Created by Polski over at gmer.net, GMER is one of the better Anti-Rootkit programs that I have found and tested. One big reason this program made it onto our list, is its ability to repair code and/or remove rootkits. Many anti-rootkit programs that we tested would only detect rootkits, but would not give an option to remove. On the website this program offers randomized name downloads in case the rootkit has blocked GMER.exe.

At startup this program does a quick scan to detect any rootkit activity. This is similar to the quick scan that so many anti-malware programs have. When this is competed, you can do a full scan by clicking on the scan button on the right hand side of the window, or simply click the arrows to access other tools built into this program.

Or if you prefer the more manual approach just look under the processes, modules, or services tab which shows you everything that is running.

This program can and will generally ignore Windows' warnings about killing a process. In our testing of this program every single 3rd party process was shut down. And every single Windows process with the exception of System, system idle, and crss.exe were shutdown with no more than an "are you sure?". If you are fighting rootkits this is a program to have in your arsenal.

One great aspect of this program is the built in file deletion system that is capable of deleting a file while the program is running. **Note that this may on occasion crash explorer**

The ability to delete files that Windows has locked is invaluable when dealing with malware and rootkits. I hope that you will download and use this great program.

It scans for:

• hidden processes
• hidden threads
• hidden modules
• hidden services
• hidden files
• hidden Alternate Data Streams
• hidden registry keys
• drivers hooking SSDT
• drivers hooking IDT
• drivers hooking IRP calls
• inline hooks

Useful for:

• Finding and removing rootkits

Program works on:

• Windows Vista
• Windows XP
• Windows 2000
• Windows NT