How to Scan for Rootkits on Your Computer

Learn to detect and remove rootkits using Windows Defender, Malwarebytes, and specialized tools. Complete guide for Windows, Mac, and Linux systems.

  1. Update your operating system and antivirus software. Install all pending system updates through Windows Update, Software Update on Mac, or your Linux package manager. Update your antivirus definitions to ensure you have the latest rootkit signatures. Restart your computer after updates complete to ensure all changes take effect.
  2. Run Windows Defender Offline scan. Open Windows Security by typing 'Windows Security' in the Start menu. Navigate to Virus & threat protection > Scan options. Select 'Microsoft Defender Offline scan' and click 'Scan now'. Your computer will restart and scan before Windows loads, catching rootkits that hide during normal operation.
  3. Download and run Malwarebytes Anti-Rootkit. Download Malwarebytes Anti-Rootkit from malwarebytes.com and install it. Launch the program and click 'Scan' to perform a full system scan. The tool specifically targets rootkits, bootkits, and other advanced threats that standard scanners miss. Allow the scan to complete even if it takes several hours.
  4. Use GMER for deep rootkit detection. Download GMER from gmer.net and run it without installation. Click 'Scan' to start a comprehensive scan that checks system files, registry entries, and hidden processes. GMER detects rootkits by analyzing system behavior and file modifications rather than relying solely on signatures.
  5. Scan with RootkitRevealer for Windows. Download RootkitRevealer from Microsoft Sysinternals and extract the files. Run RootkitRevealer.exe as administrator and click 'Scan' to compare raw file system data with Windows API results. Review the output for discrepancies that indicate hidden files or registry entries typical of rootkits.
  6. Check for Mac rootkits with Objective-See tools. Download KnockKnock from objective-see.com and run it to scan for persistent malware on macOS. The tool examines login items, launch agents, browser extensions, and kernel extensions for suspicious code. Review flagged items and research unfamiliar entries before removing them.
  7. Scan Linux systems with chkrootkit and rkhunter. Install chkrootkit and rkhunter through your package manager: 'sudo apt install chkrootkit rkhunter' on Debian/Ubuntu. Run 'sudo chkrootkit' and 'sudo rkhunter --check' to scan for known rootkit signatures and suspicious system modifications. Review the detailed reports for any infections or warnings.
  8. Verify scan results and clean infected files. Review all scan reports for confirmed rootkits and suspicious files. Use the removal options in your scanning tools or manually delete flagged files after verifying they are malicious. Restart your computer and run additional scans to confirm complete removal. Consider reformatting and reinstalling your operating system for severe infections.

Related

  • How to Import Passwords Into Google Chrome
  • How to Transfer Bookmarks Between Web Browsers
  • How to Resolve Website Loading Errors
  • How to Clear Cache for a Single Website in Chrome
  • How to Remove Browser Extensions
  • How to Manage Browser Extensions