How to Manually Remove a Rootkit Infection

A rootkit consists of a series of programs used by hackers to hide their malicious programs from antivirus and other security programs. However, not all rootkits are installed by hackers. Some legitimate antivirus programs use rootkits to counteract the actions of hackers. Consequently, it is recommended that you back up your system before attempting to delete any rootkits.

...

Enable Boot Log

Step

Click on the "Start" menu and select "Run."

Step

Type "msconfig" into the open box and click "OK."

Step

Click on the "Boot" tab and check the box next to "Boot Log."

Step

Click "Apply" and then restart your computer.

Locate Infected Files

Step

Click on the "Start" menu, then "Search Files and Folders."

Step

Search for any files that start with the following names. Write down the full name (i.e. rot.exe or rot.sys) of every file that you find. "rot""gas""gaopdx""seneka""win32k.sys""uacd""tdss""tdss""kungsf""gxvxc""ovsfth""msqp""ndisp""msivx""skynet"

Step

Close the "Search Files and Folders" window.

Disable File Permission

Step

Click on the "Start" menu and then click "Run."

Step

Type "cmd" into the open box and click "OK." The Command Prompt window will open.

Step

Type "cacls C:WINDOWSsystem32drivers [filename] /d everyone" into the Command Prompt window and press "ENTER." Note that [filename] should be replaced with the file name that you wrote down in Section 2, Step 2. For example, "cacls C:WINDOWSsystem32drivers rot.sys /d everyone" Do this for every file you wrote down.

Step

Restart your computer.

Delete Infected Files

Step

Click on the "Start" menu.

Step

Click on "Search Files and Folders."

Step

Search for every file that you wrote down and delete them. To delete a file, simply right-click on it and select "Delete."