McAfee Rootkit Remover

Today I downloaded the McAfee Rootkit Remover tool to give it a try. The tool is written in the McAfee website as RootkitRemover and can be download for free. This is a free anti-rootkit scanner tool.

McAfee Rootkit Remover
The output of McAfee Rootkit Remover | Tool credits and (c) Copyright to McAfee.

The tool can run on the Windows operating system, I test it on a Windows 10 environment. The tool output can be seen in the above image.

McAfee Rootkit Remover Features:

According to McAfee website, the tool can find rootkits from the following rootkits families:

ZeroAccess family:

ZeroAccess is a malware that targets the Windows OS family. In general ZeroAccess was using rootkit technique to hide in the OS, while downloading more malware to the machine.

Necurs family:

Necurs is a kernel driver that can be used as an add-on to add them rootkits powers. The option to hide on the operation system. It also says that Necurs kernel-based rootkit was in use with the Gameover Zeus botnet for defending it from being caught by security tools and the OS.

TDSS family:

TDSS also know as TDL3, mostly known as an add-on for malware writers. I t can give hiding power to the malware including the following options:

  • Download and run Portable Executable (PE) files from the internet.
  • Show all kinds of advertisements on your device.
  • Disable application from running on the device.
  • Replacing device drivers on the system with malicious code.

There are future plans to add to the McAfee rootkit remover tool option to detect more families of rootkits.

Running the tool:

This tool is a Windows exe file. You can direct download it from the internet and run it on your local device.

I opened a command line as administrator and run the tool, waited some time till it returns the results for my computer. The tool also contain a command line parameters that you can use. I try to run it with the /? parameter and it return the following:

McAfee Rootkit Remover Parameters
McAfee Rootkit Remover Parameters | Tool credits and (c) Copyright to McAfee.

The tool parameters: 

Either use no arguments or pass one of the following arguments:
/scanonly – perform scan only without cleaning
/noupdate – do not check for update on startup
/reboot – restarts machine after successful cleaning
/log <folder path> – writes log file to specified directory

In conclusion:

The McAfee rootkit remover tool is another great asset to your security tools arsenal. It is free, a standalone file that you can use in parallel to other software. It developed from a strong reputable company in the antivirus and cybersecurity field. So, why not give it a try.


Leave a Reply

Your email address will not be published.