May 152008

Rootkits are program(s)which take fundamental control as Administrator access of a computer system, without authorization by the system’s owners and legitimate managers. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security mechanisms. Often, they are also Trojans as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system.

The following are a list of free Anti-rootkit security software that is available for Windows

1. Windows Malicious Software Removal Tool

Microsoft Windows Malicious Removal Tool is not a fully blown Rootkit removal tool but checks computers running Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove any infection found. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.

Microsoft releases an updated version of this tool on the second Tuesday of each month, and as needed to respond to security incidents. The tool is available from Microsoft Update, Windows Update and the Microsoft Download Center

2. Sophos Anti-Rootkit tool

Sophos Anti-Rootkit, finds and removes any rootkit that is hidden on your computer using advanced rootkit detection technology.

Download Sophos Anti-Rootkit tool here

3. Hypersight Rootkit Detection

The world’s first Fourth-Generation rootkit detector. Hypersight Rootkit Detector is a must have tool for anyone sharing their financial detail or conducting transactions over the Internet. Free at the moment but certainly indications that this may go commercial.

For now, try here

4. Radix Antirootkit software

With Radix Anti-Rookit you can detect and remove rootkits that are hiding on your PC mostly going undetected by normal Anti-Virus and Anti-Malware Software.

Download here

5. Rootkit Revealer from SysInternals (now Microsoft)

RootkitRevealer is an advanced rootkit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects all persistent rootkits published at, including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don’t attempt to hide their files or registry keys).

Download here

6. Rootkit Hook Analyzer

RootKit Hook Analyzer is a security tool which will check if there are any rootkits installed on your computer which hook the kernel system services. Kernel RootKit Hooks are installed modules which intercept the principal system services that all programs and the operating system rely on. If any of these system services are intercepted and modified it means that there is a possibility that the safety of your system is at risk and that spyware, viruses or malware are active.

Download here

7. McAfee Rootkit Detective Beta

McAfee Rootkit Detective Beta is a program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the system.

Download here

8. Rootkit Buster from TrendMicro

Trend Micro RootkitBuster is a rootkit scanner that scans hidden files, registry entries, processes, drivers, and Master Boot Record (MBR) rootkits. In addition, RootkitBuster can also clean hidden files and registry entries.

Download here

9. Panda Anti-Rootkit software

Panda Anti-Rootkit shows hidden system resources, identifying known and unknown rootkits. It analizes hidden drivers, processes, modules, files, registry entries, SDT modifications, EAT hooks, modification to the IDT, non standard INT2E and SYSENTER, IRP hooks. Unlike other anti-rootkit utilities which merely “reveal” hidden objects, Panda Anti-Rootkit positively identifies known and unknown rootkits and gives the option of removing them, including their associated registry entries, processes and files.

Download here

10. Helios Lite

Helios Lite is a rootkit detection product based on some of the components of the Helios rootkit detection technologies. It is an implementation of the idea of Cross View Detection for the detection of persistent and non-persistent rootkits. It successfully detects a large number of user mode and kernel mode rootkits

Download here

Incoming search terms:

  4 Responses to “List of Free Anti-Rootkit/Rootkit detection software for Windows”

  1. This page is typical of MS documentation. You should just indicate up front which of these damn rootkit detectors are compatible with VISTA. Period! That’s the only problem in using one. Yet you make us go to the form websites and figure it out by reading all of their documentation. Do you Vista users a favor and tell us in your own list so we don’t waste time!

  2. You left out, the F-Secure BlackLight Anti-Root-Kit Removal Tool

  3. Now for the real ark tools ;) :

    Kernel Detective

  4. How much more convenient it would have been if you had indicated which utilities did not work with Win 7 64bit (nearly all of them). But hey, then it wouldn’t have been Microsoft, would it?

    Thanks anyway, AH

 Leave a Reply



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>