Bitdefender Rootkit Remover for Windows released

Bitdefender has just released its new experiment in anti-malware, the Bitdefender Rootkit Remover. Rootkits for Windows are typically used to mask malicious software from an antivirus program. It is used for malicious purposes by viruses, worms, backdoors and spyware. A virus combined with a rootkit produces what as known as full stealth viruses. To apprise users of Rootkits and emerging threats,  Microsoft Malware Protection Center has already made available for download its Threat Report on Rootkits.

bitdefender rootkit tool Bitdefender Rootkit Remover for Windows released

The Bitdefender Rootkit Remover removes all known Rootkits. It is a portable tool that can be launched immediately, without needing to boot into Safe Mode first- although a reboot may be required for complete cleanup.

BitDefender Rootkit Remover helps remove Mebroot, all TDL families (TDL/SST/Pihar), Mayachok, Mybios, Plite, XPaj, Whistler, Alipop, Cpd, Fengd, Fips, Guntior, MBR Locker, Mebratix, Niwa, Ponreb, Ramnit, Stoned, Yoddos, Yurn, Zegost and also cleans infections with Necurs. But the tool will be updated as and when new rootkits are found.

Clicking on Start Scan will commence the scan which takes less than 5 seconds. Once the scan is over, irrespective of whether rootkits are found or not a message is displayed to the effect that, the removal process has been completed successfully. This could confuse users. A simple message: Malware found/Not found/Reboot to clean malware, etc. would be preferred.

What is also confusing that although BitDefender calls it a BitDefender Rootkit Remover on its website, the program UI clearly says Bootkit (A kernel-mode rootkit variant is called a bootkit) Removal Tool or BitDefender Removal Tool. Maybe BitDefender misspelled the first one and forgot to insert the word Rootkit in the second one. The About window too seems to have been put together in a hurry.

Before exiting, the tool does gently remind you to check out BitDefender’s products. Bitdefender Antivirus Plus 2013, Bitdefender Total Security 2013 and Bitdefender Internet Security 2013 are some of the very popular products from its stables.

The free tool is available for Windows 32-bit and 64-bit editions and you can download it here.

You may also want to check out other free Rootkit Remover software.

BitDefender also offers several other free tools for Windows, you may want to have a look at:

  1. Bitdefender Free Antivirus Edition
  2. Bitdefender 60-Second Virus Scanner
  3. Bitdefender Safepay
  4. Bitdefender Adware Removal Tool.
Posted by on , in Category Security with Tags
Anand Khanse aka HappyAndyK is an end-user Windows enthusiast, a Microsoft MVP in Windows, since 2006, and the Admin of TheWindowsClub.com. Please create a System Restore Point before trying out any software & be careful about any third-party offers while installing freeware. Add me on Google+.
  • http://www.greggdeselms.com/ Gregg L. DesElms

    I ran it on my wife’s laptop, and here’s what I wrote to BitDefender about it:

    —- END MESSAGE TO BitDEFENDER —-
    Comodo AntiVirus says the x86 version is “suspicious” but I reported it as a false positive because, c’mon, BitDefender is not going to put something bad on anyone’s machine… right?

    However, I’m doubting that it actually did anything because from the moment I clicked on the button to start the scan, until it popped-up a notice that not only the scan, but also removal, were complete, took quite literally one-half second. No software on earth could scan a 320GB hard drive for rootkits in one-half second. This app is obviously not ready for prime time. Please get it right before you unleash it on the universe.

    Tested on 32-bit Vista SP-2 running on a Dell Inspiron 1525 laptop.
    —- END MESSAGE TO BitDEFENDER —-

    A far more mature and ready-for-primetime anti-rootkit tool is Trend Micro’s “Rootkit Buster;” however, it only works on 32-bit Windows versions. In fact, as it turns out, many of the anti-rootkit tools out there don’t work on 64-bit windows; so be sure to check that before you download and install any of them.

