Bitdefender releases Rootkit Remover tool for Windows

Martin Brinkmann
Feb 7, 2013
Antivirus, Security

Rootkits are usually harder to identify and remove than regular malware due to the way these programs integrate themselves on a computer system. It is probably thanks to Sony and the company's infamous music CD rootkit that a larger audience became aware of rootkits in general and how dangerous they are.

Two types of rootkit removers exist. First programs that run more or less on their own, Kaspersky's TDSSKiller is an example of that, and second programs that scan the system but leave the interpretation of results to the user, with Gmer 2.0 being an example of that.

The first group of programs is usually only efficient against a set of rootkits, while the second group may identify them all but it also prone to report false positives.

Bitdefender's Rootkit Remover falls into the first group of programs, as it identifies and deletes a set of known rootkits from Windows systems. The program is available for 32-bit and 64-bit editions of Windows and runs more or less on its own. At the time of writing, it is capable of detecting and removing the following rootkits:

Rootkit Remover deals easily with Mebroot, all TDL families (TDL/SST/Pihar), Mayachok, Mybios, Plite, XPaj, Whistler, Alipop, Cpd, Fengd, Fips, Guntior, MBR Locker, Mebratix, Niwa, Ponreb, Ramnit, Stoned, Yoddos, Yurn, Zegost and also cleans infections with Necurs (the last rootkit standing)

The company notes that new rootkit families are added to the program as they become known. Program use could not be easier. You download and start the program on a supported version of Windows to get started.

bitdefender bootkit removal tool screenshot

A click on start scan runs a scan on the system to detect any rootkit known by the software. The scan should not take longer than a couple of seconds before you are presented with notification that the removal process has been completed successfully.That's an irritating message on systems where no rootkit was detected on.

If a rootkit is found, you will be asked to restart the system now or later (with now being the best option) to clean the system from the infection.


Bitdefender's Rootkit Removal Tool is a portable program for Windows to detect and remove several known rootkits and rootkit families from a system. It does not support automatic updates so that it is recommended to check the product homepage before you run scans to make sure you are running the latest version of the application.

The company should consider changing the status notification on clean systems to avoid consumer confusion.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. X said on February 10, 2013 at 12:49 am

    You might want to try Malwarebytes Anti-Rootkit Beta available at

  2. rickxs said on February 8, 2013 at 12:31 am

    edit: I meant O/S [above] not C/S– sorry a typo

  3. Transcontinental said on February 7, 2013 at 11:50 pm

    Martin, what exactly do you mean by “The program is available for 32-bit and 64-bit editions of Windows and runs more or less on its own.” ?

    1. ilev said on February 8, 2013 at 7:14 am

      It is portable as well.

    2. Martin Brinkmann said on February 8, 2013 at 12:01 am

      That it does not provide you with many options.

      1. Transcontinental said on February 8, 2013 at 12:05 am

        I was imagining a non-install application that would set data in Registry and/or application data folders …

  4. rickxs said on February 7, 2013 at 11:00 pm

    loaded & ran OK, the 3sec scan seems more in-tune with a boot scan than a C/S drive

  5. ilev said on February 7, 2013 at 8:08 pm
    1. Martin Brinkmann said on February 7, 2013 at 8:48 pm

      Maybe they have used the core code of the bootkit app as the core for the rootkit application. Well, it is certainly strange.

      1. ilev said on February 7, 2013 at 8:54 pm

        Tested the app. It froze on “preparing”

  6. ilev said on February 7, 2013 at 7:47 pm

    The download links on Bitdefender’s site (and your screenshot) are for BootkitRemoval and not for Rootkit Remover.

    1. Martin Brinkmann said on February 7, 2013 at 8:01 pm

      This may be a spelling mistake.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.