Security

Video: Detect and remove malware with these tools

Bill Detwiler examines three types of anti-malware tools and explains how they can find and remove malware.

IT pros and consumers alike are engaged in a constant battle to protect their machines from malware. As malware developers innovate and adapt, anti-malware software vendors must do the same. During this episode of TR Dojo, I'll examine three types of anti-malware tools and explain how they can find and remove malware.

For those who prefer text to video, you can click the Transcript link that appears below the video player window or read Michael Kassner's following articles:

You can also sign up to receive the latest TR Dojo lessons through one or more of the following methods:

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

114 comments
solomon
solomon

i use malwarebytes and its the best but sometimes i had that the explorer.exe or some windows files was infected and it wasnt able to clean it till i found a software named "hit man pro" they have a 30 day trial and did the job you might need a windows cd to repair windows files scans fast(dosn't work in safe mode)

romeojg30
romeojg30

What's your thoughts on Spybot S & D?

mikifinaz1
mikifinaz1

If you have images stored, nuke and pave the OS is faster and easier.

kaiksis
kaiksis

I use Avira Antivir, MalwareBytes Antimalware and in some difficult cases DrWeb scan tool (esp. when there's no internet connection). Any comments for these products? Oh, just this morning a usb flashdrive came to me, Antivir found 11 malicious files in it, while Antimalware found only 3. The usb drive had only a video in it...

jeffo
jeffo

I've seen lately that all the tools I have been using to detect and clean Malware with are not being available once infected. command prompt, TaskManager, Malwarebytes, Symantec AV. With all these tools not available anymore it is getting kind of difficult not to wipe the Hard Drive clean and start again.

massa_alison
massa_alison

Thank you --useful and comforting. I can attest to the effectiveness of MalwareBytes Anti-Malware. Having tried several malware removal proucts, Anti-Malware was the only one that worked. It's simple and effective -- highly recommended.

cdyz5
cdyz5

good video. and rise good point to protect system from malicious softwares.

jmatty72
jmatty72

This is exactly why I use Apple. I got better things to do than waste my time Googling malware.

TBBrick
TBBrick

1. Install CCleaner, delete all extraneous profiles, configure/run CCleaner to remove temp files. 2. Install Malwarebytes and let it do it's thing until clean. 3. Run CCleaner's registry cleaner. 4. If still infected, image machine.

lpvalach
lpvalach

New procuct on market. Thirtyseven4 has antivirus, antimalware, and antirootkit. Removal of malware automatic. Has other features to prevent computer infection. Evaluation copy worked great. Saves a lot of time. Deployable on Windows or Netware. http://thirtyseven4.com/

Al_nyc
Al_nyc

For a very long time the tech guys where I work would use the reformat option as their solution to most problems. I didn't have a standard set up, so if I did the reformat solution, I would end up spending many hours trying to recover from their "fix". After the first time they did that, I never call them for any issues. I fix my own.

robroy73
robroy73

I like SuperAntiSpyware Portable b/c I don't usually have a need for it to run constantly when there is an Internet Security suite in place. The protable contains the latest updates and comes in a .com format that extracts the basic GUI. It does a great job for me, it detected a false antivirus app that caused applications to close and request you go to their site to fix it. SAS detected it right away while most of the applications that I use, that include spyware detection, did not. Malware Bytes appears to be a popular choice but based on the fact I have used both, I think SAS is a little faster in scanning, at least with the portable edition and they both require manual initialization (to my knowledge or at least from when I used Malware Bytes last)so there is no advantage from either from that standpoint. Spybot is an excellent program as well but it did not catch the above mentioned like SAS did.

levilan
levilan

MSE is a mediocre product.

