Articles on this site form the rogue antivirus category:

• How to Remove Live Enterprise Suite | Live Enterprise Suite Removal Guide
• Windows XP Unable to Login After Cleaning Out Rogue Antivirus
• How to Remove APCSafe | APCSafe Removal Guide
• How to Remove PCSecure | PCSecure Removal Guide
• How to Remove Desktop Security 2010 | Desktop Security 2010 Removal Guide
• How to Remove APCSecure | APCSecure Removal Guide
• How to Remove ProtectSoldier | ProtectSoldier Removal Guide
• How to Remove ProtectDefender | ProtectDefender Removal Guide
• How to Remove Armor Defender | Armor Defender Removal Guide
• How to Remove DefendAPC | DefendAPC Removal Guide

Virus Removal

The absolute BEST way to make absolutely certain that a system is clean is to wipe it fresh and reinstall Windows XP. Unfortunately, many people lose their Windows XP install cds, or never received it from the pc manufacturer (which is worth a several page RANT all of it’s own!) So, for them the option is 1)clean up their existing install, 2)buy another windows xp license and disk 3) buy a new computer. Usually the cheapest option turns out to be #1.

Since I have to do a lot of virus cleanup I’ve got a collection of favorite virus removal tools that I make use of. Why so many utilities here? They each have their strengths. Antivirus software of course specializes in cleaning out viruses but in recent years is doing better in the spyware removal. Antispyware software usually has better antispyware coverage, but the landscape is so diverse that it still seems no single product is a bulletproof answer. Also, I like to think of it as getting two or three opinions on if the system is clean. If I can get each of these tools claiming the system is clean, it’s a pretty good bet that we’re finally cleaned out.

Virus Removal Tools

First off, is an essential. A freely available antivirus download. If I’m working on a persons home computer the first choice is usually the free AVG antivirus. If it’s a business I usually steer people towards the pay version of AVG. If they already have antivirus that they want to keep, that’s fine, but it usually has to be reinstalled or renewed because many pests disable or maim your existing antivirus. 8.0 of AVG does a good job identifying and getting out all of the myriad trojans and “possibly unwanted programs” that do sneak installs that previous Antivirus versions didn’t seem to blink an eye at.

Spybot Search and Destroy – this is another good removal tool in the arsenal. This is good to cover the classic spy and adware programs. This includes many rogue antivirus and rogue anti-spyware programs.

Malware bytes anti-malware this is a nice recent addition to my toolkit for cleaning up systems. It seems to be able to pick up some things I’ve missed with spybot and or AVG. In recent months this has become my virus removal tool of choice.

SuperAntiSpyware is another good malware and virus removal tool. They have a portable scanner which is saved to a new random filename each time it’s downloaded and includes all their latest definitions. So, download this on a clean pc to a flash drive, boot up into safe mode if necessary and clean. SuperAntiSpyware also has a standard free edition available for download as well that is a standard installable application. If it were me, for a system cleanup, I would opt for the portable edition as it’s more likely to be able to work due to the random filename.

For some of those specific bugs it can be handy to have a tool for a specific type of bug.

CWShredder is the tool of choice to remove CoolWebSearch.

To the surprise of many, the antivirus companies typically have standalone FREE virus removal tools for various viruses and baddies out there:

Symantec FREE virus removal tools

McAfee Free virus removal tools (this may not have been updated in a while.)

They also have a removal tool called Stinger for a variety of bugs.

Kaspersky has a raft of removal tools too for free download.

As does Grisoft (AVG).

As time allows I’ll be adding more of the handy virus removal utilities I use here. A good place to start for general system utilities though is the sysinternals utilities which are currently owned by Microsoft.

Free Online Virus Scans

I’ve not typically been VERY enthused about “online virus scans” because of some potentially fundamental drawbacks with such, but from time to time I make use of Trend Micro’s Housecall (online java/web based malware scanner) as a quick first or second opinion on a system’s status.

Here’s Panda Antivirus ActiveScan – only cleans out what it finds after registration. (And some things are not cleaned out by the online scan, but by the paid software.)

Kaspersky Virusscanner – another good online scanner.

F-secure has an online scanner.

SuperAntiSpyware has a free home edition.

Other Virus Removal Tools

Other tools are SDFix and Combofix.

Another useful tool for finding hidden registry entries and the like (possible rootkit activity) is RootkitRevealer.

Finally, a very powerful tool for finding running processes:

Process Explorer (link to sysinternals download.)

