Malware compare

Five portable antivirus and antimalware tools to carry with you at all times

Jack Wallen lists his five favorite portable antivirus / antimalware tools - the tools you keep handy for that inevitable security emergency.

Let's face it, one of the primary jobs a Windows admin does is keep machines free of infection. It's inevitable - end users will open files, install cutesy apps, and go to sites they shouldn't. When they do these things, their machines get infected. When their machines get infected, you could wind up fighting a losing battle - unless you have the right tools.

Sometimes the antivirus tools installed on the machine just aren't enough. When that time comes, you'll be glad you have one (or more) tools on your USB drive to help you out. I've found five such tools that could certainly get you out of a serious pinch. All of these tools are portable and work like champs.

This blog post is also available as a TechRepublic Photo Gallery.

Five Apps

1. ClamWin Portable

ClamWin Portable is very much like its big brother: It's free, open source, and does a great job of disinfecting machines. ClamWin has a very high detection rate, has frequently updated definitions, and has an easy to use graphical interface. The only caveat to using ClamWin is that it does not offer a real-time scanner - which is not an issue for a portable version. This is my go-to portable virus scanning software.

2. Sophos Anti Rootkit Portable

Sophos Anti Rootkit Portable is one of those tools you hope you never have to use; but you know, at some point, you will. Sophos is remarkably adept at locating root kits - especially for a portable app. Sophos: scans, detects and removes rootkits, is 100% free, supports Windows XP, Vista and 7, and works alongside your existing antivirus. I have found Sophos reliable enough to use even while the PC being scanned is in use.

3. Emsisoft Free Emergency Toolkit

Emsisoft Free Emergency Toolkit is a powerful malware removal tool that can scan for, and remove, over six million dangers to your PC. Emsisoft Free Emergency Toolkit has both a GUI and a command line version, so you can scan your machine even if there are problems with the GUI. With this toolkit, you not only get the malware scanner, you also get HiJackFree and BlitzBlank as well. Emsisoft offers the free download, or you can purchase a pre-compiled USB stick.

4. Vipre Rescue

Vipre Rescue is that tool you use when your machine is severely infected. Vipre is run in safe mode and does not depend upon a GUI tool for use. You double-click the executable and a command window opens with the scanner running (and running at blazing speeds). If you already use the full version of Vipre, you can still run this tool should your machine become so infected, Vipre will not run.

5. Spybot Search and Destroy Portable

Spybot Search and Destroy Portable is the portable version of the massively popular full Spybot Search and Destroy. This antimalware tool does a great job of finding and removing malicious software - all from your flash drive. Spybot has a unique feature that will help you backup your registry before you begin the scan. Should Spybot fubar your PCs registry, you have a backup to restore to - safe and sound.

Bottom line

You know that point is coming when you'll require the assistance of portable antivirus and/or antimalware. It's a shame that this is such a big part of our jobs, but it is inevitable. Make sure you are always armed with the tools to combat this plague by keeping a few of these portable apps along with you.

Also read:

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

35 comments
techromcore
techromcore

This is the last resort i can do to diagnose my laptop at a software level.


I'm really worried. I feel my system was already compromised. My firewall can't be turned on. My DVD drive is acting weird, automatically ejects at random times and it can no longer read disc to; AV in a live CD will be useless. Some of the number key in my keyboard is not working.

-

R. J.

http://teknolohitura.url.ph

cquirke
cquirke

To cummingsc; yes, I've heard that assertion before, but it is as flawed as assuming a cleaned PC will always be a clean PC. If you do go this route, I suggest you keep the original hard drive for forensics, in case the malware is back and you need to revisit the original state to figure out what's happening. When you "just" wipe and rebuild, you're likely rebuilding the original state that got infected in the first place. That's best-case, as you're losing all protective settings that may have been applied, plus falling back to an unpatched and exploitable state. Malware may have communicated off system with info to facilitate prompt re-infection; the bad guys may have learned about the PC, but if you "just" nuke and rebuild, you have learned nothing about your attackers. Then there's the "data" you restore. Windows has zero clue about data safety, and apps may dump code, downloads etc. within the "data" set. Restore that with your data, and you may well restore in infection, especially for malware that spoofs the duhfault unsafe UI you'd be rebuilding (hidden files and file name extensions etc.). It really depends on how much collateral damage you are prepared to accept, and the quality of your rebuild image and data management. The recommendation to "just wipe and rebuild" usually comes from the pro-IT sector, where quality rebuild images are maintained in-house, data is located off the workstation, and users are fed a small white list of business apps and no-one cares if they lose everything else. Contrast that with the consumerland experience, where you'd be lucky to have a stone-age baseline-SP OS rebuild disc, or a junkware-encrusted OEM wipe-and-rebuild full of ancient unpatched code surfaces. Data is typically splattered all over the place, including "the desktop", and backups may be non-existent - and this may be the only PC in the house. The equivalent for a managed corporate system would be "wipe all your servers and workstations at once, and no I have no idea if we have any data backups at all". Would you roll those dice?

