Type to search

How to Remove Rootkit Virus From Windows 7

Malware is a piece of code or program that can potentially harm a computer system. There are various types of malware that can infect your PC. Rootkit virus is one of the most dangerous types of malware among them.

What is a Rootkit Virus? 

A Rootkit virus is designed to gain the highest level of authority in a computer system. Linux and Unix users have termed this level of access as “root” access. 

Root access can alter and affect the hardware components of a computer. This access is usually permanent and hidden from the users. 

Normally, a Rootkit virus consists of a list of programs. The attacker will actively try to disguise and hide these programs in the system. 

These programs can include – 

  • Packet Sniffers – Used to track internet traffic and activity 
  • DDoS Program – Can deny the users to access a certain service by making it unavailable or corrupted 
  • Backdoor Program – Can provide permanent system access to the attacker
  • Log Clearing Program – Can wipe all the system logs to erase tracks 
  • Other Programs – Usually consist of harmful exploits 

Rootkit viruses are dangerous because they can easily disguise themselves as important system files. This is why it is difficult to remove it from the system. 

How does Rootkit Virus Affect your System? 

The main aim of an attacker is to gain “root” access to the infected computer. This will allow the attacker to control computer functions and steal sensitive information. 

A Rootkit virus can potentially slow down the computer and reduce its performance. 

In some cases, users may not be able to access Control Panel, Command Prompt, Task Manager and Registry Editor. As is the case, these programs can be used to remove the Rootkit virus

Even your browser may be infected over time. It can automatically lead you to harmful websites or install unwanted applications in your system. 

How to Remove Rootkit Virus from Windows 7? 

It is extremely tricky to completely remove a Rootkit virus from Windows 7 or any other system. The remnants of the virus will always be there in your system. 

The type of Rootkit virus will also be an important factor. Some viruses can attach themselves to the BIOS settings or the computer’s firmware. This can make the virus very persistent in the system. 

Normally, most experts recommend a complete system format and reinstallation of the Windows OS. Here is a list of other possible solutions that you can try to remove a Rootkit virus

Solution 1 – Run a Full System Scan with Antivirus 

Firstly, you should not use free antivirus in your system. They will temporarily fix the problem but not permanently. 

This is why you should always buy the full version of antivirus software. Perform a full system scan of your computer using that program. 

The antivirus program will automatically detect and terminate the Rootkit virus from your computer. 

Solution 2 – Run a Full System Scan with Windows Defender 

Windows 7 has an in-built security scanner that you can use. Follow these instructions to use the Windows Defender Offline Scan. 

  1. Click on the Start button. Type ‘spyware’ in the empty search box. 
  2. Select the “Scan for Spyware” option. The Windows Defender will pop-up. 
  3. It will prompt you to activate its services if you have not previously activated it. Simply click Yes. 
  4. Next, follow the instructions and run a system scan. 
  5. It will check for possible infections and remove them automatically. 

Solution 3 – Manually Remove Rootkit Virus From Windows 7 

There is a lengthy process using which you can remove Rootkit virus manually from your computer. Oftentimes, the virus can escape from an antivirus or Windows Defender scan. 

In such cases, you can follow the given steps to manually terminate it yourself. 

  1. Press the Windows logo button and the alphabet “R” simultaneously. 
  2. Type ‘msconfig’ in the dialogue box that appears. 
  3. Head over to the Boot tab and check on ‘Boot log’. 
  4. Restart the PC. 
  5. After restarting, navigate to your Windows folder. Type ‘ntbtlog’ in the top-right search bar. 
  6. Search for the following file names. These are the most common filenames for Rootkit virus. You can find the complete updated list on the internet. 
  • win32k.sys
  • tdss
  • kungsf
  • msqp
  • msivx
  • skynet
  1. Note down the filenames in a notepad. Move the path of these files to C:WINDOWS\system32\drivers\BadRootkit.sys. 
  2. Click on the Start button again and type ‘cmd’. Open it to Run as Administrator by right-clicking on it. 
  3. Type ‘cacls C:WINDOWS\system32\drivers\BadRootkit.SYS /d everyone’ without the quotes and press enter. 
  4.  Restart your system again. 
  5. Search for the mentioned files in the following folders and delete them – 
  • C:\Windows 
  • C:\Windows\system32
  • C:\Windows\system32\drivers
  • Clear the temp folder and restart your PC again. 

Solution 4 – Clean Reinstall of Windows OS 

You might have to reinstall the Windows OS if you’re unluckily infected with a more dangerous form of Rootkit virus. You can do this by creating an Installation Media from a working computer. 

Choose “Clean Installation” when you’re prompted during the installation. This will erase the disk extensively before reinstalling Windows. 

How to Prevent Rootkit Virus from Infecting Windows 7? 

After learning how to remove a Rootkit virus from Windows 7, you should ensure that you don’t get infected again. Follow this small list to make your system secure for the future. 

  • Turn on Firewall 
  • Use licensed Antivirus software
  • Download software only from their official websites
  • Update your Windows OS regularly 
  • Update your drivers 


You should be able to remove the Rootkit virus from your system after following the above solutions. You can state your problems in the comments section below if you’re still facing problems in getting rid of them. 

Running a system scan and reinstalling Windows OS should be your first priority. In addition, you can choose to manually remove Rootkit virus if you don’t want to lose your files and folders.