20 Free Rootkit / Keylogger Remover And Detector – Stop Undetectable Spyware & Surveillance Malware

Updated: June 4, 2019 / Home » Computer and Internet Security » Download Free Antivirus [ Windows / macOS ]

How to remove or detect a keylogger? If you suspect someone stole your password, chances are, it could be your girlfriend or boyfriend that installed a Keylogger, also known as a rootkit virus. Keyloggers are legal when used according to the law for monitoring your underage children, however, such tools can be abused for sinister use such as stealing Hotmail and Gmail password, not to mention stealing credit card information.

Alternative Article ➤ 9 Free Anti-Keyloggers, Keyboard Stroke Scramblers And Virtual Keyboards

What is a rootkit virus? A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions ( Windows API ). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain “invisible”).

Most anti keylogger software are designed to scramble keyboard keystrokes, they are not designed to detect and remove these keylogger software from the system, especially those keylogger that are deeply rooted into the Microsoft Windows Root system. More often than not, keylogger are known as a very tough to remove spyware computer surveillance software once it is rooted into the system, sometimes they can automatically insert themselves into your antivirus’ whitelist, thus making your antivirus ignoring them. You can try these alternatives.

This is where you need a different antivirus software you are currently used, you need a secondary security malware designed to scan and remove rootkit malware such as a keylogger. These standalone anti-malware software are designed from ground up to scan undetectable rootkits. IMPORTANT – These software can only detect and remove software based keylogger, it does not stop hardware based USB keyloggers that are plugged to your USB keyboard. To stop hardware keylogger, you will need a keyboard scrambler software.

↓ 01 – avast! aswMBR

avast aswmbr anti keylogger

aswMBR is the rootkit scanner that scans for MBR/VBR/SRV rootkits. It can detect TDL4/3(Alureon), ZAccess, MBRoot (Sinowal), Whistler, SST, Cidox, Pihar and other malware. The current version of aswMBR uses “Virtualization Technology” to improve detection of stealth malware. Please note that to use this feature your machine & CPU must support hardware virtualization.

↓ 02 – GMER

gmer anti rootkit keylogger

GMER is an application that detects and removes rootkits. It scans for hidden processes, hidden threads, hidden modules, hidden services, hidden files, hidden disk sectors (MBR), hidden Alternate Data Streams, hidden registry keys, drivers hooking SSDT, drivers hooking IDT, drivers hooking IRP calls and inline hooks.

↓ 03 – Kaspersky Lab TDSSKiller

Kaspersky Lab TDSSKiller

Developed by Kaspersky Lab, TDSSKiller is a FREE handy tool that can quickly detect and remove both known and unknown rootkits, which are programs that can hide the presence of malware in your system. A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API).

It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain “invisible”). The TDSSKiller utility detects and removes the following malware:

  • Malware family Rootkit.Win32.TDSS;
  • Bootkits;
  • Anti-Keylogger
  • Rootkits

List of malicious programs: Rootkit.Win32.TDSS, Rootkit.Win32.Stoned.d, Rootkit.Boot.Cidox.a, Rootkit.Boot.SST.a, Rootkit.Boot.Pihar.a,b,c, Rootkit.Boot.CPD.a, Rootkit.Boot.Bootkor.a, Rootkit.Boot.MyBios.b, Rootkit.Win32.TDSS.mbr, Rootkit.Boot.Wistler.a, Rootkit.Win32.ZAccess.aml,c,e,f,g,h,i,j,k, Rootkit.Boot.SST.b, Rootkit.Boot.Fisp.a, Rootkit.Boot.Nimnul.a, Rootkit.Boot.Batan.a, Rootkit.Boot.Lapka.a, Rootkit.Boot.Goodkit.a, Rootkit.Boot.Clones.a, Rootkit.Boot.Xpaj.a, Rootkit.Boot.Yurn.a, Rootkit.Boot.Prothean.a, Rootkit.Boot.Plite.a, Rootkit.Boot.Geth.a, Rootkit.Boot.CPD.b, Backdoor.Win32.Trup.a,b, Backdoor.Win32.Sinowal.knf,kmy, Backdoor.Win32.Phanta.a,b, Virus.Win32.TDSS.a,b,c,d,e, Virus.Win32.Rloader.a, Virus.Win32.Cmoser.a, Virus.Win32.Zhaba.a,b,c, Trojan-Clicker.Win32.Wistler.a,b,c, Trojan-Dropper.Boot.Niwa.a, Trojan-Ransom.Boot.Mbro.d, e, Trojan-Ransom.Boot.Siob.a, Trojan-Ransom.Boot.Mbro.f.

