The Best Malware, Spyware, and Virus Removal Tools

I was recently forced to upgrade my old Windows XP operating system to Windows 7 due to an unfortuitous failure of my primary hard drive. I'm enjoying the new Windows, but unfortunately there's not a reliable method for upgrading from XP without losing all of your programs and having to reinstall them. Windows does provide a couple of helpful tools to aide you in making the transition manually, but frankly I'm quite often a procrastinator. So I naively went about exploring the internet without installing my favorite antivirus program, Avast (which I'll get to in a moment). Within that span of time - about a week - I managed to infect my computer with a pretty nasty rootkit virus.

I consider myself fairly savvy when it comes to computers, and can generally fix any problems that arise both software and hardware related. I've built computers for myself, and for others over the years; I even built the one I'm using to write this article. However, this nasty little virus very nearly got the best of me, and I thought that I was going to have to reformat the drive to get rid of it. Reformatting is the last thing you ever want to try in situations like these because you lose every bit of data on the disk you reformat. Sure, I had only been using my new system for a week and I honestly didn't have much to lose, but this sucker made it personal; I wasn't gonna let it beat me.

The first sign that something was wrong was when my Internet Explorer locked up. Thinking it was just a program error as a result of me leaving the computer running for nearly a week straight, I rebooted. This is when the those viruses fully integrate themselves into your system; as your operating system is restarting, the malware or virus is also 'installing' itself onto your system, fully infecting your computer.

I was first presented with an Internet Explorer that wouldn't work. In fact, even trying to run the program would cause the whole computer to freeze. "That's strange," I thought, still not realizing I had a malware problem. I then got a notification from a scareware program that was masquerading as Windows Defender, saying that I had multiple infections on my machine. It recommended that I download a program called "Palladium Pro" to remove them.

I was not yet familiar enough with Windows 7 to realize that this was a program pretending to be Windows Defender, not an authentic Windows or Microsoft product. So I said to myself, "okay, sure. I'll do what it suggests." Boy was that a huge mistake. I should note that clicking on any of the buttons in a fake program like this will probably net you some big problems. The best option is to try and kill the process from the task manager. If this isn't possible then I suggest using Rkill, which I'll get to in a moment.

The fake Windows Defender program downloaded "Palladium Pro" and kindly rebooted my machine for me. I'm still thinking "okay, this is gonna work! My problems will be fixed!" That is, until I realized that "Palladium Pro" had taken over full control of my computer and wouldn't let me do anything. It presented me with two choices: Buy our product for thirty bucks (which you absolutely SHOULD NOT do.) or let your machine remain infected and 'unsafe to use'.

So I decided I was smarter than this silly virus, and tried to start up in Safe Mode. I still had problems with Internet Explorer freezing, but I knew I had a copy of Combofix (another handy program I'll get to in a minute) loaded onto a flash drive in case of emergencies like this, so I tried running it while in Safe Mode. But this only caused the computer to BSoD; I knew I had a serious problem at that point.

Grabbing my new Windows 7 disc, I popped it into the disc drive and restarted the computer so I could access my System Restore points (you can also do this by booting into safe mode, but in my case the computer simply froze). As the computer was booting up I had to change my boot priority to the CD-ROM drive with the Windows 7 disc in it, so that the Windows 7 disc would load instead of my Operating System. On some computers you are given this option at startup; at the bottom of the screen will be a list of buttons you can push to access different start up capabilities. In my case I only have to hit F12 repeatedly. Here is what my startup menu looks like:

At this point I must note that using System Restore is considered another last resort, because you run the risk of losing any recently installed programs or changes to your system. Of course this was my goal, because I had to get rid of the "Palladium Pro" program before I could even begin cleaning my machine. You generally want to pick your most recent restore point from the list of available restore points. But in my case I used the System Restore service to reset my computer to its original condition. I had only been using the Operating System for a week, so I wasn't at risk of losing much.

After the System Restore finished its job, I rebooted into Safe mode and was relieved to see that the Palladium Pro program was gone. However, my original problem still remained; Internet Explorer consistently froze, and I was unable to access any of my system tools that were integrated with Explorer.exe - that includes pretty much everything on the computer.Then I recalled another program that I kept on my flash drive (I can't stress how helpful these gadgets are) called Hitman Pro.

Now I honestly can't say enough good things about Hitman Pro, because when I ran the program it managed to catch all the germs that were infecting my system - I highly recommend spending the few bucks it costs to own the full version. Not only did Hitman Pro find a rootkit on my system, and several infected files/suspicious programs, but it also found an additional bootkit on my machine as well. This is what was causing all of the other scanners to crash or malfunction.

