Virus, Spyware and Malware Removal Toolkit
Articles on this site form the rogue antivirus category:
- How to Remove Live Enterprise Suite | Live Enterprise Suite Removal Guide
- Windows XP Unable to Login After Cleaning Out Rogue Antivirus
- How to Remove APCSafe | APCSafe Removal Guide
- How to Remove PCSecure | PCSecure Removal Guide
- How to Remove Desktop Security 2010 | Desktop Security 2010 Removal Guide
- How to Remove APCSecure | APCSecure Removal Guide
- How to Remove ProtectSoldier | ProtectSoldier Removal Guide
- How to Remove ProtectDefender | ProtectDefender Removal Guide
- How to Remove Armor Defender | Armor Defender Removal Guide
- How to Remove DefendAPC | DefendAPC Removal Guide
Virus Removal
As a computer technician one of the tasks I have to do ALL too often is try to clean out a Windows XP based machine that’s been hijacked by software that does ALL sorts of strange things. Depending on the week virus removal is the kind of thing that I may do several times a day on several different systems. I think the most unusual I saw was one that installed a screensaver that mimicked a windows boot, blue screen of death (BSOD) and then an auto reboot, another BSOD, etc. Some pests can prevent you from visiting antivirus vendor sites, can close browser windows automatically, can prevent access to task manager, can put up a background on the screen that you don’t have adequate antivirus protection or that there are problems with your computer, etc. They can impede productivity with popups that say you need to install xyz software to fix the problem and they can sucker people out of hard earned money. They not only do they make using the computer a pain, but they make the virus removal process more challenging as well as making the downloading of virus removal tools next to impossible.
In short, they’re a pain in the neck to say it nicely.
The absolute BEST way to make absolutely certain that a system is clean is to wipe it fresh and reinstall Windows XP. Unfortunately, many people lose their Windows XP install cds, or never received it from the pc manufacturer (which is worth a several page RANT all of it’s own!) So, for them the option is 1)clean up their existing install, 2)buy another windows xp license and disk 3) buy a new computer. Usually the cheapest option turns out to be #1.
Since I have to do a lot of virus cleanup I’ve got a collection of favorite virus removal tools that I make use of. Why so many utilities here? They each have their strengths. Antivirus software of course specializes in cleaning out viruses but in recent years is doing better in the spyware removal. Antispyware software usually has better antispyware coverage, but the landscape is so diverse that it still seems no single product is a bulletproof answer. Also, I like to think of it as getting two or three opinions on if the system is clean. If I can get each of these tools claiming the system is clean, it’s a pretty good bet that we’re finally cleaned out.
I’ve also got a page of antivirus removal tools that can come in handy for those situations where the installed antivirus has a problem and needs to be removed. On that page, you will also find links to other free virus removal tools.
Virus Removal Tools
First off, is an essential. A freely available antivirus download. If I’m working on a persons home computer the first choice is usually the free AVG antivirus. If it’s a business I usually steer people towards the pay version of AVG. If they already have antivirus that they want to keep, that’s fine, but it usually has to be reinstalled or renewed because many pests disable or maim your existing antivirus. 8.0 of AVG does a good job identifying and getting out all of the myriad trojans and “possibly unwanted programs” that do sneak installs that previous Antivirus versions didn’t seem to blink an eye at.
Spybot Search and Destroy – this is another good removal tool in the arsenal. This is good to cover the classic spy and adware programs. This includes many rogue antivirus and rogue anti-spyware programs.
Malware bytes anti-malware this is a nice recent addition to my toolkit for cleaning up systems. It seems to be able to pick up some things I’ve missed with spybot and or AVG. In recent months this has become my virus removal tool of choice.
SuperAntiSpyware is another good malware and virus removal tool. They have a portable scanner which is saved to a new random filename each time it’s downloaded and includes all their latest definitions. So, download this on a clean pc to a flash drive, boot up into safe mode if necessary and clean. SuperAntiSpyware also has a standard free edition available for download as well that is a standard installable application. If it were me, for a system cleanup, I would opt for the portable edition as it’s more likely to be able to work due to the random filename.
For some of those specific bugs it can be handy to have a tool for a specific type of bug.
CWShredder is the tool of choice to remove CoolWebSearch.
To the surprise of many, the antivirus companies typically have standalone FREE virus removal tools for various viruses and baddies out there:
Symantec FREE virus removal tools
McAfee Free virus removal tools (this may not have been updated in a while.)
They also have a removal tool called Stinger for a variety of bugs.
Kaspersky has a raft of removal tools too for free download.
As does Grisoft (AVG).
As time allows I’ll be adding more of the handy virus removal utilities I use here. A good place to start for general system utilities though is the sysinternals utilities which are currently owned by Microsoft.
Free Online Virus Scans
I’ve not typically been VERY enthused about “online virus scans” because of some potentially fundamental drawbacks with such, but from time to time I make use of Trend Micro’s Housecall (online java/web based malware scanner) as a quick first or second opinion on a system’s status.
Here’s Panda Antivirus ActiveScan – only cleans out what it finds after registration. (And some things are not cleaned out by the online scan, but by the paid software.)
Kaspersky Virusscanner – another good online scanner.
F-secure has an online scanner.
SuperAntiSpyware has a free home edition.
