AntiRootkit Tools

Detailed list of anti-rootkit detection and removal software showing: Name, Publisher, OS, Cost/Rating, and Version. Also lists “Rootkit Prevention Software”.



Price: Free
Platform: Windows
Last Modified: April 4, 2013

Gmer detects rootkits. It scans for:

  • hidden processes
  • hidden files
  • hidden services
  • hidden registry keys
  • hidden drivers
  • drivers hooking SSDT (System Service Descriptor Table)
  • drivers hooking IDT (Interrupt Descriptor Table)
  • drivers hooking IRP (IO Request Packet) calls

You can see some scanning output samples on their website.

Kaspersky TDSSKiller

Price: Free
Platform: Windows

A rootkit for Windows systems is a program that penetrates into the system and intercepts the system
functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions.

  • The utility supports 32-bit and 64-bit operation systems.
  • The utility can be run in Normal Mode and Safe Mode.
  • It detects and removes the following malware: malware family Rootkit.Win32.TDSS; bootkits; rootkits.


Price: Free
Platform: Windows

“Trend Micro RootkitBuster scans hidden files, registry entries, processes, drivers, services, ports, and the master boot record (MBR) to identify and remove rootkits.”

RootkitRevealer v1.71

Price: Free
Platform: Windows
Last Modified: November 13, 2012

(note: RootkitRevealer is not intended to detect memory-based rootkits like Fu that don’t attempt to hide their files or registry keys).

If you use it to identify the presence of a rootkit please let us know!”

Sophos Anti-Rootkit

Price: Free
Platform: Windows

“Removing rootkits without compromising system integrity is particularly challenging and needs to be done with care. Our free software, Sophos Anti-Rootkit, finds and removes any rootkit that is hidden on your computer. “