Using the Trend Micro Rootkit Buster

Solution ID Last Updated
1034393 Nov. 20, 2014 10:46 PM (PST)

Product / Version Platform
Control Manager - 5.0;InterScan Messaging Hosted Security - 1.0, InterScan Messaging Hosted Security - 2.0, InterScan Messaging Hosted Security - Advanced, InterScan Messaging Hosted Security - Standard;OfficeScan - 10.0, OfficeScan - 10.5, OfficeScan - 10.6;OfficeScan - 11.0;Worry-Free Business Security Services - 5.3;Worry-Free Business Security Services for Dell - 5.3;Worry-Free Business Security Standard/Advanced - 6.0, Worry-Free Business Security Standard/Advanced - 7.0, Worry-Free Business Security Standard/Advanced - 8.0;Worry-Free Business Security Standard/Advanced - 9.0;
Macintosh - Leopard, Lion, Snow Leopard, Windows - 2000 Professional, Windows - 2000 Server, Windows - 2003 Compute Cluster Server, Windows - 2003 Datacenter Server, Windows - 2003 Enterprise Server, Windows - 2003 Home Server, Windows - 2003 Small Business Server, Windows - 2003 Standard Server Edition, Windows - 2003 Standard Server Edition, Windows - 2003 Storage Server, Windows - 2003 Web Server Edition, Windows - 2008 Enterprise Server, Windows - 2008 Standard Server Edition, Windows - XP Home, Windows - XP Professional, Windows - Vista 32-bit, Windows - Vista 64-bit, Windows - 7 32-bit, Windows - 7 64-bit, Windows - 8 32-bit, Windows - 8 64-bit, Windows - 2012 Standard, Windows - 2012 Standard R2, Windows - 8.1 32-bit, Windows - 8.1 64-bit

Problem Description

Rootkit, a malicious software, manipulates the components of Microsoft Windows operating system to conceal how it harms computer. It hides drivers, processes, and registry entries from tools that use common system application programming interfaces (APIs).
Download and run the Trend Micro Rootkit Buster to scan hidden files, registry entries, processes, drivers, services, ports, and master boot record (MBR) to identify and remove rootkits.


[ Expand All ]


Features of Rootkit Buster

  • User mode Rootkit detection
  • Kernel mode Rootkit detection
  • Hidden files detection
  • Hidden registry entries detection
  • Hidden processes detection
  • Hidden drivers detection
  • Hooked system service detection
  • Hidden files cleaning capability
  • Hidden registry entries cleaning capability
  • Detects the latest FU2 Rootkit
  • Support hidden MBR cleanup for all disk type
  • Support the detection and cleanup of RTKT_NECURS
  • Detection for malicious MBR modification
  • Support Windows 8.1
  • Detection for system directory permission was removed
  • Detection for malicious MBR modification
  • Enhance MBR and VBR detection and cleanup
  • Fix some BSOD and false positive issues


Download and run the Rootkit Buster

To use the Rootkit Buster:
  1. Download the Rootkit Buster file that corresponds to your system type and save the file on your desktop. You may check first your version of Windows operating system when you are not sure with your system type.
  2. Do either of the following:
    • For Windows XP: Double-click RootkitBuster.exe to run the file.
    • For Windows Vista, 7 and 8: Right-click RootkitBuster.exe, then select Run as administrator. The following error message appears when you do not run the installer with administrator privileges:
      Tmcomm service is installed but cannot be started
  3. Read the license agreement.
  4. Select I accept the terms of the license agreement, then click Next.
    License Agreement
  5. Click Scan Now.
    Start Scan
    Wait for the program to finish scanning your computer until you see the result of the scan.
    Scan in progress
  6. Tick the detected threats, then click Fix Now.
    Resolve threats
    Wait for the Trend Micro Rootkit Buster to fix the threats.
    Removing threats
  7. Click Restart Now to finish the cleanup.
    Restart Now

Rate this Solution
Did this article help you?

Please provide your comments to help us improve this solution.

  *This form is an automated system. General questions, technical, sales and product-related issues submitted through this form will not be answered.

Connect with us on