When Hitman Pro finished scanning, and cleaning - which only took about five minutes - it requested a reboot in order to complete the process. I agreed and allowed it to reboot my system. As my machine restarted Hitman Pro ran an additional scan before any of my software loaded. It found a couple more infections and removed them along with the bootkit and rootkit. When all was said and done I was finally free of the demonic virus and its minions. Everything was running smooth as silk again, but I was still left with the task of downloading and reinstalling all of the Windows 7 updates. A small price to pay for victory, I must say.

Backup and Restore

One of the most basic things you can do to protect yourself against viruses and malware is to routinely back up your system to an external device, like a hard drive. You should create system restore points daily, and also back up your registry on a regular basis. If you ever do encounter something that forces you to reformat, or causes you to lose any of your files, then you have a very convenient way of restoring your system.

Built In Windows Security

I don't personally use many of the integrated security features that come with Windows, probably because I'm a bit of a control freak and like to have some selection in how my system is protected. I suppose it's entirely up to the end user, but I'll briefly go through some of the steps to enable or disable the various features that come standard with Windows.

In your Control Panel you should find the icons for Windows Defender and Windows Firewall, where you can change the various settings for them manually. Windows defender is more of a spyware/malware preventer than an antivirus, so enabling it shouldn't interfere with any antivirus programs you install. However, if you ever install a malware program that has active protection, then you will probably want to turn Windows Defender off, as they can cause conflicts. I personally leave it on since I have no active malware programs - they are all 'on-demand'.

Windows Firewall, on the other hand, I have disabled since I am networked through a router and it functions as a firewall service. Honestly I find it to be nothing but a headache since I play multiplayer games with some frequency and it likes to block the ports used by those games. I suppose this is one decision that should be left up to you.

Other System Tools

Windows comes with some other features that can be helpful when trying to combat malware. if you go to the Start Menu -> Run and type in "Msconfig" you'll access the System Configuration window. This lets you change various different properties within your system, and enable or disable specific startup programs or services. This is often the first place one looks to see if anything suspicious has found its way into the system.

From here you can also access various system tools that are alternately available through the control panel. I don't really recommend messing with things in here unless you know what you're doing, but it's always good to know how to get to these functions if it's ever needed.

Another helpful utility that you can run from the start menu is services.msc. You can alternately access the services menu if you right click on 'My Computer' and select 'Manage.' It's down there under the Services and Applications tab. This is another place I don't recommend you mess around much unless you know what you're doing. You can probably safely disable any service that isn't a Microsoft service, but you would probably want to have someone knowledgeable personally advise you along the way.

Lastly, always keep your Windows operating system updated! Included in Windows updates are often updates to your Windows Defender definitions, which aide in keeping your computer malware and spyware free.

Avast Antivirus

This nifty program is my first line of defense against all sorts of nasties that would be more than willing to take up residence on my computer. There's a free version available that will suit almost every user's needs, and it hasn't failed me yet. Like most antivirus programs, it provides active protection again any potential threat to your computer. It scans pages as you load them and prevents malicious programs, scripts, or Active X controls from invading your machine. It provides several layers of protection at once, and does everything from monitoring for suspicious program activity to providing a fairly thorough manual scanner.

It loads on Windows start up, and even has it's own self defense against malware or viruses that would try to disable it. There's a silent mode for you gamers out there, so any notifications don't interfere with a game that's full screened. Avast even allows you the option to manually disable it.

Basically,It provides the user with the same services of many of the name brand Antivirus programs with minimal invasiveness. It also provides basic protection against Spyware and Malware, which is definitely a plus. I highly recommend it, as it is the only antivirus program I will use.

Hitman Pro

Hitman Pro specializes in Spyware/Malware prevention and removal. There is a free version that allows you to use the full program for 30 days, but I recommend spending the Twenty bucks a year that it costs to own the program.

Unlike Avast, Hitman Pro is an 'On-demand' scanner, which means that you choose when you want it to scan your system, but it does provide an option for an automatic 'on-boot' scan. This allows it to scan your system for any infections before they are able to load and run on your computer. It's a deceptively useful tool considering its small size and how quickly it is able to scan your entire computer. With most scans lasting less than five minutes, it is incredibly effective at detecting and removing things that other programs can miss. It will even correct some changes that Malware may make to your system, such as using a proxy server which can cause your internet browser to redirect you to sites that you weren't navigating to.

It is designed in such a way that it will work with any other antivirus or anti spyware program you may be using, and will not interfere or cause conflicts with them. Another unique thing about Hitman Pro is that it uses a Cloud engine to help detect files as malicious or safe. What this means, essentially, is that it works across the internet with other computers to decide if a file or program is safe or not. These other computers are using various different virus and Malware scanning engines at once, providing unparalleled power in detecting malicious files.

The only drawback to Hitman Pro is that you will need an active internet connection in order to use it.

Malware Bytes

Malware Bytes has been an 'old faithful' of mine for several years now. The software vendor is generally keen on keeping their malware definitions up to date, so this program doesn't miss much. it was one of the scanners I tried to use while I attempted to fix my computer, but it caused a BSoD like the other scanners I used.