Capt_Skippy
Capt_Skippy

Nice video. I've used most of the software you've mention. Some of them I am definitely going to look up and give a try. Malwarebytes I would say works the best so far. But like I tell all my clients, there is NO 1 program to rule them all. A combination of software/hardware and a cautious user it your best bet.

robroy73
robroy73

it doesn't offer any realtime protection with the exception of Tea Timer which I find more annoying than anything. Tea Timer is no worse than most IS programs that have their firewalls warn you every 5 seconds, especially if you are installing new software. Trend Micro's Sysclean use to be a good one but I am starting to think its usefulness has ran dry. 3 tools for cleaning IMO in Safe Mode: 1) ClamWin Portable 2) SAS Portable 3) Spybot... I'd run Spybot first actually and SAS right after it... all with updated definitions of course. 90% of all problems that occur today with infections are generally picked up by the spyware scanners as trojans are generally thrown in that category now.

Nickgreene
Nickgreene

1. CC-Cleaner 2. Malwarebytes (Quick Scan) 3. Reboot 4. CC-Cleaner 5. Avira AV 6. Malwarebytes (Full Scan) The last two scans are not always run until later, if the problem has resolved itself. Sometimes I do those two scans as they can take a while, to properly value my $250 virus removal fee. That fee also includes if I have to rebuild the machine. I've come across several fake-av programs that will not let any program launch after it's been loaded. It will state that the program has been infected, etc. Quick fix, w/o having to resort to boot-discs, is: 1. Make a shortcut of; msconfig & taskmgr and place them into the start up folder. 2. Restart computer, msconfig and taskmgr will load before the malware loads and you can kill the process, and run your scans. Usually, I find these malicious programs running in temp file locations.

dayen
dayen

Runn them from boot disk, Bart PE/UBCD

dayen
dayen

Were going to try MACS too ! but you know they will come after MACS soon better learn to Google it like backup people think about it and forget SAD

SgtPappy
SgtPappy

....banana, he uses an apple!

mmcguire
mmcguire

As the title indicates, one would assume that malware (as large a threat that it is) could be tracked to a few companies, but it definately is NOT. The same rule of thumb applies to those that make Anti-Malware products. They study the lists, come up with a fix, and apply it to your particular product. As the video stated, there is "NO ONE PRODUCT THAT IS 100% EFFECTIVE" Why, because we can't stop the programmers from wanting to spread their diseased programs around the world. As a result we (the good guys) are in a constant battle updating software, blocking ports, patching servers etc, and I for one am tired of it. Having to constantly search for the next best cleaner because some Malware programmer knows how to circumvent them is not only time consuming, but is annoying to the nth degree. Not only that, but now we have to practically play babysitter, because there is no one way to completely keep our computers safe. Some of the users I've worked with can barely protect themselves, let alone their computers. I'm a self proclaimed geek, and it's hard enough for me to keep up, just think of how Joe user feels at home somewhere in Indiana that's just got his first high speed connection and gets dumped on by all this crap. I would love for a solution to exist that would not only protect us from these threats, but go on the offensive to attack back. All of these solutions above focus on the defense of the personal computer, but absolutly NONE of them have anything to do with offense. If the programmers knew that some company was specifically targeting them, they might think twice before sending their junk all over the place. How about a Spyware Nuker that actually not only Nukes the Spyware, but also the originator. Oh well, something for the wish list.

mike
mike

I have to run off to take care of a system now, but I'd love to see your routines in the order you apply them. I've been cleaning systems now since the advent of spyware and malware, and it is worse than ever out there. I know some of my user are truly doing no wrong but get hammered by these phising types of crap and "scan screens appearing from no where" etc. By the software or else, LOL. I'll post up my routine a little later. Thahnks

