Rootkit Unhooker

Overview

Rootkit Unhooker (RKU) was an advanced rootkit detection and removal tool developed by EP_X0FF. It was designed to analyze system memory, detect hidden processes, and remove stealth malware that operated at the kernel level. Rootkit Unhooker was widely used by security researchers for deep system analysis and identifying sophisticated threats.

Features

Detects hidden processes, hooks, and kernel-mode rootkits.
Scans for SSDT, IDT, and inline hook modifications.
Provides advanced system diagnostics for security professionals.
Capable of removing certain detected rootkits.
Portable and does not require installation.

Compatibility

Rootkit Unhooker was compatible with:

Windows XP
Windows Vista
Windows 7

The tool has been discontinued and is not effective against modern rootkits due to advancements in malware techniques and security measures in newer Windows versions.

Usage

Download Rootkit Unhooker from a trusted security resource.
Run the executable as an administrator (no installation required).
Perform a system scan to detect hidden processes and hooks.
Review the scan results for suspicious activity.
Remove detected rootkits or seek expert guidance before making changes.

Pros & Cons

Pros

✔ Powerful rootkit detection capabilities.
✔ Provides detailed system analysis.
✔ Portable and does not require installation.

Cons

✘ Discontinued and no longer updated.
✘ Requires advanced knowledge to interpret results.
✘ Not effective against modern rootkits.

Alternative Software

GMER – Popular rootkit detection and removal tool.
TDSSKiller – Rootkit removal tool from Kaspersky.
Malwarebytes Anti-Rootkit – Free tool for detecting and removing rootkits.

Developer

Author: EP_X0FF
Status: Discontinued (No longer maintained)

External Links

(No official website available)
May be found on archived security forums (use caution when downloading).