The free version of this program grants you access to full scanning and malware removal capabilities, but the full version all gives you a real-time spyware/malware shield very similar to Avast. It's a small program, but its deeper scanning functions can sometimes run up to thirty minutes or more. This is really one that you want to use before you go to bed, or when you're going to be away from the computer for a while. Which is really the only reason I prefer Hitman Pro, since I tend to be rather impatient when it comes to waiting for scanners to finish.

Other than that, I would say that it's on par with Hitman Pro in it's ability to remove most malware, but still lacks in the capability to remove some rootkits and bootkits. For most people this might be all you ever need. But for those of us who frequently use the computer, like me, you might pick up something a little too exotic for Malware Bytes to detect.

Another plus with this program is that there is a one time fee if you choose to purchase it. At about twenty six bucks, I'd say it's a pretty darn good buy. But, once again, I would say that the free version will suit most user's needs.

Combofix

Combofix is a completely free program that's generally reserved for those who are knowledgeable in the technical aspects of computers. It's a powerful program, and it will scan for several changes to your computer while at the same time searching for known infections. It will also install the Windows Recovery Console in case there is an error from which the computer is not recoverable, and will also back up your registry for this same purpose. For this reason I would list Combofix as one of the very last programs you should try using to eliminate infections.

Before you even attempt to scan with ComboFix you should make sure that any antivirus/spyware programs are shut down. In fact, you should try and shut down all of your programs, because ComboFix will close many processes down while it's running. It will also disconnect your internet while it runs to prevent any viruses from accessing your network, or the internet, in an attempt to preserve themselves. When it's finished your internet will be restored. You may also get a warning from Windows 7 saying that Combofix does not have a valid digital signature, but this is completely fine. I have run the program myself on several occasions with no problems.

ComboFix has a powerful scanning tool, but it is not always able to remove all of the infections that it finds. It may sometimes take up to thirty minutes for ComboFix to complete its task, and it may even force you to restart your computer. While Combofix is running, it is suggested that you not even touch your computer because this can sometimes cause the program to freeze or stall. You should only click on anything when it prompts you to do so.

It will go through a total of 50 stages when all is said and done, and will present you with a log report that will show you everything it did. Sometimes it can lag in this step, and sometimes your desktop may disappear, but that is completely fine; just let it do its thing. This includes a list of files it removed, a list of the malware it detected and removed, a list of your running processes, and a list of the things it detected but was unable to remove. Often this report is then posted to the people at bleepingcomputer.com to analyze and advise on further removal steps or procedures.

One of the other functions of Combofix is that it deletes all content in the recycle bin, and all temporary Windows files automatically. So if you have any files in those folders that you might want to keep, I suggest moving them.

RKill.exe

This is another program put together by the people at bleeping computer, and it's deceptively simple. If you've ever had a malware infection in the past then you are probably familiar with their awful habit of preventing you from opening other programs. Often you will try to run a virus or malware scanner only to get a message saying "This file is infected - we have closed it to prevent damage to your computer!"

This is the malware's sly way of preventing you from running a program to remove it. This is where RKill comes in. What RKill does is force a shutdown on any malicious processes running at the time, allowing you to access all your removal tools and clean your computer. It will often close other programs that are not malicious or a threat, but they can easily be restarted if you desire.

You may ask, "but how can I run RKill if I'm unable to run other programs?" Well, the people at bleeping coomputer are pretty darn smart, and figured out that most malware only prevents files with certain extensions from running, so they created several different versions of rkill for you to download. There's RKill.exe, RKill.com, and Rkill.scr. But, alas~ those evil folks that keep pumping out these deadful malware programs are getting smarter by the day, and some have discovered our secret weapon here. So some new malware infections will seek out RKill and delete it from your computer.

But the good guys are smarter, that's why RKill is also available to download in several different filenames, like Iexplore.exe, or Userinit.exe. The point is, I recommend downloading all of the variously named RKill files and saving them somewhere for a once rainy day. I even suggest renaming one of the files to whatever you like. For instance XdjDj43.exe, instead of RKill.exe, or ThrYt32.com, instead of RKill.com.

Once Rkill has done its thing, then you should be able to run your scanner of choice. But do note that some of these infections can be darn persistant, and you may have to run RKilll several times to beat them into submission. RKill also produces a log report of the processes it forced a shutdown on, so you can attempt to eliminate them yourself before they try to restart. (or you could always just run RKill again.

It will really come in handy when you need it most, because malware these days can hijack your browser and your whole system, leaving you unable to download or run scanners unless you have a seperate computer to do so. That's where those flashdrives come in handy. If you keep all your removal tools on one, then no malware or virus can delete them.

Now I hope I've properly armed you against this vile threat, and we can unite in the war against these evil critters!