Other Topics Security

A Handy List of Free AntiRootkits Software


Rootkit is basically a malicious code which hides itself into your computer and create different types of security risks such as key logging like bank accounts and username password, copying documents, and even copying your emails and sending it over the Internet to some other person. This means it can completely compromise your own security by releasing your personal identifications.Some time ago, I needed an AntiRootkit software to scan my friends computer. Almost, every AntiVirus has AntiRootkit but I think, one AntiRootKit should be installed separately. BTW, I managed to find about 25 different Anti-Rootkits software. I used few to scan friend’s computer but made a list. I can not publish all but a few which are useful and free are here:

Sophos Anti-Rootkit:

Our free software, Sophos Anti-Rootkit scans, detects and removes any rootkit that is hidden on your computer using advanced rootkit detection technology. Using Sophos Anti-Rootkit is easy. Whether you use its simple graphical user interface or run it from the command line, you can easily detect and remove any rootkits on your computer. Sophos Anti-Rootkit provides an extra layer of protection, by safely and reliably detecting and removing any rootkit that might already have hidden itself on your system.

Avira AntiRootKit Protection:

Avira AntiRootKit Protection recognizes active rootkits. However, there are rootkits, which are used legally in programs. Avira AntiRootkit Protection also detects those. Please note that using reported rootkits is at your own risk and it can cause program errors.

F-Secure BlackLight AntiRootkit:

– F-Secure BlackLight can detect and eliminate active rootkits from the computer. Traditional antivirus scanners can’t detect active rootkits.
– On a normal system F-Secure BlackLight does not confront the user with a long list of suspected objects. This makes F-Secure BlackLight useful even for non-technical users.
– F-Secure BlackLight Rootkit Elimination Technology can be used in the background during normal system operation. Other available scanners require a reboot during scan or may produce false positives if the system is used during scanning.

Panda AntiRootKit:

  • Capable of deactivating unknown rootkits. We consider “unknown” a rootkit for which Panda AntiRootkit does not have a deactivation routine. This does not mean that Panda does not know about the rootkit. Rather that we have not yet included the full deactivation routine in Panda AntiRootkit. But now you’ll be able to deactivate all rootkits. By default you’ll be presented with deactivation of known rootkits plus the option to deactivate any unknown rootkits found on your system.
  • Deletes registry keys transparently. Up to version 1.06 we only deleted the necessary registry keys to deactivate the rootkit and prevent it from functioning. Some leftover keys made some users worry about incomplete deactivation. Version 1.07 now transparently deletes all rootkit associated registry keys for piece of mind.
  • Cleaner interface. We have cleaned the results window for a more efficient use of available space. Now a mouse-over a detected object will present you with its type (file, process, ADS, registry, etc.).
  • Various improvements have also been made to the disinfection of unknown rootkits, some false positives reported by some of you, and more deactivation routines.


Trend Micro RootkitBuster:

Scan for hidden files, registry entries, processes, drivers, and Master Boot Record (MBR) rootkits. Trend Micro RootkitBuster can also clean hidden files and registry entries.

Radix AntiRootKit:

  • Detects and removes Rootkits using sophisticated methodologies.
  • Detects and repairs drivers that have been modified by Rootkits.
  • Detects and repairs computer processes modified by Rootkits.
  • Detects and reveals hidden processes and files, including Alternate Data Streams (ADS).
  • Allows the removal of “locked” or “unremovable” processes and files.
  • Provides to dump memory areas from processes.
  • Shows the Global Descriptor Table (GDT) for advanced Rootkit Detection capabilities.
  • Shows the Import Address Table (IAT) for advanced Rootkit Detection capabilities.
  • Shows the Interrupt Descriptor Table (IDT) for advanced Rootkit Detection capabilities.
  • Shows hidden Registry Keys.
  • Operates in both command line mode for power users, or as a graphical tool for regular users.

GMER AntiRootKit:

It scans for hidden processes, hidden threads, hidden modules, hidden services, hidden files, hidden Alternate Data Streams, hidden registry keys, drivers hooking SSDT, drivers hooking IDT, drivers hooking IRP calls, inline hooks. ALWIL Software has released avast 4.8 containing anti-rootkit based on GMER technology.

SysProt AntiRootkit:

Its features are Hidden process detection, Hidden drivers detection, SSDT Hooks detection, Kernel Inline and Sysenter Hook detection, TCP/UDP Ports Info, File System browser, Driver/Device Objects Info, IDT Info.


RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender. (This is out of date).

DarkSpy AntiRootKit:
DarkSpy is consisted of five parts:

Detect hidden process(even hide with FUTo…)
Force kill process(even Icesword)
2.Kernel Module:
Detect hidden kernel module(even hide with FUTo…)
Detect hidden files
Force copy file
Force delete file
4.Registry function is not provided in test version.
Detect hidden ports

Click on the name of the AntiRootKit which you wanna download. Before installing, please, read about compatibility issues regarding your operating system. I do not think, there should be any problem but checking is better.


Related posts

Notify of
Newest Most Voted
Inline Feedbacks
View all comments

Hello Geek,Thanks for that list but what’s your favorite one?I used to use Gmer but it is sometime hard to know what is what in all those processes…Can you advice for an “easy” one?Cheers


@ Marshall – You must scan your computer with at least any 2 antirootkits. There is no particular recommendation but I do not like DarkSpy and Antirootkit revealer cuz these are tehcs.


Heartbug, ESET has a software called SysInspector…if you knew about the program can you tell me whether it can be classified as an antirootkit detector or not?


@ FatCat – It is not an AntiRootKit. It is just a system viewer like TrendMicro HijackThis. It can help you to find if some RootKit is installed in your system by creating a in-depth report. AntiRootKit is used to remove RootKits.

Would love your thoughts, please comment.x