OSHI Unhooker is a tool which aims to help you remove rootkits by clearing the hooks they use to avoid detection. The authors say that "on 64-bit systems it is impossible to clear kernel hooks after Windows launched due to Patchguard system", but you can still view whatever OSHI Unhooker detects.
The program is very simple to use, at least in theory. There's no installation. You launch it, and click a button to begin a scan. OSHI Unhooker displays a list of hooks and their relevant functions, and you can select and remove whatever you like with a click.
The problem, of course, is that many entirely legitimate processes make use of kernel hooks, and most users will find it very difficult to decide whether anything they see is suspicious, or not. Which is a problem, when making a mistake could crash your entire system.
What's more, even if you do have a rootkit installed, and it's detected by the program, and you spot that, and you clear the relevant hooks - and nothing else - the rootkit will still be around, and if you reboot then it'll launch again. All OSHI Unhooker can do is disable (perhaps) the malware temporarily, and you'll still need some other antivirus tool to remove it completely.
This doesn't mean the program has no value at all, of course. If you're a Windows expert, and you understand how kernel hooks might be used by malware, then OSHI Unhooker provides a simple way to view them. It could help point you to potentially dubious processes which you can then investigate further. And it's portable, so very convenient to use.
For the less experienced, though, OSHI Unhooker is likely to do more harm than good. If you think you're infected by a rootkit or something similar, then your best approach is still to find an antivirus tool which will both find and remove the malware for you.
- Added! Trampoline detection.
- Improved! Hook detection.
It's definitely not for the average PC user, but if you're a Windows expert then OSHI Unhooker will provide a quick and easy way to view and clear kernel hooks