A rootkit removal tool is a tool used to remove a type of malware that’s harder to get rid of than standard viruses. Rootkits are simply tools that bypass regular OS protocols by installing hidden files and processes, creating hidden user accounts, and establishing other malicious activities in the system OS. Removing a rootkit manually can be quite difficult to do for a typical user as there may be multiple steps involved and some tweaking of various system files. Rootkits can even reappear if not completely removed from all locations.
Many software vendors who specialize in security applications already offer these kinds of removal tools, which are often included in a special anti-virus suite or as separate installable applications. The tool automatically detects the rootkit inside a user’s system and then proceeds in removing it. Some anti-malware software avoids file system APIs because rootkits have the ability to manipulate them and make themselves invisible. Instead, these scanners check the raw file system structures and validate these against the system’s API to spot changes that may have been caused by rootkits.
One of the stronger rootkit removal tools is the Microsoft Windows Malicious Software Removal Tool, which accesses raw file systems and validates the information inside to identify certain differences that could be attributed to a rootkit. Other examples of rootkit removal tools include Bitdefender’s Rootkit Remover and Kaspersky’s TDSSKiller.