Clean up rootkits

Sophos Anti-Rootki

Clean up rootkits

The names of suspicious files are displayed in the results list in the upper panel of the Sophos Anti-Rootkit window.

The results list may also display registry keys or values. These items cannot be marked for removal. However, after you have cleaned up any rootkits, these items will disappear from the results list.

To clean up rootkits:

  1. Click the name of a suspicious file or process to display information about it. The information displayed includes whether the item is recommended for removal:
    Option Description
    Removable: No These files cannot be marked for removal.
    Removable: Yes (clean up recommended)

    These files are automatically marked for removal by default.

    Sophos recommends that you remove them.

    Removable: Yes (but clean up not recommended for this file)

    These files are not automatically marked for removal.

    Sophos does not recognize these files and recommends that you do not remove them.

    If you are unsure what to do about some of these files, follow the instructions in Technical Support to send the log and archive files to Sophos for further analysis.

    The information displayed may also tell you whether there is a description of the file. To view the description of the file, go to the Sophos website at, type the name of the file in the Search box at the top of the home page, and then click the Search button.

  2. Click Clean up checked items. When the dialog box appears, click Yes.

    The checked items are marked for removal and will be cleaned up when you restart your computer.

  3. When the dialog box appears, click Restart now or Restart later.