↓ 04 – Malwarebytes Anti-Rootkit Beta

Malwarebytes Anti-Rootkit

Malwarebytes Anti-Rootkit BETA drills down and removes even deeply embedded rootkits. Malwarebytes Anti-Rootkit BETA is cutting edge technology for detecting and removing the nastiest malicious rootkits. Removes and repairs the latest rootkits and the damage they cause.

↓ 05 – Intel’s McAfee RootkitRemover

Intel McAfee Rootkit Remover

McAfee RootkitRemover is a stand-alone utility used to detect and remove complex rootkits and associated malware. Currently it can detect and remove ZeroAccess, Necurs and TDSS family of rootkits. McAfee Labs plans to add coverage for more rootkit families in future versions of the tool.

↓ 06 – Norton Power Eraser

Norton Power Eraser rootkit keylogger detector

Norton Power Eraser uses our most aggressive scanning technology to eliminate threats that traditional virus scanning doesn’t always detect, so you can get your PC back. Because Norton Power Eraser is an aggressive virus removal tool, it may mark a legitimate program for removal. However, you can always undo the results of a scan. It can also help detect and remove Potentially Unwanted Programs. Possibly the best free rootkit scanner and remover.

↓ 07 – Trend Micro RootkitBuster

Trend Micro RootkitBuster remover

Malicious software called rootkits can manipulate the components of the Microsoft Windows operating system to conceal how they cause harm. Rootkits can hide drivers, processes, and registry entries from tools using common system application programming interfaces (APIs). Trend Micro RootkitBuster scans hidden files, registry entries, processes, drivers, services, ports, and the master boot record (MBR) to identify and remove rootkits.

↓ 08 – UnHackMe | Free 30 Days

UnHackMe

UnHackMe was initially created as anti-rootkit software (2005), but currently eliminates the following types of malicious software – Search redirecting, Popup ads, Potentially unwanted programs (PUPs), Unwanted processes, Slow browsing, Rootkits, Trojans, Spyware, Keyloggers and etc. UnHackMe uses its own database to detect which programs you should remove from your PC. You can agree with it or not. If you find a program on the list that is OK, you can mark it as a False Positive.

  • Scanning of installed programs for “Potentially Unwanted Programs” (PUPs).
  • Checking for junk files, created by PUPs, adware, and spyware.
  • Scanning of Windows startup programs, services, and drivers.
  • Testing Windows shortcuts.
  • Scanning for rootkits.
  • Examining browsers search settings.
  • Scanning browsers add-ons.
  • Testing the hosts file and DNS settings.
  • Testing startup files using several antivirus programs on Virustotal.com.
Related Article :   FREE Norton Antivirus and Internet Security 2019 - 90 Days Trial

↓ 09 – AntiSpy

AntiSpy anti keylogger

AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks.With its assistance,you can easily spot and neutralize malwares hidden from normal detectors.

↓ 10 – NoVirusThanks Anti-Rootkit

NoVirusThanks Anti-Rootkit

NoVirusThanks Anti-Rootkit is a sophisticated low-level system analysis tool whose main goal is to detect the presence of malware and rootkits. Hidden processes, hidden drivers, stealth DLL modules, code hooks etc. are just a few of the objects which can be detected in user space and system memory.