Resourceasset
Resourceasset

USE SAFEMODE!!! I use ComboFix, Malwarebytes Pro, HitManPro36, HiJackThis, RogueKiller, Sophos VRT, AVG and occassionally Kaspersky as well as others but remember Kaspersky interferes with Windows updater! Always check for latest versions and updated signature databases daily. Monitor open ports and know your processes, make use of pinging and TraceRT and examine incomming and outgoing traffic, It seems as no one company can stay on top of this mushrooming problem any more, so use them all, I've found the shotgun technique to be the best defense sometimes. I often wonder what the actual average latency is between discovery and solution, let alone what the average latency for malware deployment to discovery is? Just can't seem to find those figures anywhere! The very fact that just about every AV software company seems to have a free version of their software these days is tantamount to an open admission, is it not? The problem seems to evolve faster and faster all the time. There always seems to be a new crop of Skids to do the bad guys' dirty work if you know what I mean. If you're feeling over worked you probably are and this job is definately not getting easier. If your are not scanning and monitoring you're falling behind, but I refuse to lock it down, it just goes contrary to being human. Looking for that ultimate solution let me know if you find it! Hope this helps.

TucsonGuy
TucsonGuy

Hmmm... if you're running Vipre as your main antivirus, and your system has gotten so infected that it cannot run, I'm wondering how running a standalone version of Vipre will catch something the full version did not? I guess a case could be made for an end user overriding warnings because they REALLY wanted to see that Ultimate Harlem Shake video with the porn stars!

SandyKORD
SandyKORD

I probably know enough to get around and do some damage, but can't back my way out all the time. What is recommended for those of us who regularly use our laptops, etc. to keep a shield between us and the bad bugs? Is there a routine of sorts?

casand
casand

I would suggest to download free antivirus which is available online and it can be downloaded with Internet On, http://antivirus.comodo.com/ is a free antivirus which I have plugged in to my Laptop.

andre
andre

I normally keep something like the Hirens Bootdisk nearby and run the Sophos Command Line scanner in that MiniXP environment. It can be set to run from flash or a CD. Works pretty effective and most of the time allows me to boot into Windows after the scan to clean up with tools like Malwarebytes, Spybot and Super Anti Spyware.

wiggledbits
wiggledbits

But I agree with cummingsc you can't be sure unless you wipe the drive. I used to just nuke and pave the system but after my years of pushing for taking all users out the local admin group on the PC mush of this problem has gone away. Now if someone gets a virus I simply copy there local files, scold them for not using their personal network drive, delete their account on the PC, delete their user folders, log back in as them and move their files back. Unless of course my boss in all of his wisdom and experience has given the use the local admin uname and password. Then I let him deal with it.

susan80
susan80

I make use of Immunet antivirus and satisfied with the performance. It offers real time protection and all round support has been of great importance.

cummingsc
cummingsc

I am of the opinion that if you get an infection, the only safe course of action would be to wipe the drive and do a clean reinstall. You are never sure that you got everything because you may find the obvious culprit, but never know if some baddies are lurking in the background. Ensure that all your data is backed up and then nuke the drive and start over.

dbmay75
dbmay75

Firstly, another vote for Combofix; it's free, it works in Safe Mode with Networking (I specify this option as it will check online for updates plus it will install the MS Recovery Console if the infected machine doesn't already have it), it can be run from a flash drive and it eradicates not only viruses and malware, but rootkits and bots as well. With that said, my 2 cents would be HD USB Enclosures. They range from about $3 to $20 on Amazon and can support almost any drive type and size. The process is simple: remove the infected HD from the shell, insert it into the enclosure and attach it to a healthy computer running Windows (preferably a clean test machine). From there, scan the drive with your best AV app, rinse and repeat if necessary and when complete, insert it back into the shell and reboot.

mikerdz
mikerdz

Like jrbwalk, I've seen Spybot go from nothing to what it is now. I remember when all we had to work with was Ad-Aware and Spybot.... In that length of time, I have not come across a program as consistent and efficient as Combofix by BleepingComputer.com It's a shame it didn't make it onto this list.

jrbwalk
jrbwalk

Honey, I've been around so long that spybot has gone from 10,000 to 820,000 items it searches for. I am glad to see it here.

glricht
glricht

Just went to test the Sophos Anti Rootkit Portable app linked to by the article. The tool is called Sophos Virus Removal Tool and is NOT portable. I started to test in on a Win 7 x64 machine, but when it began an installation process, I canceled it.

deICERAY
deICERAY

Nice set of apps, one I had not heard of, but really, ALL THE TIME? Should we make up USB keys and hang them in the bathrooms? A little overstated, but good to know about.

chronic8000
chronic8000

I use Combofix which has cleaned many a tough virus out of badly infected machines get it from combofix dot org

lerouxje
lerouxje

With YUMI i have on my 18Gb Bootable usb stick a lot of tools: 2 Anti-virus scan: (Kapersky rescue disk 10, Acronis Antimalware cd), 4 Systems Tools (System Rescue CD, Gparted, Utimate Boot CD,...), 1 Linux Distrubution (Fedora 17 Live) and 1 Windows Installer (Windows 2008 Enterprise). With YUMI I can add/remove Others Virus-scan.. It's very easy to use.

