How to remove or detect a keylogger? If you suspect someone stole your password, chances are, it could be your girlfriend or boyfriend that installed a Keylogger, also known as a rootkit virus. Keyloggers are legal when used according to the law for monitoring your underage children, however, such tools can be abused for sinister use such as stealing Hotmail and Gmail password, not to mention stealing credit card information.
What is a rootkit virus? A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions ( Windows API ). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install their own drivers and services in the system (they also remain “invisible”).
Most anti keylogger software are designed to scramble keyboard keystrokes, they are not designed to detect and remove these keylogger software from the system, especially those keyloggers that are deeply rooted into the Microsoft Windows Root system.
More often than not, keyloggers are known as a very tough to remove spyware computer surveillance software once it is rooted into the system, sometimes they can automatically insert themselves into your antivirus’ whitelist, thus making your antivirus ignore them. You can try these alternatives.
- 5 Free Antivirus With 60+ Multi-Engines – Best Antivirus Protection
- 15 Best Free Antivirus 2019 For Windows 10 – Microsoft Defender Alternatives
This is where you need a different antivirus software you are currently using, you need a secondary security malware designed to scan and remove rootkit malware such as a keylogger. These standalone anti-malware software are designed from ground up to scan undetectable rootkits.
IMPORTANT – These software can only detect and remove software based keyloggers, it does not stop hardware based USB keyloggers that are plugged to your USB keyboard. To stop hardware keylogger, you will need keyboard scrambler software.
↓ 01 – avast! aswMBR
aswMBR is the rootkit scanner that scans for MBR/VBR/SRV rootkits. It can detect TDL4/3(Alureon), ZAccess, MBRoot (Sinowal), Whistler, SST, Cidox, Pihar and other malware. The current version of aswMBR uses “Virtualization Technology” to improve detection of stealth malware. Please note that to use this feature your machine & CPU must support hardware virtualization.
↓ 02 – GMER
GMER is an application that detects and removes rootkits. It scans for hidden processes, hidden threads, hidden modules, hidden services, hidden files, hidden disk sectors (MBR), hidden Alternate Data Streams, hidden registry keys, drivers hooking SSDT, drivers hooking IDT, drivers hooking IRP calls and inline hooks.
↓ 03 – Kaspersky Lab TDSSKiller
Developed by Kaspersky Lab, TDSSKiller is a FREE handy tool that can quickly detect and remove both known and unknown rootkits, which are programs that can hide the presence of malware in your system. A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API).
It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain “invisible”). The TDSSKiller utility detects and removes the following malware:
- Malware family Rootkit.Win32.TDSS;
List of malicious programs: Rootkit.Win32.TDSS, Rootkit.Win32.Stoned.d, Rootkit.Boot.Cidox.a, Rootkit.Boot.SST.a, Rootkit.Boot.Pihar.a,b,c, Rootkit.Boot.CPD.a, Rootkit.Boot.Bootkor.a, Rootkit.Boot.MyBios.b, Rootkit.Win32.TDSS.mbr, Rootkit.Boot.Wistler.a, Rootkit.Win32.ZAccess.aml,c,e,f,g,h,i,j,k, Rootkit.Boot.SST.b, Rootkit.Boot.Fisp.a, Rootkit.Boot.Nimnul.a, Rootkit.Boot.Batan.a, Rootkit.Boot.Lapka.a, Rootkit.Boot.Goodkit.a, Rootkit.Boot.Clones.a, Rootkit.Boot.Xpaj.a, Rootkit.Boot.Yurn.a, Rootkit.Boot.Prothean.a, Rootkit.Boot.Plite.a, Rootkit.Boot.Geth.a, Rootkit.Boot.CPD.b, Backdoor.Win32.Trup.a,b, Backdoor.Win32.Sinowal.knf,kmy, Backdoor.Win32.Phanta.a,b, Virus.Win32.TDSS.a,b,c,d,e, Virus.Win32.Rloader.a, Virus.Win32.Cmoser.a, Virus.Win32.Zhaba.a,b,c, Trojan-Clicker.Win32.Wistler.a,b,c, Trojan-Dropper.Boot.Niwa.a, Trojan-Ransom.Boot.Mbro.d, e, Trojan-Ransom.Boot.Siob.a, Trojan-Ransom.Boot.Mbro.f.
Malwarebytes Anti-Rootkit BETA drills down and removes even deeply embedded rootkits. Malwarebytes Anti-Rootkit BETA is cutting edge technology for detecting and removing the nastiest malicious rootkits. Removes and repairs the latest rootkits and the damage they cause.
↓ 05 – Norton Power Eraser
Norton Power Eraser uses our most aggressive scanning technology to eliminate threats that traditional virus scanning doesn’t always detect, so you can get your PC back. Because Norton Power Eraser is an aggressive virus removal tool, it may mark a legitimate program for removal. However, you can always undo the results of a scan. It can also help detect and remove Potentially Unwanted Programs. Possibly the best free rootkit scanner and remover.