NoVirusThanks Anti-Rootkit detect undetectable stealth malware is a must-have for anyone seeking true 32-bit Windows NT kernel security and system threat analysis. The vast detection range of industry standard rootkits is truly amazing especially without compromising system stability even in the most hostile, malware-plagued environments. It is recommended to use this software by experienced users. NoVirusThanks Anti-Rootkit is fully compatible with the following 32-bit Microsoft Windows Operating Systems: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2012, Windows 7

↓ 11 – PCHunter anti-rootkit

PCHunter anti-rootkit

PCHunter anti-rootkit is a free and handy toolkit for Windows with various powerful features for kernel structure viewing and manipulation. It offers you the ability with the highest privileges to detect, analyze and restore various kernel modifications and gives you a wide scope of the kernel. With its assistance, you can easily spot and neutralize malwares hidden from normal detectors.

↓ 12 – USEC RADIX

USEC RADIX

Rootkits are dangerous programs that are downloaded from the Internet, or present in malicious purchased software, that once installed take over your computer without your knowledge. Rootkits can do anything from logging every one of your keystrokes, including user names and passwords, email messages or even your word processing documents and sending that data off to hackers, to executing programs in the background without your knowledge or permission.

And there’s nothing that you can do about it unless you take the time right now to install Radix. It’s your best hope against combating Rootkit Attacks. Here’s what Radix does…

  • Detects and removes Rootkits using sophisticated methodologies.
  • Detects and repairs drivers that have been modified by Rootkits.
  • Detects and repairs computer processes modified by Rootkits.
  • Detects and reveals hidden processes and files, including Alternate Data Streams (ADS).
  • Allows the removal of “locked” or “unremovable” processes and files.
  • Provides to dump memory areas from processes.
  • Shows the Global Descriptor Table (GDT) for advanced Rootkit Detection capabilities.
  • Shows the Import Address Table (IAT) for advanced Rootkit Detection capabilities.
  • Shows the Interrupt Descriptor Table (IDT) for advanced Rootkit Detection capabilities.
  • Shows hidden Registry Keys.
  • Operates in both command line mode for power users, or as a graphical tool for regular users.

↓ 13 – Sophos Virus Removal Tool

Sophos Virus Removal Tool

Sophos Virus Removal Tool scans, detects, and removes any rootkit that is hidden on your computer using advanced rootkit detection technology. Rootkits can lie hidden on computers and remain undetected by antivirus software. Although new rootkits can be prevented from infecting the system, any rootkits present before your antivirus was installed may never be revealed. Sophos Virus Removal Tool will scan your computer and let you safely and reliably detect and remove any rootkit that might have hidden itself on your system.

  • User memory scanning and cleaning
  • Kernel memory scanning and cleaning
  • File scanning

↓ 14 – Emsisoft Emergency Kit

Emsisoft Emergency Kit

The Emsisoft Emergency Kit Scanner includes the powerful Emsisoft Scanner complete with graphical user interface. Scan the infected PC for Viruses, Trojans, Spyware, Adware, Worms, Dialers, Keyloggers and other malicious programs. The scanner contains the same functionality as the Emergency Kit Scanner but without a graphical user interface. The commandline tool is made for professional users and is perfect for batch jobs. Very good at detecting spyware and removes keylogger.

  • Malware detection – Features the complete dual-scanner technology of Emsisoft Anti-Malware, with millions of signatures for all types of online threats.
  • Removal – Thorough quarantine or removal of detected objects with saving of log files.
  • Portable – Fully portable solution, no installation required.
  • Updates – Self updating with just one click. All software updates included for a year.

↓ 15 – Microsoft RootkitRevealer

Microsoft Rootkit Revealer

RootkitRevealer is an advanced rootkit detection utility. It runs on Windows XP (32-bit) and Windows Server 2003 (32-bit), and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don’t attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!

The reason that there is no longer a command-line version is that malware authors have started targetting RootkitRevealer’s scan by using its executable name. We’ve therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service. This type of execution is not conducive to a command-line interface. Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version’s behavior.

