TR Dojo: Detect and remove malware with these tools

Bill Detwiler: IT pros and consumers alike are engaged in a constant battle to protect their machines from malware. And, as malware developers innovate and adapt, anti-malware software vendors must do the same.

I'm Bill Detwiler, and on today's episode of TR Dojo, I'm going to help you sort through the current swarm of anti-malware tools.

Before we get started, let me say that I've never seen a single anti-malware product that's 100-percent effective. Don't think you can download any one tool that I mention in this episode and be completely safe.

Defending against malware requires a layered approach and a mix of software, properly configured hardware, and responsible computing practices.

Also, there's no way I can cover every anti-malware product or strategy in a single episode. What I'll do today is provide a basic understanding of the various categories of anti-malware applications and look at a several tools that TechRepublic bloggers and members recommend.

With those caveats out of the way, lets look at the three big categories of anti-malware tools.

First, we have programs designed to detect processes running on your machine. Knowing which processes are legitimate and which are malicious is good place to start when combating malware.

Second, we have malware scanners that scan your system looking for already-existing malware infestations.

And third, we have tools designed to remove active malware from your system.

Now, let's look at some of the products that fall in each of these categories.

If you're starting out with a clean machine, you can use a process identifier to log all the running processes and describe what they do.

One of the better-known tools in this group is Microsoft's Process Explorer. You can use Process Explorer to create a baseline of the running processes on your clean machine and then periodically rerun the application to look for any change. Products such as TrendMicro's HijackThis and Kaspersky's GetSystemInfo perform similar a function, but they offer many more options.

Now just remember that because you have a new, or unrecognized process running on your machine, you don't necessarily have malware. Many legitimate applications will run processes in the background.

To help you determine whether a specific process or file might be malicious, you can enter the process into your favorite search engine or try a site like SystemLookup.com. This site has information on thousands of items, and you can find search by filename or CLSID (class ID).

If you're using TrendMicro's HiJackThis you can even take you scan log to sites like HiJackThis.de and NetworkTechs.com that will analyze the file and point out possible issues.

You can also check out WindowSecurity.com's HiJackThis forum for help deciphering your HiJackThis log.

Next, let's look at malware scanners.

Again, Microsoft has its own tool -- the Baseline Security Analyzer. This vulnerability scanner detects insecure configuration settings and checks all installed Microsoft products for missing security updates.

Another reputable source for malware scanners is an organization called Secunia. Unlike the Microsoft analyzer, Secunia products also scan hundreds of third-party applications, and will help pinpoint problems as well as offer information on how to fix them.

A favorite among TechRepublic members is the a-squared Anti-malware scanner from EMSI Software. Members like its user interface and fast scan times.

The last category includes malware removal tools.

Microsoft's entrant here is the Malicious Software Removal Tool -- a good general malware removal tool, simply because Microsoft should know whether the scanned code is theirs or not. It features an automated scan and removal process with Windows Update keeping the signature file database current.

A favorite of TechRepublic Security blogger, Michael Kassner is the Malwarebytes Anti-Malware scannerl. Kassner also likes GMER, which is specifically designed to detect and remove the most sophisticated and intractable malware rootkits.

TechRepublic members also recommend tools SUPERAntiSpyware and the Bleeping Computer's Combofix tool.

As you can see, there are lots of products available to help you fight malware. The ones I've mentioned today have been recommended by TechRepublic bloggers and members. And, while everyone has a favorite, they are a good place to start.

For more details on malware and for links to the tools mentioned here, make sure you check out the blog notes. You can also share your feedback on fighting malware and your favorite tools and techniques.

As always, for more teachings on your path to becoming an IT Ninja, visit trdojo.techrepublic.com or you can follow me on Twitter at twitter.com/billdetwiler.

Thanks for visiting the TR Dojo.