerds everywhere.

6.
UBCD4WIN bootable recovery CD - ubcd4win.com
Here is a alternative method to scan, clean and repair a RK that just won't go away! You will need to create a bootable UBCD4WIN CD on an un-infected computer. Here is a link to a video that explains how to create an UBCD4WIN bootable CD youtube.com/watch?v=ho_EQHkvcxM . You burn your own bootable recovery CD, you can add tools and programs which can target a specific RK. Since the Infected computer is running from the CD the pesky RK is offline, not marked as open and can be deleted. This is a great method to kill those RK's that just will not die.

7. Alternative UBCD4WIN bootable USB Flash Drive Video- youtube.com/watch?v=jdIKHdcMA0Y
It could be only "hard core" nerds get sweaty just thinking about all the possibilities of using a bootable UBCD4WIN USB flash drive to remove a RK. But if you have always wanted that pocket protector, this method is awesome. You create your own Bootable USB UBCD4WIN stick, it is portable and you can load practically every RK removal program on the USB flash drive, boot from it and clobber every nasty RK hiding on your computer. This method takes a bit of time as there is a learning curve, and requires another computer to create but well worth the time. Ensure you watch both videos and have a idea where you are going before your burn too much time. Some older computers may not boot from a USB flash drive so look at your computer BIOS before starting.

The secret to remove a RK and other Malware programs infecting your computer is use multiple Rootkit Scanner programs. Some of these programs make give you a false positive. A false positive means the RK scanner program has mislabeled a good clean file as an infection and wants to delete it. SO, please be aware you should always have multiple data backups before using these programs. Because sometimes a false positive could be that "Mission Critical" piece of data. If you have never drilled down into the bowels of your computer and aren't sure what you are doing, maybe you should ask someone more qualified to help you.