Removing a Windows Rootkit Using RootkitRevealer and The Avenger

After posting about how to remove a rootkit using SystemRescueCd, I encountered a rootkit that I could not eradicate using my method.  Fortunately, I was able to discover a different method using Windows tools.  SysInternals (aka Microsoft) developed a tool called RootkitRevealer that is very useful in determining the symptoms, thus the identity, of a rootkit.  After determining the identity of the rootkit and its associated files, I was able to use The Avenger to remove the offending files/drivers.  Please visit these websites to learn more about them and their ability to remove malware.

Additionally, here is a great site that educates on rootkits: http://www.raulsiles.com/resources/rootkit.html

Leave a Reply