SpyDLLRemover : Detect & Delete Spywares From The System

My new tool, SpyDLLRemover is released on the RootkitAnalytics website. This tool helps in detecting and deleting userland based rootkits which hide the processes and injected modules to prevent their detection from antirootkit softwares.

Here is the snapshot of SpyDLLRemover detecting the hidden process belonging to HackerDefender Rootkit.

Here is another snapshot of SpyDLLRemover detecting the hidden modules/DLLs loaded by Vanquish Rootkit.

Here is the complete feature list of SpyDLLRemover


  • Detect hidden userland rootkit processes using multiple techniques such as
  • – Direct NT System Call Implementation
    – Process ID Bruteforce Method (PIDB) as first used by BlackLight
    – CSRSS Process Handle Enumeration Method

  • Detect the hidden DLL/module within process by using loaded list traversal technique.
  • It uses the direct system calls to perform process related operations which defeats any attempt to hide by userland rootkits.
  • Separate out the modules/DLLs based on the various threat levels such as hidden dll, BHO plugin dll, and system dll, AppInit DLL etc that makes it effective to detect malicious modules.
  • DLLs are marked with different color based on threat level, which makes it easy and quick to eliminate the spyware DLLs.
  • It presents state of art technique for Removing the DLL from Remote Process based on DLL Injection method to completely unload the DLL in just one click.
  • Terminate any suspicious or hidden process directly using NT system calls.
  • It has integrated online verification mechanism through ProcessLibrary.com to validate any suspcious DLLs.
  • This makes it easy to differentiate between the spyware & legitimate DLLs.

  • Displays detailed information about all running processes on the system
  • – Process name
    – Process Id
    – Company Name
    – Process Description
    – Memory Utilization
    – Process Binary Path
    – Process File Size
    – File Install Date

  • Shows detailed information about each loaded DLLs within process to make it easier for manual analysis.
  • – DLL Name
    – Company Name
    – Description
    – Comment about type of DLL (System, Hidden, Suspicious)
    – Load/reference count of DLL
    – Loading Type (static/dynamic)
    – DLL File Size
    – File Install Date
    – Base Address of DLL
    – Entry point of DLL
    – Full DLL File Path

  • It is standalone tool which can be executed directly as it does not require any installation.


For more information and downloading SpyDLLRemover please visit the RootkitAnalytics website.


Similar posts
  • Computer Security Tips: Stay Safe Onl... In recent times cyber security has raised the level of awareness and public consciousness as never before. Both large corporations and big organizations try to take care of online security as much as they can. That’s why cyber criminals and hackers have focused more on smaller companies and single entrepreneurs. This awful tendency leads to [...]
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]

Leave a Reply