Sophos Anti-Rootkit

• 1). Download the Sophos Anti-Rootkit program (see Resources for link). Double-click the downloaded file to launch the installation program.
  
  
• 2). Click the "Accept" button, then click "Install." Click "Yes" to start the program.
  
  
• 3). Click the "Start Scan" button. Let the scan run until complete.
  
  
• 4). Click on each file that was marked as a possible rootkit to display information and the recommendation from the program on whether the file is legitimate. Do not delete files that are associated with software that you have installed.
  
  
• 5). Put a check in the box next to the rootkit files that you want to remove, then click "Clean up checked files." Click "OK" and then choose "Restart Now."
  
  

GMER

• 1). Download the GMER toolkit detection/removal program (see Resources for link). Rename the file "test.exe" and save it to your desktop. Renaming the file prevents malware from recognizing it, stopping it from running.
  
  
• 2). Double-click the "test.exe" file on your desktop to run the program. GMER detects all running programs and processes, while displaying the names of any detected rootkits in red.
  
  
• 3). Right-click on the red file names and select "Delete the service" or "Delete file" to permanently remove the rootkit file. If the service cannot be deleted, choose the option to disable the service. Restart your computer and run the GMER program again. Right-click and delete any files or services that you were unable to delete before restarting.