[Windows] Removes rootkits with UnHackMe

2013-09-30_001350Rootkits are a nasty piece of malware. They hide in places on your computer that are often hard to find and detect by traditional anti-virus or anti-malware protection. Indeed,sometimes it is necessary to download and use a specialized rootkit remover tool. UnHackMe is one such tool; let’s see if it is worth your time.

What is it and what does it do

Main Functionality

UnHackMe is primarily an anti-rootkit program that allows you to remove rootkits but, according to the developer, it can also detect and remove “trojans, backdoor programs, viruses, worms, adware, spyware, search redirecting software, unwanted, useless programs”.

Pros

  • Detects and removes rootkits
    • Although it primarily works with rootkits, the developer claims it can also remove trojans, backdoor programs, viruses, worms, adware, spyware, search redirecting software, unwanted, and useless programs
  • Allows you to scan for rootkits on Windows boot
  • Has a registry guard component that protects registry from changes
  • Can create a HijackThis-like log that you can send to others for troubleshooting
  • Has an active monitor that stays on in the background to provide protection similar to live/active protection provided by anti-virus software
  • Creates system restore point before removing/cleaning anything
  • Costs just $34.90 for lifetime updates, which is low if you consider how similar program ask for yearly payments

Cons

  • Is not a replacement for your anti-virus or anti-malware program; is not nearly as effective at removing non-rootkit malware (e.g. viruses, trojans, spyware, worms, adware, malware, etc.) as your anti-virus or anti-malware program
  • Overexaggerates the issues found on your computer, a bit too much like scareware
  • During scan, scans startup items with VirusTotal. This is typically a good thing but you aren’t told of this behavior beforehand nor do you have the option to opt-out; some people can not want to scan with VirusTotal, due to privacy concerns or paranoia.
  • Scanning requires you to sit there and click buttons to proceed to each next step — you cannot start a scan then walk away and come back to scan results
  • Shows “good” items in scan results, if you go to advanced view
  • Please take note there are reports of UnHackMe coming bundled with bloatware/crapware/malware but I did not run into any of these issues while testing the program

Discussion

UnHackMe started of as an anti-rootkit utilitiy that focused on finding and removing rootkits. In recent times, the developer has expanded the functionality of UnHackMe to include protection against trojans, backdoor programs, viruses, worms, adware, spyware, search redirecting software, unwanted, and useless programs but still, even today, it is primarily an anti-rootkit tool and works best when removing rootkits.

Anyone that knows about rootkits knows there is no one-size-fits-all removal method for all rootkits. So any anti-rootkit program that claims to be able to remove *all* rootkits is probably lying, and UnHackMe is no exception. So then the question is: which rootkits can UnHackMe remove? I did a bit of research and learned UnHackMe is able to remove a handful of known rootkits:

  • Sprotector.DLL
  • ZeroAccess rootkit
  • Morto Worm
  • Popureb.E rootkit
  • Zero Access rootkit
  • TDL4 rootkit
  • TDL3 rootkit
  • RunTime2 rootkit
  • Srizbi rootkit
  • Baidu rootkit
  • Spooldr rootkit
  • Haxdoor rootkit
  • Rustock.B rootkit
  • Rustock.A rootkit
  • AFX rootKit
  • Bagle rootkit
  • Braviax rootkit
  • Hacker Defender (hxdef) rootkit
  • Vanquish rootkit

So far so good, right? I thought so, too, until I actually used the program and ran into a scareware-like brick wall.

First of all, running a full scan with UnHackMe is very annoying because you can’t leave the scan unattended. You have to sit there and click to the next step after each scan until the scan is finished. (UnHackMe runs multiple separate scans one after another, during its full scan.) The only time you can walk away is once you hit the final scan by RegRun Reanimator. This I find to be very annoying.

Secondly, UnHackMan likes to overexaggerate what it finds. At the last scan, I got the following message:

2013-09-29_232455

Wow, really? My computer is infected with “a number of suspicious programs”? I’m “probably infected by a virus”? I had no idea, I better clean now! Or not.

As it turns out, I went to advanced view to see exactly what UnHackMe found. As it turns out, it found just two detections and both were (are) false positives. So much for being infected, eh? Oh, and to top it off, the advanced view listed “good” items, as well as detected malware, in the scan results. (Normal view doesn’t do this.) The developer does differentiate between “good” items and malware by color-coding detected malware in yellow or red but why are non-malware items shown in scan results in the first place? It is almost as if the developer wants to make it seem like you have more infections than you actually do.

Now, there are two redeeming qualities of UnHackMe which prevent it from being outright scareware:

  • If UnHackMe detects nothing suspicious or any form of malware, it does not tell you that you are infected — you only see the message shown in the above screenshot if UnHackMe finds something
  • If you click the Fix Problems button, you are prompted with each detected item one-by-one, provided a description of the detection, and given the ability to remove it or mark as false positive

However, the overexaggeration of scan results has put a very bad taste in my mouth. Not something I expect from a security program.

Conclusion and download link

UnHackMe is a mixed bag. It specializes in rootkit removal but also works on other types of malware, which is a good thing. It also does work to a limited extent, removing a handful of known rootkits (see full discussion above to see which ones). The issue I have with the program, however, is how it overexaggerates scan results and how it is unuser-friendly in the sense that you must sit there a scan to proceed to each next step. I’m not officially going to recommend UnHackMe because of these reasons but, at the same time, I’m not officially going to not recommend it either. Personally speaking, though, I won’t be letting this thing sit on my computer.

That being said, if you are looking for free rootkit removal, check out dotTech’s article on 13 free anti-rootkit tools for Windows. If you are looking for free anti-virus, anti-malware, etc. protection, check out dotTech’s review on best free anti-virus for Windows. If you want to create HijackThis-like logs that you can send to someone else for assistance, check out HijackThis or NOD32 SysInspector.

Price: $34.95

Version reviewed: 5.99, build 424

Supported OS: Windows 7/Vista/XP (32-bit and 64-bit)

Download size: 13.5

VirusTotal malware scan results:

Is it portable? No

UnHackMe homepage

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

5 comments

  1. Giovanni

    Also try these 2 FREE GEMS:

    http://www.softpedia.com/get/Antivirus/AVZ-Antiviral-Toolkit.shtml

    http://securityxploded.com/streamarmor.php

    The first one by Kaspersky is actually much more than a simple Antirootkit software (it took me weeks to handle the pletora of features offered to users) and honestly I cannot figure out why most geeks out there (including you, right?) are totally unaware of it.

    The second one is able to detect and remove the so called “Hidden Alternate Data Streams (ADS)”, which are often used by hackers to secretly store their Rootkit components in your system with no chance to be detected by any antimalware software out there.

    And of course don’t forget to add this superb FREE tool as best antirootkit software:

    http://www.oshiunhooker.com/index.php

    Enjoy!!