Here are some of the better tools and resources we've found to help you clean out your system.

Free Online Virus Scanners
Make sure to turn off your current antivirus product before using these, or it slows things down too much. These can be used safely with a currently installed AV product.

• bitdefender online scan. Top ranked for a while, well, actually it's their installed version that ranks high, but I'm sure the online one is good too.
  
• kaspersky, also reasonably well reputed.
  
• TrendMicro.com House Call. Ok stuff, when it actually runs right.
  
• PandaSoft.com Active Scan. Use this along with TrendMicro. Shows infections if you print out data at end of free scan, but won't remove the stuff unless you pay. Very slow scan.
  

Generally, these will catch some trojans and viruses that other antivirus products have missed.

Anti Virus/malware Live Cds - Rescue Disks
Often you really can't get rid of bad rootkits or trojans while Windows is running, and for that, you might want to try these live cds:

• Antivir - Instructions - Download Page
  
• AVG - Download Page Note: this is command line, easy to use, but there's no standard window gui. It's the same command line version you'll see running in Windows Safe Mode, but it runs a LOT faster. Allows you to update as well, like all the others.
  
• Bitdefender - Instructions - Download Page
  
• Kaspersky - Instructions - Download Page

All of these will either let you burn the cd directly using the exe download file, or burn it using an iso disk image file. Read the specific directions to see how to do it. Try it, you'll like it.

Antivirus Products
NOTE: make sure if you are using a non-standard email client like mozilla thunderbird to set these to quarantine or warn on detection of viri, otherwise you can risk losing your inbox, since any virus found in your inbox will cause the deletion of the inbox file if you haven't changed this setting.

• Nod32. This antivirus product is very highly rated, it is not cheap, but what is your data worth to you? But don't get it from their site, that site sucks, get it from computech4u.net. that reseller is really pleasant to deal with, highly recommended. Nod32 is the best, don't settle for less if you want real antivirus protection.
  
• AVG Free Edition. I like AVG's stuff, it's small, light footprint, doesn't slow your box down like Norton, and has reasonably sized AV update downloads, very good product for users with dialup modem connections. You can also get their Full Featured non free Edition. AVG supports Linux too by the way, for those of you looking for AV protection for your servers. WARNING: there is a problem removing AVG on some systems, I've seen this on Windows XP with AVG 11, so you might need to use the free avg remover tool (that comes from AVG directly, so no worries about malware etc)
  
• AntiVir. Not quite as slick as AVG, also very lightweight, but forces you to download entire new program every major upgrade, which is usually every 6 weeks or so. Their antivirus definition files are quite small however. I use this product all the time when disinfecting a badly infected machine, I usually remove it afterwards though.
  
• MalwareBytes.org - well regarded, download page. Note the free version lets you do on demand virus scans to clean the system, which is what you usually need, so use this after you've run the other AV tools to make sure it's all clear. The pay version does real time virus scanning.
  

Antivirus Product we STRONGLY recommend against using

• Norton Antivirus. We especially recommend against using their Norton System Works product, which tends to mess up an unpleasantly high percentage of the computer's it's installed on.
  
• And the other big one, McAfee Antivirus. From my experience, almost worse than useless.
  

Portable Antivirus products / Live rescue cds

• dr web cureit - majorgeeks how-to use cureit
  
• list of many popular live rescue cds: avira, bit defender, cureit..
  

rootkits and other cleanup tools
Rootkits are very difficult to deal with, and the methods to remove them require difficult steps. Here's the tested and safe ones I know about so far:

• Advanced users only: combofix setup and run instructions from www.bleepingcomputer.com
  
• microsoft's rootkit revealer. Comes with a good readme explaining rootkits too.
  
• Sophos free anti rootkit - Strikes me as fairly useless on first view, but maybe it's good from something.
  
• glary utilties a freeware with registry and disk cleaning, privacy protection, performance accelerator and amazing multifunctional tools. It can fix dogged registry errors, wipe off clutters, optimize internet speed, safeguard confidential files and maintain maximum performance.
  

Firewalls
Always use a firewall, even if you are behind a router, it might save your butt one day. We've used the following happily for years:

• ZoneAlarm Firewall. Solid product, year after year. That link points to their free version download page, but check out their main site too, they have other stuff if you want to give them some money as well.
  

Anti Spyware Products

• Spybot Search and Destroy. Freeware, very well regarded. One of two tools you should run on a spyware infested machine. Make sure to update the spyware definitions before each scan.
  
• spyware doctor top rated.
  
• AdAware. You'll also want to run this one. As above, update before scanning. You can also download it from MajorGeeks, it's faster and easier.
  
• Hijack This. A registry analyzing tool, shows changes and lets you see what needs to be looked at more carefully. This tool is probably better for advanced users. You can download it here, at MajorGeeks. But take a look at the spywareinfo.com site, it's educational. And filled with good resources.
  

Virus and AntiVirus Information

• Virus Bulletin. Here you can find a performance comparison between the various Antivirus products. Nod32 is very highly rated. See below for where to buy nod32 though, dealing with the main eset site is a pain.
  
• Spyware, Adware, Windows, GNU/Linux, and Software Culture. This is one of the more accurate articles on the reality of spyware and viruses. Obviously, almost all, if not all, spyware and virus issues are directly caused by Windows systems. There is lots of good advice on maintaining a relatively clean network of windows installations here. I follow most of the steps the author recommends, and they work. Especially forcing users to switch to Firefox browser and Thunderbird email client.
  

Help Forums

• SpyWare Info.com. Top rated, fast replies.
  
• www.wilderssecurity.com - large forums with many specialized security tool sub-forums.
  
• Cexx Forums
  
• DSLReports.com Forums
  
• Net-integration.net forums
  
• www.bleepingcomputer.com forums
  
• Safer Networking Forums - spybot forums - the great spybot!
  

Recovery and Reinstall Tools
Ok, so we are giving up, and reinstall Windows. Here's some tools that may or may not help:

• www.drivermagician.com - identifies all the hardware in the system, extracts their associated drivers from the hard disk and backs them up to a location of your choice. Then when you format and reinstall/upgrade your operating system, you can restore all the "saved" drivers just as if you had the original driver diskettes in your hands.
  

Specific How-To's
Some things are just too complicated to handle generically. Here's a list of how-to's I've found useful at some point or other:

• www.bleepingcomputer.com Trojan horse Agent_r.XJ - A new toxic variant, hard to clear up. A bit more at malwarebytes.org and computerforums.org and at www.howtogeek.co.
  
• www.bleepingcomputer.com vundo-virtumonde removol - this is really impressively done work. Features the rkill.com task killer, which lets you run your desktop even after the bad stuff has it under control, and other useful tips. Quality writing.
  

Back to top