Removing riot games rootkit

[VTurer]

Genius little brother downloaded Valorant, which uses a root kit, on the family computer after being told not to multiple times. Although I don’t know much about computers, I know enough not to willingly download a Chinese virus. I would appreciate it if you guys could give me simplified steps on how to 100% remove it. From what I understand it’s pretty persistent and have anti deleting mechanisms. Luckily it’s a new computer, so I’m willing to nuke the computer if necessary. Thank you for your help

 

edit: I know they Riot Games made an official guide on how to delete it, but I’m taking it with a grain of salt. 

[Mateyyy]

Didn't they make it easier to get rid of after receiving all that criticism? As in just removing their Vanguard anti-cheat from Programs and Features inside Windows.

[kirashi]

14 minutes ago, VTurer said:

Genius little brother downloaded Valorant, which uses a root kit, on the family computer after being told not to multiple times. Although I don’t know much about computers, I know enough not to willingly download a Chinese virus. I would appreciate it if you guys could give me simplified steps on how to 100% remove it. From what I understand it’s pretty persistent and have anti deleting mechanisms. Luckily it’s a new computer, so I’m willing to nuke the computer if necessary. Thank you for your help

 

They have an official uninstall guide on their website. Whether it leaves traces of the malware behind or not is questionable, so best to perform a clean Windows reinstall if you want to be certain it's removed.

https://support-valorant.riotgames.com/hc/en-us/articles/360044648213-Uninstalling-and-Disabling-Riot-Vanguard

[VTurer]

27 minutes ago, kirashi said:

They have an official uninstall guide on their website. Whether it leaves traces of the malware behind or not is questionable, so best to perform a clean Windows reinstall if you want to be certain it's removed.

https://support-valorant.riotgames.com/hc/en-us/articles/360044648213-Uninstalling-and-Disabling-Riot-Vanguard

Unfortunately that’s what I’ve been thinking as well.

[HM-2]

It's not really "malware" if we're being honest, but I can see why its undesirable and why you'd want to get rid of it.

 

The "rootkit" component is a kernel driver called vgk.sys located at C:\Program Files\Riot Vanguard\vgk.sys which persists via a Windows service which loads the vanguard application (in turn loading the kernel driver). My suggestion would be:

 

1) Follow the official uninstall guide
2) Restart your system

3) Check for the presence of that kernel driver in the folder path above (I'd also check C:\Windows\system32\drivers just in case)

 

If it's no longer there I would be fairly safe to say you've removed all traces of the application that are likely to have any impact, though without actually installing the thing in a VM, checking what it writes where, and what is removed when the uninstall is run, I can't confirm if anything else is left.