Selection of Anti-rootkits snapshots:
(Click to enlarge)

AVG Anti-Rootkit Free


Avira AntiRootkit




F-Secure BlackLight






McAfee Rootkit Detective Beta


Panda Anti-Rootkit




Rootkit Buster


Rootkit Unhooker


Sophos Anti-Rootkit



Lists of freeware antirootkit Edit

Currently (2006-2007), rootkits are the number 1 threat on most people's horizons. Surprisingly, most of the current offerings that specifically target rootkits are freeware or open source.


nprotect Issue  (for Game Users)

call game guard  well     these are rootkit made by South Korea

so there is exception as below  We should get rid of it manually

For windows users

32bit (x86): %windir%\system32\ (ex: C:\Windows\system32\)

64bit (x64): %windir%\SysWOW64\ (ex: C:\Windows\SysWOW64\)

find these and get rid of


and type regedit in start menu to open registry and find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPPTNT2\ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npggsvc\



for me how to delete nprotect     it took a long time  5 years?

so I put in here..   prepare for law suits      lol      thanks

Memory resident antirootkit Edit

  1. AVZGuard - (second download on the right is English)
  2. Helios - Helios Lite does not require installation
  3. Vista GMER - StarRecommended
  4. See also Lists of freeware behavior blockers

These are antirootkits that claim to have a resident shield component. Not very common, and unlikely to be very different from HIPS

On demand antirootkit scanners Edit

Standalone scanners by conventional AV companies Edit

  1. AVG Anti-Rootkit Free -
  2. Avira AntiRootkit Tool -
  3. BitDefender Rootkit Uncover -
  4. Vista F-Secure BlackLight (beta) - Star
  5. McAfee Rootkit Detective -
  6. Panda Anti-Rootkit - Recommended
  7. Rootkit Buster (Trend Micro) -
  8. Sophos Anti-Rootkit -

Most of these stand alone anti-rootkit released by AV companies are relatively new (BlackLight is the oldest). Many will eventually be incorporated into future products to extend anti-rootkit abilities. Avira AntiRootkit Tool is already built into Antivir. Because they have being slower to the game compared to independent developers (see next section), they are probably not very effective.

Relatively well known and popular antirootkits Edit

  1. DarkSpy - Star
  2. Vista GMER - Mirrorsite - StarRecommended
  3. Radix -
  4. Vista IceSword - and IceSword 1.2 for Vista Star
  5. RootkitRevealer - Star
  6. Vista Rootkit Unhooker - http://rkunhooker1. StarRecommended
  7. System Virginity Verifier -

These are rootkit scanners released by independent (none-AV) developers. RootkitRevealer was the original anti-rootkit that sparked off the recent arm's race in this area. IceSword and DarkSpy (both from China) are excellent but development has slowed. GMER and Rootkit Unhooker are cutting edge tools that are still being developed rapidly.

Note: While some of the anti-rootkit tools above are by well known developers (RootkitRevealer and System Virginity Verifier comes to mind) , others are by developers who have chosen to remain anonymous (or semi-anonymous), so there might be some suspicion . However the tools listed in this section are well known and have received quite a lot of scrutiny so they are unlikely to be malicious. Be wary of downloading any new anti-rootkit tool or claimed new version from unknown sources though.

Others Edit

  1. Vista Process Revealer - Recommended
  2. Archon Scanner (beta) -
  3. Avzguard - (second download on the right is English)
  4. BreakPE -
  5. Catchme - Recommended
  6. Helios -
  7. Hookexplorer -
  8. Processwalker -
  9. RAIDE -
  10. RegReveal -
  11. RKDetector v2.0 -
  12. Rustbfix -
  13. rootchk - Recommended
  14. Rootkit Hook Analyzer -
  15. SafetyCheck - (untested)
  16. Seems System Eyes & Ears Monitor -
  17. SysProt AntiRootkit -
  18. Vista UnHackMe (betaware and nagware) -

Rootchk (and Catchme) is sometimes used on HJT help forums. Most of the others are lesser known and/or in beta.

Others (mostly outdated)Edit

  1. Detectproc -
  2. Flister (outdated) -
  3. modGREPER -
  4. Klister -
  5. Patchfinder II (outdated) -
  6. Vice (outdated)-
  7. See also Lists of freeware behavior blockers,Lists of freeware antivirus, Lists of freeware antispyware and Lists of freeware antitrojan that might detect rootkits using signatures etc.

Many of the tools listed here are probably out of date. Some are newer but in a beta or even alpha state or are simply unpopular.

Linux Edit

  1. chkrootkit -
  2. OS X Rootkit Hunter -
  3. Rkscan -
  4. Rootkit Hunter -
  5. Rootkit Profiler LX -
  6. Rootkitty -
  7. Unhide -
  8. Zeppoo -

Information links Edit

This article is part of the Lists of Freeware Security Software: Malware Control series.

Freeware Anti-Viruses | Freeware Anti-Spyware | Freeware Anti-Trojans | Freeware Anti-Keyloggers | Freeware Anti-Rootkits | Freeware Firewalls | Freeware Behavior blockers | Freeware Sandboxes | Freeware Virtualization | Freeware Security analysis tools | Freeware Hardening tools | Freeware Blocklists | Freeware security services (excluding virus scanners) | Freeware Anti-Phishing | List of portable tools | List of unclassified tools

Related : Lists of online scanners