Removal of Malicious Processes with Sophos Anti RootKit

Detect and remove malicious processes with the free Sophos Anti-rootkit, and malicious process removal software. Sophos Anti-Rootkit helps in detecting and clearing rootkits that are running on the PC.

A rootkit is a software system that consists of one or more programs designed to hide the fact that a system has been compromised.A rootkit is often used to replace important system executables, which may then be used to hide processes and files the attacker has installed, along with the presence of the rootkit. Rootkits are specially designed to evade standard operating system security scan and any other anti-virus or anti-spyware scans.

A successfully-installed rootkit allows the attackers to take and keep full control of the “rooted” system and maintain access to it as system administrators. Most rootkits typically hide files, processes, network connections, blocks of memory, or Windows Registry entries from other programs used by system administrators to detect such specially privileged accesses to computer system resources. However, a rootkit may masquerade as or be intertwined with other files, programs, or libraries with other purposes. While the utilities bundled with a rootkit may be maliciously intended, not every rootkit is malicious. Rootkits may be used for both productive and destructive purposes.

Sophos Anti-Rootkit is a tool designed to provide an extra layer of protection, by safely and reliably detecting and removing any rootkit that might already have hidden itself on your system.

Sophos Anti-Rootkit has a graphical user interface (GUI) and a command line interface (CLI), to easily detect and remove any rootkits on your computer.Here we detail the steps to scan and cleanup rootkits using GUI.

How to scan for Rootkits

To scan the computer for rootkits, Click Start > Programs > Sophos > Sophos Anti-Rootkit > Sophos Anti-Rootkit.

  • 1. Select the check boxes next to the areas of your computer that you want to scan.
  • 2. Select the “Extensive scan” check box to scan every file on your computer during the Local hard drives scan instead of just the hidden ones. Selecting this option will potentially find more rootkits, but the scan will take longer to complete. Depending on your computer, the time taken for this may be over an hour.
  • 3. Click “Start scan” or press Enter.

When the scan is complete, a dialog box is displayed showing whether Sophos Anti-Rootkit has found any suspicious files. The names of suspicious files are displayed in the results list in the upper panel of the Sophos Anti-Rootkit window. The results list may also display registry keys or values. These items cannot be marked for removal.However, after you have cleaned up any rootkits, these items will disappear from the results list.

How to clean up Rootkits

Click the name of a suspicious file or process to display information about it. The information displayed includes whether the item is recommended for removal:

  • Removable:No – These files cannot be marked for removal.
  • Removable:Yes (clean up recommended) – These files are automatically marked for removal by default.Sophos recommends that you remove them.
  • Removable: Yes (but clean up not recommended for this file) – These files are not automatically marked for removal. Sophos does not recognize these files and recommends that you do not remove them.

Click Clean up checked items.When the dialog box appears, click Yes.The checked items are marked for removal and will be cleaned up when you restart your computer.

Once you have restarted your computer, the Results of cleanup operation window displays the files that were originally selected for removal and the action taken.

  • To empty the contents of the panel, click Empty list.
  • To return to the Scan for hidden objects dialog box so that you can rescan your computer,click Continue.

Rootkits are often used to hide other malware. It is recommended to do the following after cleanup:

  • Rescan your computer with Sophos Anti-Rootkit to make sure that all unauthorized files have been removed.
  • Confirm that your computer is totally clean by running anti-virus software such as Sophos Anti-Virus.

Free download Sophos Anti RootKit from here and remove malicious processes.

Leave a Reply

Your email address will not be published. Required fields are marked *