How to Remove a Rootkit

Last Updated: April 15, 2022

Removing rootkits can be difficult, as they often bury themselves deep into the operating system. If you're worried you have a rootkit, follow our guide for locating and removing it from your Windows PC or Mac.

Steps

1
Know the signs of a rootkit. Rootkits are hard to detect on Windows as they often disguise themselves as drivers or as critical files. Some signs that you may have a rootkit include:
- Your device is running slow, but your antivirus software is not detecting anything.
- You are unable to copy or find files you know exist on your machine (this is commonly used as DRM to prevent the copying or redistribution of music, movies, or video games).
- Your device obviously has malware on it, but your antivirus software does not detect anything.
- Your device takes a long time to start up.
- Your hardware has stopped working correctly.
- Other devices (like your router) are reporting that your device is using it even if you are not actively using them.

Method 1

Method 1 of 3:

On Windows

1
Run a Microsoft Defender scan. To do so, open Windows Security, go to Virus & threat protection, and choose "Quick scan". You can also run a full scan.
- Microsoft Defender will inform you if you need to run Microsoft Defender Offline.
2
Start an offline scan. From the same screen as Virus & threat protection, choose "scan options" and choose "Microsoft Defender Offline scan". Your PC will restart.
3
Check the scan results after restart. If your PC detected rootkits, it will inform you that it was able to remove them.
4
Reinstall Windows. If a rootkit has caused a deep infection, then the only way to remove the rootkit is to reinstall Windows. Do this from an external media device instead of using the built-in Windows installer.
5
Have your hardware replaced. Some rootkits are able to infect the BIOS, which will require a repair to fix. If you still have a rootkit after a repair, you may need to get a new PC.

Method 2

Method 2 of 3:

On Mac

1
Update your Mac. Mac updates do not just add new features; they also remove malware, including rootkits, and fix security holes. Apple has numerous built-in security features to protect from malware, including rootkits.
2
Accept prompts to move malware to the Trash. If your Mac detects a malicious program, it will ask you to move it to the Trash. That way, malware, including rootkits, cannot cause problems on your machine.
3
Reinstall macOS. Unfortunately, there are no known rootkit detectors on macOS. If you still suspect a rootkit is on your device, you should reinstall macOS. Doing so removes most apps and any possible rootkits on your machine.
4
Have your hardware replaced. Some rootkits are able to infect the BIOS, which will require a repair to fix. If you still have a rootkit after a repair, you may need to get a new Mac.

Method 3

Method 3 of 3:

On iOS

1
Back up your data first. Unfortunately, there are no known rootkit detectors on iPhone. Rootkits can be difficult to remove and they often manifest themselves as developer profiles or hide themselves in jailbreaks.
2
Enter DFU mode. To do so, turn off your phone while it is connected to your computer. On iPhone 8 and later, press the volume up then volume down then power keys and hold the power button for three seconds. Then hold the power and volume down buttons together for ten seconds. Then release the power button and continue holding the volume down button. This will enter recovery mode.
- On iPhone 7, you do not have to press the volume up and volume down keys at the beginning.
- On iPhone 6s and earlier, use the home button instead.
3
Click on Restore iPhone/iPad... in iTunes or in Finder. This will erase all data but also remove any jailbreaks and/or rootkits present on your iOS device. You can recover your downloaded apps using iCloud or iTunes backup.

Community Q&A

Question

Isn't Kaspersky spyware?

Achaius Dimalibot

Community Answer

It's not spyware. It is an antivirus software, and it also works like Windows Defender.