- slide 1 of 8
Free Virus and Trojans Removal Tools
There are many methods of protecting a computer or network. One of the methods is by preventing viruses, trojans and other types of malware to infect a system or network. An antivirus program, free or paid, should be installed in any PC to help prevent malware infection. However, there is no single anti-malware or anti-virus software that can detect all types of malware. This means a system is always going to be at some level of risk, especially if there's no extra layer of protection by a firewall and other security tools or configuration that does not interfere or conflicts with the installed antivirus software.
If you frequent help discussion forums that offer free malware removal, you will notice that some users are using high-end antivirus programs but removing malware requires another tool. In many incidents, the user has to download other tools to clean the computer. In this article, we'll demonstrate which free antivirus and Trojan removers are useful when it comes to malware cleaning. I put to test the Top 10 free antivirus programs by installing the antivirus software in a PC that was infected with a rootkit, a scareware program and a backdoor Trojan. Find out which free antivirus program will succeed in removing such infections without a need to download another removal tool.
To test the free removal tools, each malware executable was run using an administrator user account. Also, the System Restore in Windows was disabled and the PC was configured to show hidden files. The PC is restarted after infecting the test system. Next, the antivirus or anti-malware software is installed and configured using the highest settings for detecting malware. A full system scan was run and allowed the antivirus software to remove or quarantine any infection it finds. The PC is restarted and again run another scan after the removal process to verify that the infection is gone or if there are remnants or malware traces.
- slide 2 of 8
Backdoor Trojan Removal
The malware in this test is named my_facebook.exe, which is a backdoor Trojan that connects to an IRC server and tries to steal information from an infected computer. The malware adds two lsass.exe instances in the startup entry in Windows and it runs as malware processes using the current user profile. It also adds a registry key in the Run section under HKEY_LOCAL_MACHINE. The following free antivirus software will succeed or fail to remove the infection:
- Ad-Aware - Lavasoft's Ad-aware with antivirus engine failed to remove the infection. It only removed the executable, my_facebook.exe.
- AntiVir 10 - Avira AntiVir completely removed the malware infection.
- Avast! 5 - malware is removed but one of the lsass.exe in the startup entry and a registry key were left behind.
- AVG Free - AVG has cleaned-up the PC.
- ClamAV for Windows - This program failed to remove the malware.
- Comodo - The malware is removed by Comodo but it left two startup and a registry entries.
- Immunet Protect - Failed to remove the malware.
- Microsoft Security Essentials - This free antivirus program by Microsoft completely removed the malware infection.
- Panda Cloud AV - Failed to remove the malware infection.
- PC Tools - PC Tools Antivirus free removed the malware completely.
- slide 3 of 8
Some people have to pay to remove malware infectiosn in Windows. Little do they know that there are many free anti virus and trojan removers can clean an infected computer. Avast, AntiVir and Microsoft Security Essentials are good in detecting malware and also removing them.
- slide 4 of 8
Scareware or Rogue Program Removal
Scareware or fake antivirus program are found to be one of the top threats that is in the wild. Many users become a victim of a rogue program infection. In this test, the system was infected using the file setup19.exe that infects the system with rogue software and displays a fake Microsoft Security Essentials alert. Below is a list of the free antivirus programs that should detect the registry value antispy.exe in the HKCU's Winlogon registry key, the malware executable setup19.exe and the antispy.exe are in the user profile folder, added by the malware.
- Ad-Aware - Lavasoft removes the malware infection but failed to remove the registry value.
- AntiVir 10 - Avira AntiVir completely removed the malware infection.
- Avast! 5 - Malware is removed but failed to remove the registry value.
- AVG Free - Malware is removed but failed to remove the registry value.
- ClamAV for Windows - It failed to remove the malware.
- Comodo - Malware is removed but failed to remove the registry value.
- Immunet Protect - It failed to remove the malware.
- Microsoft Security Essentials - MSE has removed the malware, completely.
- Panda Cloud AV - Panda has removed the malware but not the registry value and malware executable.
- PC Tools - PC Tools Antivirus free has removed the malware, completely.
- slide 6 of 8
Rootkit Infection Removal
A web search virus, also called a Google redirect virus, continues to annoy end-users and this is because of the Trojan and rootkit infection known as Alureon or TDSS malware. Most users will find the links in the search results using Google.com, Bing.com, or Yahoo.com are redirected or will display a blank page. To reproduce a Bing or Google search redirect virus infection, I infected the computer using the file name file4.exe. The infection is not visible to the user since it's a hidden object, also known as a rootkit infection. Note that the malware also added a hidden registry key. The following antivirus program succeeded or failed to remove the rootkit infection:
- Ad-Aware - Lavasoft failed to detect the rootkit infection but only found and removed tracking cookies.
- AntiVir 10 - Avira's scanner only found the rootkit infection in the test system but did not remove it.
- Avast! 5 - Alwils' Avast has completely remove the rootkit infection using its boot-time scan and a full system scan.
- AVG Free - The free version of AVG does not include rootkit infection. I continue to test anyway and as expected it found no rootkit infection.
- ClamAV for Windows - The free version of ClamAV for Windows does not include rootkit infection. I continued to test anyway and as expected, it found no rootkit infection.
- Comodo - Comodo AV failed to detect or remove the rootkit infection.
- Immunet Protect - The free version of the Immunet program does not include rootkit detection. I continued to test anyway and as expected, it found no rootkit infection.
- Microsoft Security Essentials - MSE has removed the rootkit infection but left the hidden registry key.
- Panda Cloud AV - This cloud-based antivirus program by Panda found and tried its best to neutralize the rootkit infection but failed to remove. Each time a restart and scan is done, Panda Cloud Antivirus always try to neutralize the infection but failed often as well.
- PC Tools - PC Tools Antivirus free has failed to detect and remove any rootkit infection.
Note: The image at the right shows the rootkit infection in the test system can redirect any Google search to unwanted website.
- slide 8 of 8
The performance of these free antivirus and trojan removers is impressive. Most of the popular free antivirus programs can remove malware. Some only leave remnants or malware traces, such as registry keys pointing to executables that have been removed. It's recommended to regularly scan the system when a new virus definition is released. Detection signatures are being updated or modified by security vendors because it does not only add new virus signatures, but also enhances the detection for existing virus signatures. Also, a regular scan using free online scanners or on-demand anti-malware scanner is highly recommended so you can remove the remnants or check if the system is completely malware-free.
Special mention: The boot-time scan in Avast to detect and remove a rootkit or nasty infections is a big help to end-users, whether you are using a paid or free edition of Avast. Microsoft Security Essentials also provides a good malware removal module, as it removes the rootkit infection without using another method of scanning.
Image credit: Screenshot taken by the author.