deyamag
deyamag

Thanks 4 Information.

cquirke
cquirke

If serious about malware management. then you'll want formal tools, i.e. those that work without runnig any code from the infected installation. The two best platforms for such tools (in my experience) are Bart PE Builder and Sardu. There are others like Sardu, but I haven't tried them yet! Bart PE Builder is based on the old XP or Server 2003 code base, which makes it a best fit for those and older OSs. Like those OSs in thier native form, it needs AHCI to be disabled for it to boot, else you'll get a STOP error. Remember to resore the original mode before booting the hard drve, else that is also likely to STOP. Bart can read the hard drive installation's registry hives as if in effect, via the RunScanner plugin, if the OS is Windows 2000,XP or Server 2003. That alone can make Bart a very useful maintenance OS for these older Windows versions. In contrast, Sardu simply straps together a number of bootable "rescue CDs" so they can be launched from a single boot optical disc or USB drive. I'm using it with AVG, Avira, Kaspersky, VirusBloka, Panda, Bit Defender and PC Tools AOSS.

oldguardreindeer-techrepublic
oldguardreindeer-techrepublic

So, out of curiosity I dl'ed from the SOPHOS link provided. It did not install a "portable version" rather installed on my PC. I could get a "start in directory" on a flash drive but the interplay between the two was not clear and I didn't have time to check it out. Not happy about the installation technique! Could be user error, granted, but I have lots of success with PortableApps type software and this didn't give me options. Is a portable version truly available?

willcomp
willcomp

For non-bootable PCs, Kaspersky Rescue disk is my go-to resource. It is excellent at removing boot sector rootkits and other malware. The MS Defender offline scanner is good but not comparable to the Kaspersky Rescue Disk. In my opinion, most of the software Jack recommends is rather ineffective. I do a lot of malware removal and use RogueKiller, MBAM , and TDSSKiller as the prime tools for most systems. Combofix is the next option if MBAM is not effective. Of course all those require a bootable PC.

Spook0
Spook0

AVG offers a Rescue program as an ISO or a USB program from RAR or ZIP. The bootable program brings its own OS. It does require access to the internet to update its definitions but it sets up its own access with limited user participation. It has worked for me.

wLamia
wLamia

A must-have. One of the best things MS produces, and they give it away free! Boots to its own limited version of Win7, from CD or USB stick. Be sure to get both 32-bit and 64-bit versions. Only problem is keeping it updated - tedious on flash drives, impossible on CD's.

PurpleSkys
PurpleSkys

a good anti virus program, a good anti malware program, and a good anti spyware program. I use Avast free for home for my antivirus, malwarebytes free edition for malware, and spybot search and destroy for spyware. They're all free but for the inexperienced user I would suggest leaving all programs on their default settings before running.

marcdw
marcdw

I think you're right. I searched the SOPHOS forums and back in 2010 someone asked about it not being portable (thinking standalone and portable are similar). Their response was: "Sophos Anti-Rootkit (SAR) is a "standalone" application in that it can be installed on its own without Sophos Anti-Virus, Sophos AutoUpdate or Sophos Remote Management System. The tool has to be installed and run locally on the computer in "normal" mode Windows - i.e. not SafeMode etc..." Unless things have changed I don't think it's portable.

marcdw
marcdw

When de-"bugging" other people's machines only the Kaspersky Rescue Disk has successfully found and removed items like TDS and whatnot. Hasn't failed me yet but I haven't had to deal with anything too major.

pickleman
pickleman

There's absolutely no mention of a standalone version of Security Essentials on Microsoft's site. Do you have a direct link?

Trentski
Trentski

It doesn't exist, if it did we would have heard about it by now

HAL 9000
HAL 9000

The problem is the Link itself. The Scripts used by TR block a lot of Legit Sites including Microsoft. I no longer expect any Link including a Tiny URL to be accepted so I break the link with a space between the Domain Name and the .whatever. This gets accepted without issue and I post a note to remove the space like this http://www.techrepublic .com/forum/discussions/102-395496?messageId=3708778 [i]remember for a working link remove the space from between [b]techrepublic[/b] and the [b].com[/b][/i] Col

oldguardreindeer-techrepublic
oldguardreindeer-techrepublic

the Microsoft Windows Malicious Software Removal Tool (KB 890830) available in both 32 and 64 bit versions and there is also the Microsoft Safety Scanner, an online tool. I realize they are not the same, as pickleman has noted as a standalone version of MS Essentials but FWIW. BTW, I posted this information the same day the article came out complete with links to each of these download sites. Although the links are completely legit, apparently the posting did not get the approval needed to appear here. I waited 24 hours and repeated the posting but it also has not appeared. Here's hoping this posting today is not blocked/censored/whatever. Regards, Steve

pickleman
pickleman

Windows Defender is not the same as Security Essentials. Yes, I'm sure it's better than nothing, but the original poster claimed he was using Security Essentials portable edition.

marcdw
marcdw

Although probably by another name. Look for Windows Defender Offline or mssstool32.exe and mssstool64.exe. With this you get an offline tool that resembles Security Essentials.