Rootkit removal can be a difficult and frustrating process, though there are a number of tips that can make the process a bit easier. Certain security programs can fairly reliably detect and deal with rootkits that may be present on a computer, though not all security and antivirus programs can effectively do this. Manual removal of a rootkit can be done, though this may be impractical for many computer users. Rootkit removal can potentially require that an infected hard drive be reformatted completely, and any operating system (OS) on the drive be reinstalled afterward.
A rootkit is a type of malicious software, or malware, which can gain access to a computer system and become installed in various levels of an OS. Once a rootkit is on a system, it typically works to hide other forms of malware, such as viruses or worms, or to provide unauthorized users with access to a computer system through a backdoor. Rootkit removal can be very difficult, however, due to the way that a rootkit acts on a computer system, and even detection of an existing rootkit is unlikely through standard antivirus scans. The best and easiest form of rootkit removal is prevention, usually through the use of antivirus and other security software.
Once a rootkit is present on a computer system, however, rootkit removal can sometimes be aided by a security program designed to remove rootkits. Many security suites, such as antivirus programs with other security features, do not have the utilities necessary to remove rootkits, so specialized software is often necessary. This software typically needs to run from a drive that is not infected, such as from a compact disc (CD) or a universal serial bus (USB) hard drive. Even this type of rootkit removal can fail, however, depending on the rootkit and how well protected it is from security software.
One of the most effective forms of rootkit removal, though also quite drastic, is for an infected hard drive to be completely reformatted. This eliminates all data located on the drive, including OS files, any programs installed on the drive, personal files a user has created, and drivers installed on that hard drive. Once the hard drive is reformatted, rootkit removal should be complete, and an OS and other files can be reinstalled and placed onto the drive. Recovery of files from an infected drive can be done prior to reformatting, though this must be done carefully to ensure the rootkit does not spread onto the device to which the files are copied.