Boomertechhelp
Boomertechhelp

I have used all of these tools over the years and, as mentioned above, things change and so do the tools. The 4 things I do: If PC will boot then SAS portable in safe mode. Then run native AV or uninstall it and install AVG in normal mode. Reboot to safe mode and run AV. Next Abexo registry cleaner then MS disk cleanup tool. Run for a couple of days on my bench. Problems? Back up data and reinstall OS. I will continue this process but am always looking for improvements. Recently, my own data/printer/application XP Pro 'server' had a hardware crash. It was old and due and I thought I lost the HD as well. It would have been very time consuming to get it back to where it was. I upgraded to a faster (customer abandoned) PC and tried something I have not done in the past: disk cloning. Fortunately the old HD still booted on the new PC and after finding all the new hardware and automatically updating all the drivers, I ran xxclone xxclone.com and imaged the disk to a brand new disk. Shut down, romoved the old HD and viola, it rebooted using the new HD and all my settings and apps were there. I bring this up because, HD are cheap, disk cloning is easy and data backups are easy to perform automatically. I am going to convince my customers to add a second HD and clone it right after a disk wipe, app installation and data restore. The next crash I will look like a hero by the speed the system is up again. What do you think?

joseph.r.piazza
joseph.r.piazza

Obvious question....is the portable version meant to run off a CD or Thumb drive?? Can it run from command line?

mudpuppy1
mudpuppy1

And you base this on....? Not being snippy, just need something more substantial.

antik
antik

Watched a video and found only couple of familial tools AND nobody is using them because they are just plain joke (Microsoft). All other tools I never heard about. Where is SpyBot for example?

JCitizen
JCitizen

Tea Timer? What happened to Immunizer? You must not have been using it correctly!!! I always laugh at people who say SS&D never finds anything but cookies, but they don't realize THAT IS JUST THE POINT!!! The TeaTimer keeps the registry intact, and the Immunizer keeps the crud from downloading in the first place! Now if you would have said SS&D was obsolete, I would agree with you. AdAware Free out performs it regularly. And here is another thing with "cookies". Ever wonder why you can clean all the temp files of the system and browser and still find "cookies" Well if these were just plain any old day cookies they wouldn't get out of the cookie bin, would they? I'd say the cookie has evolved into a nasty form of server control, that goes where it is NOT supposed to and interferes with normal system operation by filing itself in places in unconventional ways, which really messes with the whole picture! Especially flash cookies, these things are really a pain. Thank God CCleaner does find all of them and remove them everytime! I experience all kinds of lockups and system hiccups until I get rid of these miscreant "cookies". I use AdAware because it somehow blocks the signals to read these crapware ad cookies, and makes my surfing the internet, and operating the system livable. I don't care if it doesn't do anything else, it is worth a lot just to get that out of it. One can always rely on MBAM and SuperAnti-spyware to take care of the rest. A-Squared free is a good scanner for older feeble machines.

JCitizen
JCitizen

this is why running CCleaner can get rid of the problem, almost every-time! Running as standard account means almost all the malware ends up there!

mike
mike

That last little bit there with quick fix is a good idea. I do a lot of remote service and I usually have the user advise me as soon as the DT starts to load to get Task manager open and kill the process, but that is a good Idea I'll try. Thanks

jeffo
jeffo

These are very useful tools that I'll make good use of. Thanks for the advise.

robroy73
robroy73

Command line??? You would have to read the documentation on that as I have only used the GUI but I guess it's possible? It comes as a .com and extracts the files in temp directory under ur user profile. I keep a favorite for the site housing the portable as they update it quite often. It works for me and I am not crazy about their full version. :)

Boomertechhelp
Boomertechhelp

installed via memory stick while in safe mode on XP. It has been very effective for me.

Mark_TeeE
Mark_TeeE

Trashing Micrsoft appeals to a certain segment of the IT community who believes that everything made by MS is useless and if you say MS is bad it gives one a certain degree of unearned street cred in the mind of the one criticising. MSE, based on my experience and by experimenting with many other programs is a good program and a good option. It's FREE with a valid OS. It has found and cleaned or outright prevented several Malware infestation attempts. It's well maintained also.

jonpresson
jonpresson

I highly suggest that you check out Microsoft Security Essentials, which is the freely available consumer version of the MS Forefront Security Client. I am shocked that it didn't make it on this list, especially when the one-off items for the malicious software removal and MBSA did make it.

rustys
rustys

Real Antispyware Tools? I have used the Microsoft Malicious Software Removal Tool when Spybot did not even pick up the infection. Back a while Adaware and Spybot were the tools to use - these days they are barely effective. As Bill said, you need to have an effective strategy and a planned approach.

