How to Manually Remove a Rootkit Infection

By Thomas King

A rootkit consists of a series of programs used by hackers to hide their malicious programs from antivirus and other security programs. However, not all rootkits are installed by hackers. Some legitimate antivirus programs use rootkits to counteract the actions of hackers. Consequently, it is recommended that you back up your system before attempting to delete any rootkits.

Enable Boot Log

Step 1

Click on the "Start" menu and select "Run."

Step 2

Type "msconfig" into the open box and click "OK."

Step 3

Click on the "Boot" tab and check the box next to "Boot Log."

Step 4

Click "Apply" and then restart your computer.

Locate Infected Files

Step 1

Click on the "Start" menu, then "Search Files and Folders."

Step 2

Search for any files that start with the following names. Write down the full name (i.e. rot.exe or rot.sys) of every file that you find. "rot""gas""gaopdx""seneka""win32k.sys""uacd""tdss""tdss""kungsf""gxvxc""ovsfth""msqp""ndisp""msivx""skynet"

Step 3

Close the "Search Files and Folders" window.

Disable File Permission

Step 1

Click on the "Start" menu and then click "Run."

Step 2

Type "cmd" into the open box and click "OK." The Command Prompt window will open.

Step 3

Type "cacls C:WINDOWSsystem32drivers [filename] /d everyone" into the Command Prompt window and press "ENTER." Note that [filename] should be replaced with the file name that you wrote down in Section 2, Step 2. For example, "cacls C:WINDOWSsystem32drivers rot.sys /d everyone" Do this for every file you wrote down.

Step 4

Restart your computer.

Delete Infected Files

Step 1

Click on the "Start" menu.

Step 2

Click on "Search Files and Folders."

Step 3

Search for every file that you wrote down and delete them. To delete a file, simply right-click on it and select "Delete."