A dozen tools for removing almost any malware

Topic

New Reply

	TOP STORY A dozen tools for removing almost any malware
	By Fred Langa Need to get a system clean of malware and/or verify that it’s completely malware-free? Use one or more of these free tools to clean up even the worst malware infections — and keep PCs clean.

---

The full text of this column is posted at windowssecrets.com/top-story/a-dozen-tools-for-removing-almost-any-malware (paid content, opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

Decided it wouldn’t hurt to check my system more thoroughly so was working my way down the list.
Stinger on a Quick Scan deleted SkyDrive with no warning and no way to replace it.
Not impressed.
Fortunately I still run Comodo Time Machine and could revert to this mornings startup and get it back.

Reply | Quote

I was surprised not to see Hitman Pro. It is a free tool which scans using MULTIPLE AV databases from several respected companies, so the user is not left to the hit and miss approach of just using one AV database which may detect 90-99% of malware but cannot detect the rest. If malware is found then a paid version is required to remove it, or just find the file yourself and remove it. It’s saved me a couple of times. I run it automatically every evening and it just takes a few minutes to check everything. I also use Malwarebytes weekly so that hopefully all my bases are covered. These on-demand tools are in addition to Comodo AV in realtime and from experience I now never run Malwarebytes or any other tool in realtime in addition to the main one, whichever one it is, tried them all.

Reply | Quote

I’m a Mac owner and user, but still have a lifetime subscription to WS, mostly for the IT security tips and warnings. My home Mac seems to be just fine, but an occasional check (and if needed, clean) would surely be sensible. Can you recommend any such tools for the Mac?

Reply | Quote

I’m a Mac owner and user, but still have a lifetime subscription to WS, mostly for the IT security tips and warnings. My home Mac seems to be just fine, but an occasional check (and if needed, clean) would surely be sensible. Can you recommend any such tools for the Mac?

http://www.pcmag.com/article2/0,2817,2369643,00.asp
free apps
http://arstechnica.com/apple/2012/05/hands-on-with-five-antivirus-apps-for-the-mac/
paid or free apps.
These should get you started. PC Mag and Ars Technica are well-respected publications, and both stories are less than a year old.

Please note that none of these Mac security products offers offline rescue disks or on-demand security scanners. In fact, I don’t know of any Mac rescue CDs, as the Mac OS is not available in a pre-boot environment.

On the other hand, I’ve never read of a widespread Mac rootkit or bootkit in the wild.

-- rc primak

Reply | Quote

A word of caution about using rescue CDs. We recently had a Windows 7 system in our shop and used A Kaspersky rescue CD (about a year old version) to scan it. It found a variant of the TDSS rootkit. After allowing the rescue CD to remove it, the system would no longer boot. We had to rebuild the boot records with bootrec. A better way to check for and remove rootkits is to run TDSSKiller (Kaspersky) and ASWMBR (Avast) from within Windows. ASWMBR can also do a full AV/Malware scan if you allow it to download the AV signatures.

Reply | Quote

A word of caution about using rescue CDs. We recently had a Windows 7 system in our shop and used A Kaspersky rescue CD (about a year old version) to scan it. It found a variant of the TDSS rootkit. After allowing the rescue CD to remove it, the system would no longer boot. We had to rebuild the boot records with bootrec. A better way to check for and remove rootkits is to run TDSSKiller (Kaspersky) and ASWMBR (Avast) from within Windows. ASWMBR can also do a full AV/Malware scan if you allow it to download the AV signatures.

A good reminder to NEVER, NEVER use an old tool like this. It will almost ALWAYS be a a waste of time.
If you need to use “repair” software of any kind ALWAYS, ALWAYS get the latest version.

Reply | Quote

One more tool to add to the list is the Vipre Rescue Download. [ See at http://live.vipreantivirus.com/ ] It takes abount an hour or more to run on most systems but is especially helpful for systems where you can hardly run tools on. Biggest drawback is that the current version should be downloaded at the time needed since the built in definitions/patterns are updated daily.

Reply | Quote

We’ve been using FixMeStick at our office. It’s bootable, which means we don’t have to create a rescue disk (often a pain in the tush). Even a rank novice can boot it up as a USB. It uses three different engines: Vipre, Sophos, and Kaspersky. It could not be simpler to operate. And their tech support has been excellent.

Each of our techs carry a FixMeStick since Symantec EP works so poorly at detecting and cleaning issues on our workstations. (We did not choose SEP–corporate IT did.)

Reply | Quote

The link for Windows Defender Offline in the Permalink web page has a minor problem and doesn’t work right now. The link contains the period at the end of the sentence.