chris.lambert
chris.lambert

Malware Bytes is well worth a look at. So far 99.9% of Mlaware I have come up against has been removed by this program. I have never found Spybot to be anywhere as good and feel that it has somewhat had it's day.

mudpuppy1
mudpuppy1

"Trashing Micrsoft appeals to a certain segment of the IT community who believes that everything made by MS is useless and if you say MS is bad it gives one a certain degree of unearned street cred in the mind of the one criticising." Yeah, I've noticed that. Just shows their arrogance and ignorance (in my opinion). MS deserves some lumps, but some people don't know when to quit. I've been using MSE at home since November-ish. As far as I can tell, it's working fine. It's popped up on one or two things so I know it's active at least (those one or two things were spyware on my son's box). So far, no false positives that DNSB had.

Thumper1
Thumper1

System infected with XPAntiVirus2010 (Or one of it's variants), assuming you have process explorer and malware bytes on a thumb drive. A) Boot system in safe mode. Copy process explorer to desktop, rename to "Explorer.exe" install Malware Bytes. B) Boot system in normal mode. When the desktop loads, you may have a few seconds before the malware loads, run the re-named Process Explorer. C) Kill the offending process. D) Go to Internet Explorer-Tools-Connections and reset the lan settings. E)You should now have the Internet back, run Malware Bytes and update it. I did this a couple of days ago, it was by far the fastest I have ever eliminated the offending program. This will work until the a******s who write the malware change it again.

DNSB
DNSB

My main issue to MSE is that it seems to trigger more false positives than most of it's competition. One example is downloading and installing Exact Audio Copy -- one acquaintance phoned me in a panic when he tried to do so on his new computer and MSE removed the downloaded file as infected. Checked with Jotti's multiscan and no problems found, ditto with Vipre, McAfee Corp. and Norton Corp. locally.

jwhite
jwhite

If you heard recommendations for anything made by Panda, they're from clueless users who just don't know any better. Panda, including their cloud technology, is a complete joke of a company. I know this just sounds like a rant, and it is, but all versions of Panda products made in the last 3 years are far worse than any malware infections we've ever gotten. Instability, never-ending configuration hassles, and no real protection from modern threats are just a few of the disadvantages. Panda basically gave us each one of their products for free, one after another, after none of them would even begin to work, let alone actually detect or clean any malware. Oh and if you don't speak Spanish, don't bother, because half the error messages and instructions are in Spanish or broken English, in the ENGLISH edition of the software. MalwareBytes and ForeFront/MSE are the only consistently good tools I've found in the recent past.

shirish.veta
shirish.veta

Some times i am also help less to my clients that Microsoft dose not support in this situations. the help center is also helpless. they divert the call to Hardware vendor. its partially right. but each time we have to format the os or reinstall the os that hurts.

n.gurr
n.gurr

Is my free AV of choice atm. Although I have heard that Panda cloud is good too.

JCitizen
JCitizen

the dividing line between spyware and viruses has blurred when you talk about the code. So if you want a kick butt anti-malware tool from AdAware, you need to purchase the AdAware Pro. However, then you have a pretty good but not the best AV solution. Maybe this years AV-comparatives may show Lavasoft as one of the top competitors. They just changed the heuristic engine in AdAware so I wouldn't discount it yet. The free one still outperformed Spybot S&D. Personally I can't get fast downloads without AdAware; it blocks pesky ad server signals that hamper network performance. I never start my day without updating AdAware Free first. The other thing I like is it updates on the restricted user account on Vista x64, so I don't have to Run as Administrator all the time to update it, like I do with MBAM. There is more than meets the eye on these subjects!

daytech
daytech

Spybot still has its uses. The immunize feature still works well and is easy to work with. For typical cleanings, I generally scan with MBAM first and then follow with Spybot which does a good job of restoring system settings which MBAM misses. I finish with HiJackThis to verify all items have been removed. I clean about 3 to 4 systems a week on the side for extra cash and this formula has worked well recently. However, ask me in a year and I will likely have a different routine. That's the nature of Malware removal.