    Pretty much all the other anti-virus software makers offer a free rootkit removal tool, though:

    * Kaspersky’s “TDSSKiller” (focuses on just one family of rootkits)
    * McAfee’s “RootkitRemover”
    * Norton’s “PowerEraser” (removes more than just rootkits)
    * Eset’s “SysInspector” (removes more than just rootkits)
    * Panda “Anti-Rootkit”
    * Sophos “Anti-Rootkit”
    * Avira “AntiRootkit”
    * AVG “Anti Rootkit”
    * SysProt “AntiRootkit”

    And then, of course, there are the old standards:

    * GMER (probably the best of the three)
    * UnHackMe (many consider this not very good)
    * RootRepeal (probably the second best of the three)

    Microsoft’s SysInternals makes “Rootkit Revealer” but it’s not a remover. In fact, it doesn’t really even name specific rootkits as much as it helps one to see activity which, if one knows what one is looking at, may be recognized as a rootkit. It’s more for the real techies out there.

    The truth is, though, that no single anti-rootkit tool will cover everything; and some of them — including even some of what I’ve herein listed — are considered old and out-of-date by people whose entire careers are devoted to computer security. There are also MANY anti-rootkit tools out there, some of which are worse than worthless, and others are very, very good, though many of them only at very specific things. For that reason, it can pay to scan with more than one tool.

    The NT Internals website did some fairly sophisticated testing, during the period from 2008 thru 2011, of the various anti-rootkit tools out there, in three areas…

    Hidden Driver Detection
    http://ntinternals.org/driver_detection_test.php

    Hidden Process Detection
    http://ntinternals.org/process_detection_test.php

    Hidden Dyamic Link Library Detection
    http://ntinternals.org/dll_detection_test.php

    …to come-up with a useful summary of the capabilities of the various tools out there:

    http://ntinternals.org/anti_rootkits.php

    Another useful feature of that list is that it not only shows all that’s out there (the sheer number of tools is surprising to most), but it also shows which tools, even in 2008, were effectively dead, yet are still be touted out there. Of course, it also shows which tools are alive, and from where to reliably download them. Note the difficulty of finding a tool with plus-signs in all four columns, yet is still alive.

    That’s, in part, why the pros use SysInternals’s “Rootkit Revealer” to just find the rootkit, whatever it is; and then they just do a manual removal. That way, they don’t have to worry about whether the maker of the anti-rootkit software was sufficiently thorough. Doing it that way also eliminates the worry about “zero day” rootkits which are so new that no anti-rootkit software out there could possibly yet have them in their rootkit databases.

    Rootkits are the toughest to detect and remove malware there is. Some of them are so tough, in fact, that only a complete wiping of the disk and a reinstallation of Windows (or a restoral from a clean image) will get the job done. I’ve long hated that solution because it tends to be the go-to method of not-very-well-trained “technicians” in the backs of electronics superstores or office supplies when they get stumped (which is pretty easy to do with those guys). However, there really are times when while it might be possible to find and fix whatever is the problem, the time and energy it takes would actually make at least restoring from a clean image the far better solution; and sometimes reinstalling, altogether, can actually make more sense.

    Use a good anti-virus tool that runs in the background at all times, and acts as a bit of sentry, watching for bad things to happen at any moment and then notify you in realtime. Use, additionally, a manual anti-malware scanner or two to do weekly, manual whole-system scans. I, personally, use “Comodo Internet Security” as my full-time, realtime sentry; and both Malware Bytes and SuperAntiSpyware as my weekly manual whole-system scanners… all freeware.

    The use of those, plus a quarterly rootkit scan using whatever are the three best freeware tools at the moment; plus the use of a HOSTS file to block access to malware-laden websites; plus OpenDNS for anti-phishing protection; plus a monthly use of Spyware Blaster to manually “innoculate” the browser; plus the browser plug-ins “Adblock-Plus” and “Ghostery” and “DoNotTrackMe”; plus the use of the Iron browser by SRWare instead of Chrome (to stop all of Chrome’s privacy violations, yet still provide an exact duplicate of all other aspects of Chrome) all combine, on my system, to create a virtually impenetrable fortress past which, so far, nothing has gotten. And it’s all freeware.

    But, hey… that’s just me.

    Hope that helps!

    Gregg L. DesElms
    Napa, California USA
    gregg at greggdeselms dot com

  • http://www.thewindowsclub.com Anand Khanse

    Thanks for the great, and as usual detailed, comment. Yes, this tool does give the impression that it is not ready for prime-time yet. And that is surprising, considering the fact that it comes from Bitdefender.

    We have already covered some of the other anti-rootkits mentioned by you and will have a look at the others too.

  • Recent Comments