It is possible to remove a rootkit infection from a Windows device through anti-malware applications such as Windows Defender Offline and Malwarebytes Anti-Rootkit Beta. To attempt to remove a rootkit through Windows Defender Offline, download the application from Microsoft's official website, and run the program after installation to either a CD, DVD or USB flash drive with at least 250 megabytes of free space.
Once initiated, Windows Defender Offline offers instructions for the next steps. This involves a restart of the computer and a subsequent malware scan. Unless no other options are available, use a non-infected computer to download and install Windows Defender Offline to a removable medium, as some malicious programs can sabotage the installation of anti-malware software. Additionally, be sure to download the correct version of Windows Defender Offline, which is available in 32-bit and 64-bit variants.
If Windows Defender Offline is unsuccessful in removing the rootkit infection, download and install Malwarebytes Anti-Rootkit. Upon opening the program, the Malwarebytes Anti-Rootkit wizard updates and begins a scan. Click on the Cleanup option to remove any detected threats. Repeat this process to ensure no infections remain.
If clean, determine if Internet access, Windows Update and Windows Firewall are fully functional. Within the Plugins folder, click on Malwarebytes Anti-Rootkit's "fixdamage" tool to repair damage done by the infection. Reboot again, and perform the previous checks.
In severe or particularly stubborn cases, the best option may be to reinstall the Windows operating system and all security software. This is the most thorough method of eliminating malware infections but comes with the downside of losing data that is not backed up.