How to Scan for Rootkit

How to Scan for Rootkit

Malware (malicious software) consists of dangerous programs such as viruses, Trojans, spyware and rootkits. Rootkits are particularly dangerous because they can hide deep in a computer without the owner knowing. They can even hide themselves from some anti-virus programs. The Whistler Bootkit is a dangerous rootkit because it often conceals itself in the Master Boot Record (MBR). You can remove rootkits from your computer by using rootkit-removal tools such as ComboFix and GMER.


  • Run ComboFix.

  • Wait for the scan to be completed. After you run Combofix, it will automatically scan your computer for hidden malware.

  • Save the log. After the scan the is completed, ComboFix will show you the overall status of your computer and the malicious files that have been removed. It will also show you what malware was not successfully removed.

  • Restart your computer.


  • Run GMER.

  • Click "Scan" to find hidden software n your computer. Once you open GMER, it automatically does a brief scan of your computer. Clicking "Scan" will allow it to perform a deeper search for malware.

  • Remove malware from your computer. After the scan is completed, you will have the options to disable and remove the infected files. Right click on the infected file, select "Kill Process" to disable it and select "Delete File" to remove it.

  • Restart your computer.

Root Repeal

  • Run Root Repeal.

  • Click "Scan." It will do a very quick scan, and it will show you all of the hidden files on your computer.

  • Right click on the infected file you want to remove and select "Wipe File" or "Force Delete."

Tips & Warnings

  • Find the download links for ComboFix, Root Repeal and GMER in the Resource section below.
  • Disable your anti-virus programs before scanning for rootkits to avoid interference. Using a rootkit-removal tool does not guarantee that the rootkit will be completely deleted.
What Others Are Reading