↓ 06 – Trend Micro RootkitBuster
Malicious software called rootkits can manipulate the components of the Microsoft Windows operating system to conceal how they cause harm. Rootkits can hide drivers, processes, and registry entries from tools using common system application programming interfaces (APIs). Trend Micro RootkitBuster scans hidden files, registry entries, processes, drivers, services, ports, and the master boot record (MBR) to identify and remove rootkits.
↓ 07 – UnHackMe | Free 30 Days
UnHackMe was initially created as anti-rootkit software (2005), but currently eliminates the following types of malicious software – Search redirecting, Popup ads, Potentially unwanted programs (PUPs), Unwanted processes, Slow browsing, Rootkits, Trojans, Spyware, Keyloggers and etc. UnHackMe uses its own database to detect which programs you should remove from your PC. You can agree with it or not. If you find a program on the list that is OK, you can mark it as a False Positive.
- Scanning of installed programs for “Potentially Unwanted Programs” (PUPs).
- Checking for junk files, created by PUPs, adware, and spyware.
- Scanning of Windows startup programs, services, and drivers.
- Testing Windows shortcuts.
- Scanning for rootkits.
- Examining browsers search settings.
- Scanning browsers add-ons.
- Testing the hosts file and DNS settings.
- Testing startup files using several antivirus programs on Virustotal.com.
↓ 08 – AntiSpy
AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks.With its assistance,you can easily spot and neutralize malwares hidden from normal detectors.
↓ 09 – NoVirusThanks Anti-Rootkit
NoVirusThanks Anti-Rootkit is a sophisticated low-level system analysis tool whose main goal is to detect the presence of malware and rootkits. Hidden processes, hidden drivers, stealth DLL modules, code hooks etc. are just a few of the objects which can be detected in user space and system memory.
NoVirusThanks Anti-Rootkit detect undetectable stealth malware is a must-have for anyone seeking true 32-bit Windows NT kernel security and system threat analysis. The vast detection range of industry standard rootkits is truly amazing especially without compromising system stability even in the most hostile, malware-plagued environments.
It is recommended to use this software by experienced users. NoVirusThanks Anti-Rootkit is fully compatible with the following 32-bit Microsoft Windows Operating Systems: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows Server 2012, Windows 7
↓ 10 – Sophos Virus Removal Tool
Sophos Virus Removal Tool scans, detects, and removes any rootkit that is hidden on your computer using advanced rootkit detection technology. Rootkits can lie hidden on computers and remain undetected by antivirus software.
Although new rootkits can be prevented from infecting the system, any rootkits present before your antivirus was installed may never be revealed. Sophos Virus Removal Tool will scan your computer and let you safely and reliably detect and remove any rootkit that might have hidden itself on your system.
- User memory scanning and cleaning
- Kernel memory scanning and cleaning
- File scanning
↓ 11 – Emsisoft Emergency Kit
The Emsisoft Emergency Kit Scanner includes the powerful Emsisoft Scanner complete with graphical user interface. Scan the infected PC for Viruses, Trojans, Spyware, Adware, Worms, Dialers, Keyloggers and other malicious programs. The scanner contains the same functionality as the Emergency Kit Scanner but without a graphical user interface. The command line tool is made for professional users and is perfect for batch jobs. Very good at detecting spyware and removing keyloggers.
- Malware detection – Features the complete dual-scanner technology of Emsisoft Anti-Malware, with millions of signatures for all types of online threats.
- Removal – Thorough quarantine or removal of detected objects with saving of log files.
- Portable – Fully portable solution, no installation required.
- Updates – Self updating with just one click. All software updates included for a year.
↓ 12 – Microsoft RootkitRevealer
RootkitRevealer is an advanced rootkit detection utility. It runs on Windows XP (32-bit) and Windows Server 2003 (32-bit), and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don’t attempt to hide their files or registry keys). If you use it to identify the presence of a rootkit please let us know!
The reason that there is no longer a command-line version is that malware authors have started targeting RootkitRevealer’s scan by using its executable name. We’ve therefore updated RootkitRevealer to execute its scan from a randomly named copy of itself that runs as a Windows service. This type of execution is not conducive to a command-line interface. Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version’s behavior.
↓ 13 – Spy DLL Remover
SpyDllRemover is the specialized tool for detecting Spyware & Hidden Rootkit Dlls in the System. In addition to Spyware Dlls, it can also detect user-land Rootkit processes using multiple Anti-Rootkit techniques. It uses Heuristic analysis and ‘Online Threat Verification’ for deeper analysis of unknown Malware Threats.
- Advanced Spyware Scanner: Detects Hidden User-land Rootkit processes as well as suspicious/injected Dlls within running Processes.
- Hidden Rootkit Detection & Removal: Uses multiple techniques to detect user-land Rootkits such as Direct NT System Call Implementation, Process ID Brute force Method (PIDB) as first used by BlackLight, and CSRSS Process Handle Enumeration Method.
- Unique ‘Advanced DLL Ejection’: This is one of the Advanced & Unique feature of SpyDLLRemover used to completely remove the injected DLL from Remote Process.
- Sophisticated Auto Analysis: Dll & Process Heuristics to help in Identification of known as well as Unknown Threats.
↓ 14 – RKill
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then remove incorrect executable associations and fix policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.
