Best Free Rootkit Scanner and Remover

  Read this article in Spanish (Español)


A lot of anti-rootkit programs are available but most of them are very advanced and require an experienced and technical minded user who is familiar with computers and operating systems. However, there are a couple of options that do not require much technical ability and are also very effective.

Below are several programs that we have rated and could recommend with the best of these as good as any commercial product in this category.


Rated Products

Kaspersky TDSSKiller  

It has an easy-to-use interface, fast scan times and great detection rate

Our Rating: 
License: Free
Easy to use GUI, high detection rate, removed all infected files in tests and is 64 bit compatible.
Limited scope and range of types of rootkits detected.
Read full review...


A rootkit detector and remover for experienced and technical users

Our Rating: 
License: Free
Considered class-leading technology.
No help file, but information online. Not suitable for average users.
Read full review...


Avast's anti-rootkit scans your computer and MBR for rootkits and fixes issues

Our Rating: 
License: Free
Works well. Detects most rootkits, easy to use. ‘FixMBR’ function within Windows is invaluable; a must have on any USB flash drive.
Results sometimes hard to interpret and removal failed on some rootkits.
Read full review...

Dr.Web CureIt!  

A malware scanner and removal tool effective at removing some rootkits

Our Rating: 
License: Free (Private/Educational use)
Sandbox environment useful for halting processes and scanning MBR.
Unable to detect some of the modern rootkits.
Read full review...

Other Rootkit Scanners and Removers

Sophos Anti-RootkitSophos Anti-Rootkit has a small but easy to use interface with no options other than choosing where you want to scan. As it scans it opens up to a slightly larger interface where it lists the results of the scan and gives you information about each result as well as a recommendation for them. Additionally, a small help file is available that explains the program in a little more detail and gives directions on how to use the command line anti-rootkit tool which is also included. This would be a great tool if it was kept up-to-date but in my testing it failed to find or remove any of the modern threats I tested.


F-Secure BlacklightF-Secure Blacklight is another great tool for rootkit removal. Unfortunately, support for it ended a couple of years ago. However, you can still download it on the F-Secure web site and it is compatible with Windows Vista and XP.

Still works well for older rootkits but gives "Incompatible" error if ran on Windows 7. Blacklight is also unable to detect most modern rootkits and therefore, I recommend one of the other tools for now.


Related Products and Links

You might want to check out these articles too:



This software category is in need of an editor. If you would like to give something back to the freeware community by taking it over, check out this page for more details. You can then contact us from that page or by clicking here.

Back to the top of the article


Please rate this article: 

Your rating: None
Average: 4.3 (153 votes)


Many thanks. The links have now been updated. MC - Site manager.

Sophos Anti-Rootkit is not available at the link provided.

This link is opening fine for me to: "Remove rootkits with our free Virus Removal Tool". MC - Site Manager.

Right, but I believe they are different products. Sophos Virus Removal Tool seems to be a more general purpose tool (and a much larger download), and I don't know if its anti-rootkit technology is comparable to that of Sophos Anti-Rootkit. Sophos Anti-Rootkit is available at

Thank you for the additional information but as I am only acting as custodian for this review, any substantial updates including the evaluation of new products will only happen when someone volunteers to take it over full time. For the sake of consistency however, I have changed the current Sophos link to the MajorGeeks source kindly supplied by yourself. :) MC - Site Manager.

TDSSKiller is now at version (2015.01.21) - or .

Malwarebytes Anti-Rootkit is now at version Beta (2015.02.09) - .

F-Secure Blacklight is not available at the link provided.
Thank you. The link has now been updated. MC - Site Manager.

my understanding is that avast's uses the gmer engine. since it clearly identifies the detections with no user interpretation, i prefer it. plus, you can download the avast antivirus signatures with it to use as a demand scanner.

TDSSKiller has been updated to v3.0.0.14 (2013.10.15)

Malwarebytes Anti-Rootkit has been updated to v1.07.0.1007-Beta (2013.10.07).

1) How can we know if some process is downloading something in the background silently ?

2)How to Identify which Process is downloading something in the background ?

3) How to track at what locations what files are being downloaded (other than the one which we choose to download at a particular location or the ones that we can usually see in the download managers etc.)

4) We can use the software like OpenedFilesView( which can give us an insight of which files are actively locked and being changed with the size, but one needs to be an expert to track what is happening.
So is there any software which can give us a realtime view of which process is downloading what thing from which site and downloading it to what location? (I feel Firewall does not give indepth information). This can help us find the Trojan/rootkit activities or the malicious softwares updating itself in the background or adding up space on our harddisk silently in the background without our notice.

Any Expert input on this will be highly appreciated.
Thanks in Advance :)

Dr.Web CureIt! 8 on-demand virus scanner has been released - . A favorable review by Martin Brinkmann at can be found at .

TechRepublic have published an article many will find worthwhile, "Rootkit coders beware: Malwarebytes is in hot pursuit" (2013.03.18) -- .

Though Malwarebytes Anti-Rootkit is still in beta, an updated version has been released -- .

Bitdefender Labs have released a free rootkit remover tool --

Martin Brinkmann has a brief review article at --

Malwarebytes have released the first beta version of their dedicated stand-alone anti-rootkit application, Malwarebytes Anti-Rootkit (MBAR) -- They have a detailed discussion at . also have a brief discussion --