Related Article :   Microsoft Security Essentials - Free Anti Virus Protection Software

↓ 16 – Bitdefender Rootkit Remover

Bitdefender Rootkit Remover

The Bitdefender Rootkit Remover deals with known rootkits quickly and effectively making use of award-winning Bitdefender malware removal technology. Unlike other similar tools, Bitdefender Rootkit Remover can be launched immediately, without the need to reboot into safe mode first (although a reboot may be required for complete cleanup).

Rootkit Remover deals easily with Mebroot, all TDL families (TDL/SST/Pihar), Mayachok, Mybios, Plite, XPaj, Whistler, Alipop, Cpd, Fengd, Fips, Guntior, MBR Locker, Mebratix, Niwa, Ponreb, Ramnit, Stoned, Yoddos, Yurn, Zegost and also cleans infections with Necurs (the last rootkit standing). Both x86 and x64 Rootkit Remover kits are available, please choose the appropriate one for your system.

↓ 17 – SpyShelter Anti Keylogger | Free 14 Days

SpyShelter Anti Keylogger

SpyShelter Anti Keylogger provides solid protection in real time against known and unknown “zero-day” spy and monitoring software, for example: keyloggers, screen loggers, webcam loggers, and even advanced financial malware. SpyShelter Anti Keylogger monitors behavior of all currently ongoing actions on your PC and allows you to prevent any action that malware attempts to make.

Thanks to our unique technology, SpyShelter is capable of stopping both commercial and custom-made keyloggers, which cannot be detected by any anti-virus software. Since SpyShelter does not rely on any fingerprint database, you will not have to worry about zero-day malware – your registry, RAM and all applications are going to be protected from the moment you install SpyShelter.

  • Protect you against stealing your private data like passwords, chat messages or credit card data.
  • Detect and stop dangerous advanced zero-day malware.
  • Allow you to define rules for every application. You are in charge of your PC.
  • Encrypt keystrokes of all applications on kernel level.
  • Protect your webcam and microphone against hijacking.

↓ 18 – Spy DLL Remover

Spy DLL Remover

SpyDllRemover is the specialized tool for detecting Spyware & Hidden Rootkit Dlls in the System. In addition to Spyware Dlls, it can also detect user-land Rootkit processes using multiple Anti-Rootkit techniques. It uses Heuristic analysis and ‘Online Threat Verification’ for deeper analysis of unknown Malware Threats.

  • Advanced Spyware Scanner: Detects Hidden User-land Rootkit processes as well as suspicious/injected Dlls within running Processes.
  • Hidden Rootkit Detection & Removal: Uses multiple techniques to detect user-land Rootkits such as Direct NT System Call Implementation, Process ID Brute force Method (PIDB) as first used by BlackLight, and CSRSS Process Handle Enumeration Method.
  • Unique ‘Advanced DLL Ejection’: This is one of the Advanced & Unique feature of SpyDLLRemover used to completely remove the injected DLL from Remote Process.
  • Sophisticated Auto Analysis: Dll & Process Heuristics to help in Identification of known as well as Unknown Threats.

↓ 19 – RKill

RKill

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.

↓ 20 – SuperAntiSpyware Free

SuperAntiSpyware Free

Protect your PC from malicious threats from malware, spyware, trojans, and more. SUPERAntiSpyware specializes in unique and hard-to-find malware, identifying and removing instances of malicious threats including Spyware, Adware, Trojans, Worms, Ransomware, Hijackers, Parasites, Rootkits, KeyLoggers, and more.

Protect your computer from threats: spyware, adware, trojans, ransomware, PUPs, hijackers, and more. Get the most up-to-date protection with database updates 2-4x a day and in-depth system scanning and removal tools. Install our lightweight program that won’t slow down your PC, and works with, not against, your antivirus.

Conclusion

Take caution when opening attachments: Keyloggers can be present in files received through email, chats, P2P networks, text messages or even social networks. If someone sends you an email out of the cold or the contents of the email are asking for your personal information, chances are there’s a keylogger in there somewhere.

