Bitdefender Rootkit Remover
Update (Aug 2019): Bitdefender Rootkit Remover has reached End-of-Life and is not actively maintained anymore. Its functionality has been integrated in Rescue Mode, an environment that allows you to scan and disinfect all existing hard drive partitions inside and outside of your operating system.
The Bitdefender Rootkit Remover deals with known rootkits quickly and effectively making use of award-winning Bitdefender malware removal technology. Unlike other similar tools, Bitdefender Rootkit Remover can be launched immediately, without the need to reboot into safe mode first (although a reboot may be required for complete cleanup).
Rootkit Remover deals easily with Mebroot, all TDL families (TDL/SST/Pihar), Mayachok, Mybios, Plite, XPaj, Whistler, Alipop, Cpd, Fengd, Fips, Guntior, MBR Locker, Mebratix, Niwa, Ponreb, Ramnit, Stoned, Yoddos, Yurn, Zegost and also cleans infections with Necurs (the last rootkit standing). Please note that the list is a bit outdated – new rootkit families are added as they become known.
Both x86 and x64 Rootkit Remover kits are available, please choose the appropriate one for your system from the right side.
New to Rootkit Remover? Not sure what to expect? Here are some quick questions and answers.
Q: It claims to have finished in three seconds. What?”]A: The checks it makes are indeed very rapid. You can rest assured though, they are not less thorough for it.
Q: This thing didn’t scan my system for viruses!”]A: Not a question, but yes. Rootkit Remover finds and disables several families of particularly dangerous rootkits, mostly of the sub-type called ‘boot-kit’ – namely rootkits which mess with the boot-up process (usually by modifying the MBR) to survive between reboots and regain control of the affected machine after each startup.
Q: When will you add detection and removal for rootkit x?
Q: When will you add detection/removal for virus/worm y?
A: Never, unless it has a rootkit component that we’re interested in.
Q: Why doesn’t this tool work in Safe Mode?”] A: Certain restrictions of the Safe Mode prevent the filesystem-checking functionality from operating – at all. This is a known limitation, not a bug and cannot be circumvented.
Q: This tool just broke my computer and now my SO won’t talk to me anymore, I’m late with a work assignment and I have to re-install Windows! What to do?
A: This tool is provided as is, without any explicit or implied guarantees of any kind (limitations may apply depending on jurisdiction). Try to retrieve the logs (if any were generated) and send them to email@example.com. We might be able to help, or at the very least we’ll write a cautionary tale about your predicament and post it online.
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited
July 21, 2021
How We Tracked a Threat Group Running an Active Cryptojacking Campaign
July 14, 2021
A Note from the Bitdefender Labs Team on Ransomware and Decryptors
May 26, 2021
New Nebulae Backdoor Linked with the NAIKON Group
April 28, 2021
Good riddance, GandCrab! We’re still fixing the mess you left behind.
June 17, 2019