Other Virus Removal Tools
Other tools are SDFix and Combofix.
Another useful tool for finding hidden registry entries and the like (possible rootkit activity) is RootkitRevealer.
Finally, a very powerful tool for finding running processes:
Process Explorer (link to sysinternals download.)
Virus Removal Toolkit
Now, since many rogue antivirus or malware infestations will prevent you from downloading from the websites of legitimate security tools you will want to develop a toolkit in one of a number of ways. First you may wish for a cd. For many years this was my favorite method because I could just keep a folder on my desktop with the current version of the security tools listed above (or whatever I was using the most at the time.) I could even script updates of them and then I could burn a fresh cd to take out with me.
The other option and probably the better choice today is the USB flash drive. They are cheap and most of these utilities are fairly small. For $20 you can get a 2GB memory stick to put all of your virus removal tools and even have room left to copy data off for forensic analysis (whether it’s log files or other suspicious files that your removal tools did not detect.)
Boot and Disinfect CDs
One of the great advantages of booting to a cd to clean up a virus infected system is that the cd is more likely to get everything. In a running live operating system, it’s hard to say how many viruses might be running hidden, or may interfere with a virus scan, but booting to a linux live cd or other cd that can do a virus scan can be a good way to make sure that nothing interferes with your virus removal. The big disadvantage to this kind of scan is that if important system files are infected they may be quarantined and it may prevent the system from booting. One example is a virus in an Outlook PST file. A virus scanner in windows would be able to interface with Outlook and remove the message that the virus is attached to. A boot cd for the same purpose would quarantine the enitre pst file for you to deal with at a later time. It’s a tradeoff.
At one point in time I had my own livecd that I developed for virus removal. It was based on Mandrake and had clamav on it. When the system booted it attempted to check for antivirus updates and then started straight into it’s virus scan. It was fairly successful for me, but the tradeoffs above had me move it lower in my list of priorities.
f-secure has a rescue CD that is linux based and does exactly this same thing. It will boot, check for antivirus updates and then proceed to a scan. They are very up front as to the risk that if a system file is infected it may render the system unbootable. Of course, a repair reinstall should fix things assuming that it’s not too badly damaged. I’ve tried it and used it after running several other fairly thorough scans and like having this option as a second opinion that can work outside of the infected systems operating system.
Subpages of this page that may have more detail on some of the tools listed:
Virus and malware removal in the news:
“malware removal” – Google News
Today Is National PC Cleanup Day, So Let’s Tidy Up Your System – Lifehacker
|
Today Is National PC Cleanup Day, So Let's Tidy Up Your System
Lifehacker … form of malware but have been putting off hunting it down, you'll want to find a solid, deep-cleaning malware-removal tool and get rid of what ails you. … |
Lab Testing Antivirus Software – PC Magazine
|
Lab Testing Antivirus Software
PC Magazine In my own hands-on testing it holds the top scores for both malware removal and malware blocking, even beating out previous champion Norton Internet … |
 Prudent Press Agency (press release) |
Computers and Software : Repairing Malware Manually – An Easy Malware Removal …
Prudent Press Agency (press release) A web-based Malware removal program. These programs have a list of all known malware applications, and they compare all of the data files in your system to … |
Reviewed: avast! Free Antivirus 5.0 – PC Magazine (blog)
 PC Magazine (blog) |
Reviewed: avast! Free Antivirus 5.0
PC Magazine (blog) Its new heuristic anti-malware engine offers code-emulator technology, a powerful boot-time scan, and overall better malware removal and blocking. … avast! Free Antivirus 5.0 |
Symantec Solutions Ace Industry Security Tests – CNNMoney.com (press release)
|
Symantec Solutions Ace Industry Security Tests
CNNMoney.com (press release) In September 2009, Symantec was awarded the top category result of ADVANCED+ in a new Malware Removal test designed to examine how well malware is removed … |
Evo Morales’ Peoples Climate Summit: Restoring the Balance – The NarcoSphere
|
Evo Morales' Peoples Climate Summit: Restoring the Balance
The NarcoSphere Another important download windows xp repair point to consider is that the tool is really meant to be used by malware removal experts or at the very least … |
McAfee AntiVirus Plus 2010 – PC Magazine
|
McAfee AntiVirus Plus 2010
PC Magazine Other products more effective at malware removal. Realtime protection claimed to remove some threats over and over indefinitely. |
Facebook, McAfee partner to fix social network security issues – SearchSecurity.com
|
Facebook, McAfee partner to fix social network security issues
SearchSecurity.com In addition, McAfee has developed a light-weight PC scanning and malware removal tool that will be made available to owners of hijacked accounts during the … |
‘Antivirus PC 2009′ Infecting Computers Worldwide – SPAMfighter News
|
'Antivirus PC 2009' Infecting Computers Worldwide
SPAMfighter News Users are recommended that they do an automatic malware-removal operation to wipe out Antivirus PC 2009 from their computers. For that, they need to acquire … |
SUPERAntiSpyware Portable Handles Spyware Like A Champ – Lifehacker Australia
|
SUPERAntiSpyware Portable Handles Spyware Like A Champ
Lifehacker Australia We've featured SUPERAntiSpyware before as one of the best malware removal tools, but the addition of a portable version makes it well worth a look for … |
Popularity: 1% [?]