How to remove rootkit virus? Where to download free rootkit detection and removal software? A rootkit virus, trojan, spyware and worm is a malware program that has administrator level access to all the network system. What it does is it burrows itself deep into the system and hides itself, making it almost invisible and hard to be removed and detected by antivirus.

Usually rootkit malware monitor traffic, keystroke and allow backdoor access for spreading viruses and trojans, some even turn your computer into a botnet – a term known as sending out spam mail via your computer without you ever knowing.

It is hard for normal antivirus to detect their presence because rootkit tend to bootup along with windows before the antivirus is booted up. Most antivirus now comes with rootkit detector and detection ability, not to mention the ability to remove these rootkit, however, if the rootkit malware is presence prior to the installation of the new antivirus, then it is not possible for the antivirus to detect it.


28 Comments

  1. Gravatar

    How come you missed application such as SpyShelter which is far superior to those applications. Comodo also has a decent HIPS which deals with it.

    • Gravatar
      Ngan Tengyuen [ Reply ]

      Thanks for the info, we’ll update the list.

  2. Gravatar

    LOL. Best keylogger protection like SpyShelter Anti-Keylogger is absent there…seriously?

    • Gravatar
      Ngan Tengyuen [ Reply ]

      This is like the 2nd time your company or someone related to your company drop such comment. Perhaps you guys should hire a better SEO for your website. Cheers.

      • Gravatar

        LOL I’m not connected with them. Perhaps you having paranoia or flashbacks, you should learn more about topic you are going to make suggestions to other people.

        • Gravatar
          Ngan Tengyuen [ Reply ]

          Yes, you are my friend. Your IP address doesn’t lie, both you and aron are from an office in Poland, and spyshelter is a polish company. Try harder. Get someone to fix your website SEO and perhaps spend some money on Google Adwords. Good Luck.

          p.s. I will update the list when I find the time to add a few more to the list. Cheers.

          • Gravatar
            Corey

            There is like 40 million people in Poland, just saying…

          • Gravatar
            Ngan Tengyuen

            40 million and so happened to share the same IP address and replying with the same ‘tone’. What are the odds? At least use a VPN to mask the IP address if they intend to drop fake comments about their own product.

          • Gravatar
            Roben

            You lie simply, all you want is writing bullshit and get naive audience. Aron wasn’t me so probability of same IP is near to 0 as an author of this blog you can write anything and you use your right. Yes I’m from Poland but I don’t believe in accidents as well so Aron and Roben don’t have the same IP why? Because it was not me repeating this 3rd and last time.

          • Gravatar
            Ngan Tengyuen

            Enough my friend. enough of these fake comments all over the blogs. if the product is good, people will write and recommend, no need to create fake reviews. good bye.

  3. Gravatar
    jack fox [ Reply ]

    Not bad review but sounds like paid review by MBAM. There is lack of major anti loggers programs and other great antirootkit including freeware.

    • Gravatar
      Ngan Tengyuen [ Reply ]

      Paid review from all 8 companies? I must be very rich by now.

  4. Gravatar

    Ngan,
    Good review thank you. Sad that the above responders are such retards. I certainly wont take a look at spyshelter now :)
    Have you heard of Cylance yet?

  5. Gravatar
    Mickel [ Reply ]

    Good tips! I didn’t knew about Bitdefender Rootkit Remover, aswMBR and GMER.
    But I think that Malwarebytes Anti-Rootkit is unnecessary, because Malwarebytes Anti-Malware (even the FREE one) has a rootkit scanner and remover built-in. If you open “Settings” and click on “Detection and Protection” (left sidebar), then you will see the option to check/enable “Scan for rootkits”.

    Cheers,

    Mickel

  6. Gravatar

    The comments here are funny so I felt I had to respond. I’m a Computer Tech… so… yeah.

    First of all, if you weren’t paying attention, this article isn’t posting anti-keylogger software, it appears to be directed more toward removal of keyloggers aka removal of rootkits. Everybody posting protection software isn’t paying attention. There’s a difference between removal software and software designed to confuse keyloggers.

