Raymond.CC Blog

Bitdefender Bootkit Removal Tool

raymond

·

Rootkits are probably one of the most powerful malware because of its capability to hide its presence from normal methods of detection. You won’t see the process listed in Windows Task Manager, nor you can see the file from Windows Explorer even if you set to show protected operating system files from Folder Options. This can be achieved through installing and loading kernel-mode drivers which allows the malware to run with higher privileges. The good thing about running 64-bit Windows today is you can only install digitally signed drivers and obviously drivers used by rootkits are not signed unless the signature itself are stolen. Remember Stuxnet which uses stolen JMicron and Realtek certificates to allow installation on x64 machines.

Rootkits are indeed scary and if you think you’ll be safe with a 64-bit if Windows, then you’re wrong. Another type of malware called Bootkit which installs itself in Master Boot Record area to patch the kernel digital signature validation check, allowing unauthorized kernel-mode rootkit to load. So here you go, a rootkit that is able to infect both 32-bit and 64-bit computer.


Bitdefender has recently released a free and portable tool that is meant to detect and remove bootkit from infected computers. Currently it has been tested against Alipop, Fengd, Fips, Locker, Mayachok, Mebratix, Mebroot, Mybios, Pihar, Ramnit, Sst, TDSS, Whistler, Yoddos and Zegost. It is very easy to use. All you need to do is run the correct version of Bitdefender Bootkit Removal Tool, and click the Start Scan button which takes only 1-2 seconds to complete the scan.

I infected my test computer running Windows 7 32-bit with TDSS rootkit and then scan with Bitdefender Bootkit Removal Tool. Within seconds this tool detected a Rootkit.MBR.TDSS.B infection on my C:\ drive.
Bitdefender Bootkit Removal Tool

Then it prompts me to restart to complete the disinfection process.
Bootkit Removal Restart

After restart, I ran MBRCheck and it detected Windows 7 MBR code which means TDSS rootkit has been successfully disinfected by the Bitdefender Bootkit Removal Tool. You will know that you got infected by a bootkit so it is good that you run a scan with this Bitdefender Bootkit Removal Tool once in a while since it is free and portable that don’t require installation.

Download the 32-bit version of the Bootkit Removal Tool
Download the 64-bit version of the Bootkit Removal Tool