Virus Removal Toolkit

Now, since many rogue antivirus or malware infestations will prevent you from downloading from the websites of legitimate security tools you will want to develop a toolkit in one of a number of ways. First you may wish for a cd. For many years this was my favorite method because I could just keep a folder on my desktop with the current version of the security tools listed above (or whatever I was using the most at the time.) I could even script updates of them and then I could burn a fresh cd to take out with me.

The other option and probably the better choice today is the USB flash drive. They are cheap and most of these utilities are fairly small. For $20 you can get a 2GB memory stick to put all of your virus removal tools and even have room left to copy data off for forensic analysis (whether it’s log files or other suspicious files that your removal tools did not detect.)

Subpages of this page that may have more detail on some of the tools listed:

• Bootable Antivirus CD
• ComboFix
• Rootkit Removers | Rootkit Detectors
• Windows Registry Patches

Virus and malware removal in the news:

“malware removal” – Google News

Internet Security 2012 Runs Rogue Antispyware Scam with Fake Reports and Scare … – PR Leap (press release)

Internet Security 2012 Runs Rogue Antispyware Scam with Fake Reports and Scare … PR Leap (press release) Due to the fact that Internet Security 2012 cannot be easily removed like other legitimate software, the use of a malware removal tool may be necessary to successfully uninstall Internet Security 2012. Other rogue anti-spyware programs similar to … and more »

McAfee Introduces Comprehensive, Expert Technical Support Services for North … – EON: Enhanced Online News (press release)

McAfee Introduces Comprehensive, Expert Technical Support Services for North … EON: Enhanced Online News (press release) Maintenance for PC: Includes malware removal, PC Tune-Up and Internet Booster, which optimizes Internet performance to get a PC running at maximum speed. Data Recovery: Best effort recovery of lost or deleted files. McAfee Concierge Gold: Includes all … and more »

McAfee Introduces Comprehensive, Expert Technical Support Services for North … – MarketWatch (press release)

McAfee Introduces Comprehensive, Expert Technical Support Services for North … MarketWatch (press release) Maintenance for PC: Includes malware removal, PC Tune-Up and Internet Booster, which optimizes Internet performance to get a PC running at maximum speed. — Data Recovery: Best effort recovery of lost or deleted files. and more »

Restore Missing/Hidden Icons Wiped Out by a Virus – PCWorld

Restore Missing/Hidden Icons Wiped Out by a Virus PCWorld (Here's a great malware-removal tutorial from PC World's Eric Geier.) Just one problem: removing the virus hadn't restored all my sister-in-law's icons and data. The hard drive still showed nearly full, meaning nothing had actually been erased, … and more »

Comodo Antivirus 2012 – PC Magazine

Comodo Antivirus 2012 PC Magazine Poor removal of the traces it did find earned it a mediocre malware removal score, 5.4 of 10 possible points. It left behind executable traces for close to half the detected threats, and for nearly half of those at least one process was still running … and more »

Malwarebytes Anti-Malware 1.60.1 Beta – Neowin

Malwarebytes Anti-Malware 1.60.1 Beta Neowin With one of the fastest, most effective quick scans and malware removal capabilities on the market, this program is the perfect addition to your PC's defenses. The full version of the product includes a number of key features, including the ability to … and more »

Bitdefender wins `Top Rated’ of the year award in AV Comparatives testing – PRWire

Bitdefender wins `Top Rated' of the year award in AV Comparatives testing PRWire Bitdefender won the 'Gold Medal' in Whole-Product Dynamic Protection and Malware Removal, outperforming all other products in those categories. It also won a Bronze in On Demand Malware Detection after tests on antivirus products from 20 companies last … and more »

Avira Internet Security 2012 – About – News & Issues

Avira Internet Security 2012 About – News & Issues Safe mode scanning can be a key differentiator in malware removal, helping to avoid the struggle that often happens between antivirus scanners and self-resuscitating malware. The interface is clean and efficient, providing pre-configured scan tasks as …

Kaspersky Named Product of the Year – PC Magazine

Kaspersky Named Product of the Year PC Magazine It didn't get top ratings in 2011, but did score a win specifically for effective malware removal and low performance impact. The full report lists winners in a number of specific categories including malware detection, scanning speed, and low false … and more »

Norman Security Suite PRO 9 – PC Magazine

Norman Security Suite PRO 9 PC Magazine Poor malware removal. Low marks from independent labs. Firewall left some ports open. Firewall relies on user to make security decisions. Firewall caves to simple attack on services. Very weak antiphishing. Easily-defeated parental control let porn … and more »

Popularity: 20% [?]