↓ 15 – SuperAntiSpyware Free
Protect your PC from malicious threats from malware, spyware, trojans, and more. SUPERAntiSpyware specializes in unique and hard-to-find malware, identifying and removing instances of malicious threats including Spyware, Adware, Trojans, Worms, Ransomware, Hijackers, Parasites, Rootkits, KeyLoggers, and more.
Protect your computer from threats: spyware, adware, trojans, ransomware, PUPs, hijackers, and more. Get the most up-to-date protection with database updates 2-4x a day and in-depth system scanning and removal tools. Install our lightweight program that won’t slow down your PC, and works with, not against, your antivirus.
↓ 16 – SpyShelter Anti Keylogger [ Discontinued ]
SpyShelter Anti Keylogger provides solid protection in real time against known and unknown “zero-day” spy and monitoring software, for example: keyloggers, screen loggers, webcam loggers, and even advanced financial malware. SpyShelter Anti Keylogger monitors behavior of all currently ongoing actions on your PC and allows you to prevent any action that malware attempts to make.
Thanks to our unique technology, SpyShelter is capable of stopping both commercial and custom-made keyloggers, which cannot be detected by any anti-virus software. Since SpyShelter does not rely on any fingerprint database, you will not have to worry about zero-day malware – your registry, RAM and all applications are going to be protected from the moment you install SpyShelter.
- Protect you against stealing your private data like passwords, chat messages or credit card data.
- Detect and stop dangerous advanced zero-day malware.
- Allow you to define rules for every application. You are in charge of your PC.
- Encrypt keystrokes of all applications on kernel level.
- Protect your webcam and microphone against hijacking.
↓ 17 – USEC RADIX [ Discontinued ]
Rootkits are dangerous programs that are downloaded from the Internet, or present in malicious purchased software, that once installed take over your computer without your knowledge. Rootkits can do anything from logging every one of your keystrokes, including usernames and passwords, email messages or even your word processing documents and sending that data off to hackers, to executing programs in the background without your knowledge or permission.
And there’s nothing that you can do about it unless you take the time right now to install Radix. It’s your best hope against combating Rootkit Attacks. Here’s what Radix does…
- Detects and removes Rootkits using sophisticated methodologies.
- Detects and repairs drivers that have been modified by Rootkits.
- Detects and repairs computer processes modified by Rootkits.
- Detects and reveals hidden processes and files, including Alternate Data Streams (ADS).
- Allows the removal of “locked” or “unremovable” processes and files.
- Provides to dump memory areas from processes.
- Shows the Global Descriptor Table (GDT) for advanced Rootkit Detection capabilities.
- Shows the Import Address Table (IAT) for advanced Rootkit Detection capabilities.
- Shows the Interrupt Descriptor Table (IDT) for advanced Rootkit Detection capabilities.
- Shows hidden Registry Keys.
- Operates in both command line mode for power users, or as a graphical tool for regular users.
↓ 18 – Bitdefender Rootkit Remover [ Discontinued ]
The Bitdefender Rootkit Remover deals with known rootkits quickly and effectively making use of award-winning Bitdefender malware removal technology. Unlike other similar tools, Bitdefender Rootkit Remover can be launched immediately, without the need to reboot into safe mode first (although a reboot may be required for complete cleanup).
Rootkit Remover deals easily with Mebroot, all TDL families (TDL/SST/Pihar), Mayachok, Mybios, Plite, XPaj, Whistler, Alipop, Cpd, Fengd, Fips, Guntior, MBR Locker, Mebratix, Niwa, Ponreb, Ramnit, Stoned, Yoddos, Yurn, Zegost and also cleans infections with Necurs (the last rootkit standing). Both x86 and x64 Rootkit Remover kits are available, please choose the appropriate one for your system.
↓ 19 – PCHunter anti-rootkit [ Discontinued ]
PCHunter anti-rootkit is a free and handy toolkit for Windows with various powerful features for kernel structure viewing and manipulation. It offers you the ability with the highest privileges to detect, analyze and restore various kernel modifications and gives you a wide scope of the kernel. With its assistance, you can easily spot and neutralize malwares hidden from normal detectors.
Take caution when opening attachments: Keyloggers can be present in files received through email, chats, P2P networks, text messages or even social networks. If someone sends you an email out of the cold or the contents of the email are asking for your personal information, chances are there’s a keylogger in there somewhere.
How to remove rootkit virus? Where to download free rootkit detection and removal software? A rootkit virus, trojan, spyware and worm is a malware program that has administrator level access to all the network systems. What it does is it burrows itself deep into the system and hides itself, making it almost invisible and hard to be removed and detected by antivirus.
Usually rootkit malware monitor traffic, keystroke and allow backdoor access for spreading viruses and trojans, some even turn your computer into a botnet – a term known as sending out spam mail via your computer without you ever knowing.
It is hard for normal antivirus to detect their presence because rootkit tends to boot up along with windows before the antivirus is booted up. Most antivirus now comes with rootkit detector and detection ability, not to mention the ability to remove these rootkits, however, if the rootkit malware is present prior to the installation of the new antivirus, then it is not possible for the antivirus to detect it.