Rootkit is one of the nastiest malware you don’t want to get hit by in the first place. Because once you do and got it installed on your system, it becomes possible to hide the intrusion while still maintaining the privileged access. It’s often happily live under the radar of the anti-virus system you have and is very hard and tough to remove even you detected it.
There are quite a few very good Rootkit removal tools from very well-known companies, such as McAfee, Sophos, BitDefender. But it’s Malwarebytes Anti-Rootkit that saved me the other day when one of the computers at my work was infected by a nasty malware called ZeroAccess.
Malwarebyte Anti-Rootkit has the strong detection technology to detect the nastiest malicious rootkit. I particularly like its cleanup process which not only removes the found rootkits but also verifies your system’s security functionality, such as Internet Access, Windows Firewall, and Windows Update, and makes sure they are working well after the cleanup. The firewall on the infected machine at my work was also disabled by the rootkit and Malwarebyte Anti-Rootkit was able to repair it after it removed all the rootkits on the system.
To get start, you can simply download the tool and run it, since it’s a portable tool that doesn’t require the installation process. The first screen asks for a location to store the executable file. By default, it will save it onto your desktop.
Then the tool will appear on the screen. Follow the instructions in the wizard to get database updated first, and allow it to scan your computer for threats.
You can choose the targets to scan, Drivers, Sectors, or System. Click Scan to start. The scanning process takes a bit time depending on what’s on your system, and will list all threats once it’s finished.
Now it’s time to clean it up. Check all threats found in the list, and click Cleanup button to start the clean-up process. The tool will automatically create a Restore Point before cleaning anything up.
As I mentioned above, the clean-up process will also fix to make sure 3 main windows core security system working properly. If you find any of them not working the way it’s supposed to, try to use an additional tool called “fixdamage.exe“, which you can find from plugins folder under the mbar folder on your desktop. And reboot your computer.
After the reboot, and verify your system again to make sure it’s functioning normally. You may also want to run the tool a couple of times to make sure the system is clean. I had to run twice to completely get rid of the bad malware.
Malwarebytes Anti-Rootkits is currently still in public beta but already showed how effective it is to remove the toughest malware currently lived. If you ever unfortunately got hit by one of those bad guys I’d suggest giving it a try first before anything else, as it seems to provide you the best opportunity to clean up your system. However, considering the nature cause of how bad and tough a rootkit can be, there is no guaranty that this Malwarebytes Anti-Rookits will always work and fully bring your computer back after the clean-up. Some of the rootkits are just so complicated that only a clean fresh system reinstall will completely get rid of them.