I have used various versions of these at times, sometimes confirming an infection sometimes confirming that the machine had been cleaned by the AV software installed. Of the tools listed I have used Stinger, Malwarebytes’ Antimalware, Spybot Search and Destroy, Trend Micro’s Housecall and Eset’s online scanner. I have also found the following useful at various times: Prevx CSI, Bitdefender Online Scanner, F-Secure Online Scanner, Kaspersky Online Scanner, Panda Security Online Scanner, Jotti’s malware scan and VirusTotal.

Reply | Quote

Hitman Pro works well, but I don’t like having to pay for removal. That said, I’ve never had to pay Hitman Pro for removal, as it never finds anything but tracking cookies, which are easy to clean.

Super Antispyware‘s portable (technician) version also deserve mention.

-- rc primak

Reply | Quote

Hitman Pro works well, but I don’t like having to pay for removal. That said, I’ve never had to pay Hitman Pro for removal, as it never finds anything but tracking cookies, which are easy to clean.

Super Antispyware‘s portable (technician) version also deserves mention.

-- rc primak

Reply | Quote

Hitman Pro is indeed an excellent tool as is Super Antispyware. When I used Hitman Pro in July, 2013, it let let me use the trial version once, then it wanted me to purchase it.

The excellent articles in WS have some good alternatives. There’s also an article in Major Geeks on alternative scans at
http://forums.majorgeeks.com/showthread/?t=80343

These have enabled me to clean malware from several computers.

Reply | Quote

Great article and a good summary of top tools, Fred. And I agree with mentioning there are many more tools. But I’ve learned the hard way to use name brand established tools, especially for anything that will alter your system. I’ve seen a lot of messes created by over-zealous or clumsy software. A friend has a laptop where all of the file associations were broken by a free utility, for example. The way to reestablish associations is broken too. It’s an interesting exercise to start an executable. Or the tool removes something infected but doesn’t replace the key file the infection had replaced, breaking things. Or as another here mentioned, they find the problem but then want you to pay to fix it, often highlighting cookies and such as dangerous.

I used the Kaspersky bootable to fix a nasty infection with dozens of viruses and a blocked interface. Worked very well. My only complaint was that the ISO was a day old but it took AGES to update before it would run.

The ESET online scanner is also very good as mentioned but now implies you can only use it once. Didn’t explore it enough to find out if a customer could bypass that.

Reply | Quote

I clean a lot systems for un-advanced users and have found that there is quite often large amount of residual damage left on the pc after fully cleaning mal-
ware as best as can be reasonably done with tools listed by Fred. Common issues as redirection of URLs, non-functioning of antivirus software, windows update, wipeout of system restore files, and the list goes on. I am thinking more and more that the best approach is running 2 of these products, and if damage persists, reformat and reinstall. It’s just not worth any more effort…and not many writers mention this frequent need. I’d like to know other people’s opinion on this.

Sam

Reply | Quote

Hi Sam,

For scenarios like those, it may be worth trying Windows Repair (All In One), judicious use of this may help bring a machine back to useful life: http://www.tweaking.com/content/page/windows_repair_all_in_one.html

Reply | Quote

I clean a lot systems for un-advanced users and have found that there is quite often large amount of residual damage left on the pc after fully cleaning mal-
ware as best as can be reasonably done with tools listed by Fred. Common issues as redirection of URLs, non-functioning of antivirus software, windows update, wipeout of system restore files, and the list goes on. I am thinking more and more that the best approach is running 2 of these products, and if damage persists, reformat and reinstall. It’s just not worth any more effort…and not many writers mention this frequent need. I’d like to know other people’s opinion on this.

Sam

Yet another argument for a System Backup, updated every couple of weeks or so.

If the infection hasn’t disabled Windows entirely, after cleanup, an installed version of Super Antispyware, Avast or several other AV programs, can restore backups of original critical system files. These programs keep copies of important files and use them to restore functionality lost during a cleanup operation. Reimage also claims to be able to restore missing or damaged Windows files after a virus cleanup. Reimage is not free, but when you need what it does, the cost may seem reasonable.

-- rc primak

Reply | Quote

I have TrueCrypt on my laptop with full disk encryption. I assume that the bootable rescue disk options such as Kaspersky’s would be pointless since everything including any malware is encrypted when the OS is off?

Reply | Quote

Regarding the question about Truecrypt, I think your assessment is correct. I would however, email their tech support dept because they might have an answer for this, such as mounting on another system, having a generic boot disk, etc. Let me know what they say.

Reply | Quote

Based on your column, I downloaded HouseCall, the first program you listed. Turns out it won’t work as such a tool. It won’t install, at least in Windows 7. Trying to install it gets a script error:

An error has occurred in the script on this page.

Line: 43
Char: 5
Error: Could not set the src property. Unspecified error.
Code: 0
URL: http://shop.trendmicro.com/hc/amazon.html

I have tried this multiple times, including after rebooting. Always the same result. Since the program can’t be installed, it is useless.

Reply | Quote