How to detect and remove rootkits with Gmer

A rootkit is a collection of malicious programs that allows a cracker access to your computer with administrative rights, typical rootkits consist of spyware and trojans that monitor your computer traffic and log keystrokes, sophisticated rootkits can alter log files, erasing traces, combined with other malware, rootkits have the ability to attack other computers in the same network and the Internet.

Rootkits can hide inside the operating system kernel, a bridge that is used to process data in between software applications and computer hardware, being very hard to remove using conventional antivirus software, the best way to prevent rootkits is to run an updated antivirus and good firewall to prevent them from installing in the first place.

NOTE: Not all rootkits are malware, a small number of legitimate applications use rootkits, like for example DVD driver emulation software that allows the user to play a game without the physical DVD-rom inside the optical drive.

How to uninstall a rootkit

When a malicious rookit has already been installed in your computer, there is no guarantee that it can be removed without formatting and reinstalling the operating system, the only way to try and delete a rootkit is by scanning the operating system with a specialist rootkit removal utility and hope it will be picked up.

A rootkit detector compares different parts of the operating system (files, processes and kernel hooks), hoping to find a mismatch, after discounting files legitimately hidden by the operating system it narrows down the list of the possible rootkits.

Gmer rootkit removal software

How to use Gmer

This free rootkit removal tool will scan your computer and list running processes attempting to find hidden processes, threads, modules, services, files, disk sectors (MBR), Alternate Data Stream, registry keys, hooking SSDT, hooking IDT, hooking IRP calls and inline hooks.

Suspected rootkits will be highlighted in red colour, when one is found, you right click on it, choose “Delete” and reboot your computer, if the red item is a service you will have to disable it first using right click, reboot your computer, detete the disabled service and reboot the computer again.

NOTE: Read Gmer instructions carefully, this is not a click and go program, you need to know what you are doing.

Visit Gmer homepage