JCitizen
JCitizen

the factory denied and denied that their wasn't any malware issued in their driver disks. But SOMETHING was probing my network, and my Safe@Office blocked it fortunately. I think it was a bot looking for weaknesses to recon the LAN and send information to the bot net. However the information never got out, and I solved it by uninstalling the driver and getting a new one straight from the Brother support site. Problem solved - no malware in the CD, huh? Then how come that solved it!!!

JCitizen
JCitizen

anti-virus programs are you using for real time protection? You can only run one, so I assume it is MSE. Friends don't let friends do AVG. It has been a undeniable category 5 disaster for my clients. Running both of them with one real time, might get away with it for a while. I can only recommend one free anti-virus, and that is Avast; all others have failed in my honeypot lab, or with my clients. You only get one chance, so I go with Avast, and Prevx as a backup scanner. Prevx does not need updates and does not conflict with any of the good AVs. It is not recommended to remove malware with Prevx. It is enough that it can act as a back up to the other utilities, and foul up the serious spyware that attempts to gain access to your sensitive data. I only have a short main AV list. Avast NOD32 NIS 2010 GDATA The bottom three aren't free, but well worth the money. And I still use a deep defensive strategy.

jonrosen
jonrosen

MalwareBytes has long standing been the last, and often first line of defense to clean out viruses. Due to a 'loaded' driver I installed from Canon last month, I had two different infections of the 'fake-av' type viruses. Both times: Symantec (pre installed and running) didn't do anything, couldn't find it. Trendmicro Housecall: Couldn't find it. Spybot: Didn't find it MalwareBytes: Found it, removed it. The only only further problem that MalwareBytes couldn't help with, was that the 2nd one, had actually unlinked .exe tags as applications in the registry. As the user had no admin privileges, I've still no clue how the hell it happened, but it happened. Malwarebytes is definitely the long-standing champ in this field.

dleippe
dleippe

I use Spywareblaster and Spybot for immunization. I use Spybot, Malwarebytes, and Ad Aware to clean. When I suspect an infection, I run Malwarebytes first. Then I run Spybot, then Ad Aware. I disconnect from the Internet before scanning. All three scanner/cleaners find something the others missed. If the system still seems buggy, then I run Super antispyware as a portable. It is too big of a resource hog to be installed for everyday use. If that doesn't fix it, then it is time for GMER and other rootkit detectors. When all else fails, Re image..

DNSB
DNSB

I've used it for a couple of the special cases it covered. Worked well but again it's a special purpose tool. Much like one machine I recently used Kasperky's TDSSKiller on. If you have that infection, it's great. Otherwise, it's a waste of time.

Mark_TeeE
Mark_TeeE

One of the things not mentioned in the video was Microsoft Security Essentials. It has a real-time protection program which runs as a service and a virus/Malware scanner, that in my experience thus far, is updated daily. The Micrsoft tools mentioned in this video are actually the least useful and least effective programs. I currently use both MS Security Essentials (Free with valid copy of windows) and AVG Antivirus. Between the 2 programs and a well maintianed Firewall the combination has found and cleaned everything I have run into thus far. I do think it is best to use 2 programs. My experience has been that AVG sometimes detects and find things MS Secuity Essentials does not and vice-versa. I was using Malwarebytes, but changed to MS Security Essentials because it is free and it really does work pretty good. Not everything Microsoft does is a "joke", I just think sometimes it is just fashionable to poo-poo them, but in this case I think they made a pretty good product. Especially for the price.

vaor.itt
vaor.itt

Spybot worked for me with cases of Sality/W32 infections; I combined it with AVG free edition and RegRun after cleaning, to restore Registry Editor and Task Manager Access. Took about 3 hours, but it worked. Malwarebytes, very good tool. What about McAfee's Stinger? Has it worked for any of you in any case?