    Secondly, I can also confirm Aron and Roben are the same person / company. :)

    • Gravatar

      Hi Adam,

      how can you tell they are the same and see their ip? Just wondering cause I can’t yet yourself and the other guy could.

  7. Gravatar

    @Mickel
    thanks for the tip about Malwarebytes & rootkits. :)

  8. Gravatar
    Samantha @ BMRT [ Reply ]

    This is a nice review! I know someone who has tried BitDefender and Norton and it turned out to be great. It performed tasks the way it should be. Everything must be bought from this list, right?

  9. Gravatar

    This is a naive question- I am very new to this. I suspect my ex installed a keylogger on my computer. I not only want to detect and remove it, I want to be able to prove that it was installed in the first place. Will these software be able to show that, too? Which one would be the best one for that?

  10. Gravatar
    aLenOver [ Reply ]

    Yes is the beste Anti-Keylooger why have virus this >> 06 – GMER – Rootkit Detector And Remover

    —————————————————
    Baidu Win32.Trojan.WisdomEyes.16070401.9500.9608 20170503
    Invincea pws.win32.onlinegames.nk
    —————————————————-
    Scanned by virustotal.com and Kaspersky Premium ! + Avast Premium !

  11. Gravatar

    Huge thanks. I run webroots anti-virus and rootkit and it found nothing. I also ran a couple other malware programs that found nothing. When my credit card numbers were stolen 4 times in some 6 weeks, I knew I had to have some keystroke tracking software on my machine. I found your article and ran Malwarebytes, which found 6 problems. I am hopeful that my problems with my card numbers being stolen are gone. Thanks so much!

  12. Gravatar
    Albert [ Reply ]

    Hey hey hey. It doesn’t take too long to discover just how “dangerous” a place the internet can really BE! In browsing the internet, I ended up g3etting root kits, spyware, you name it. Worse yet, every time I blog now, somebody always follows along behind me and erases everything I say!!! Who this person, persons, or organization may be, I have absolutely NO idea at all, whatsoever. But they seem to sit there on my shoulder ( much like a digital “parrot!!!” ) watching everything I do or say!!! If I blog on “PermaLink”, or “WordPress”, they don’t seem to have the ability to strike my “comments” from the ledger. But if I blog on YouTube, my comments usually get struck down before very many people have the chance to read them. Someone obviously has remotely installed a system on my computer that “alerts” them every time I start tapping away on the keyboard!!! This “alert system” probably does include a keystroke logger.

  13. Gravatar

    This does not seem a solution for me. Im from malaysia as my experience where my number and phone till today were stalk by the bos and some people in the office. They seem can detect and locate every part of my life just by using my phone and number. They also can read all my sms, email, whatsapp and when i making a call to anyone.
    The bos willing to pay that person just to stalk my life.

  14. Gravatar

    HAHAHA, All this sounds like a scam, even though i believe in MBAM etc. Because they are free and help. Spybot search and destroy is another good one but of interest –

    Why is the OP and 2 so-called people from Poland arguing, when they both attach a link to each others blog? For example the Polish recommend Spy Shelter, which if you click on the “”4 Best Free Anti Keystroke Spying Monitoring Software, Detector and Remover”” you are taken to a blog that low and behold has Spy Shelter listed as number 2….. Seems pretty odd that this would happen wouldn’t you think?

  15. Gravatar

    And lastly, I can also confirm Aron,Roben and Adam are the same person / company. :)
    You want fake news ..this is really funny

  16. Gravatar
    Dorado Boy [ Reply ]

    Thank you Ngan. Pay no attention to anybody attempting propaganda here. Those of us that actually do wan’t to help protect the world will prevail and keep on doing so, as we have done forever. Great list!

  17. Gravatar
    Ajay Ghale [ Reply ]

    Wow those guys from SpyShelter are really something..I was seriously looking into SS for a corporate use anti-keylogger solution, no way I’m going for it now! Good review Ngan!

  18. Gravatar
    Anti-Spyshelter [ Reply ]

    Spyshelter is a fraudulent company.

Leave a Reply

Your email address will not be published. Required fields are marked *