3 Best Methods to Clean Up Malware


When the operating system will not boot and when the operating system will boot. The best free malware scanners, offline and online, plus the best free bootable rescue solutions.

Recent Malware History

malware-scan-remove

The incidence of malware infections on home computers has slowed quite dramatically over the past couple of years. I believe there are two main reasons for this:

  1. Improved detection and prevention by antivirus products due to heuristic (rule-based) detection now commonplace and much improved
  2. The cost to reward ratio now making producing new strains of malware unprofitable

The game of cat and mouse between malware developers and antivirus developers has been going on for years with malware developers continually producing new strains and antivirus developers always playing catch up. However, with relatively recent enhancements to antivirus products, including a much-improved heuristics component, these products are now more proactive rather than reactive which has seen antivirus developers get on top of the situation.

This has led to a rethink by malware purveyors who are now looking to more cost-effective measures to deliver their malicious load. Rather than trying to outsmart antivirus software, malware distributors are now relying more on tricking users into infecting their own machines and/or voluntarily disclosing sensitive financial details. This is achieved per medium of:


  • Phishing emails impersonating legitimate institutions in the hopes of eliciting financial details.
  • Embedding malicious links in emails
  • Sending email with malicious attachments

If you think about it, it costs next to nothing to send out thousands, even millions of emails and, if even only (say) 5% of those emails elicit a response, it can potentially produce big bucks for the cybercriminals at a minimal cost. Regardless, there are still times when malware infections need to be dealt with and thankfully, there are plenty of options to help.

Clean Up Malware When The System Will Boot

There are two options here. If the system will still boot up and you have access to run applications unimpeded, then either local or online solutions are the way to go. NOTE: If malware is preventing local solutions from working properly, try running in Safe Mode.

Local Solutions

These include any installed second-opinion scanners, such as Malwarebytes Free, or any portable second-opinion scanners. Most portable second-opinion scanners do not update their definition databases automatically and you need to download the latest full copy each time of use. That said, there is a very good free and portable second-opinion scanner that does update its definitions automatically from within the program– Emsisoft Emergency Kit Scanner.

Emsisoft Emergency Kit Scanner (EEK) is a big download (around 334 MB) but that is somewhat mitigated by the need to only download once for ongoing use. EEK is easy to use and will scan for and remove all prevalent forms of malware including rootkits and even PUPs. The only negative is that it doesn’t include any cloud-based scanning which means it is not as effective against zero-day (or new strains of) malware.


Another free and portable scanner is Norton Power Eraser, which relies solely on cloud-based implementation. Now, I know many users are not fans of Norton products but the fact is that Norton is a leader in the security industry and detection rates are undoubtedly top-notch. Norton Power Eraser doesn’t rely on definitions at all and utilizes Norton’s file reputation system to detect malware and PUPs.

NOTE: Norton Power Eraser is very aggressive and prone to false positives so make sure to check through the list of flagged items prior to removal. That said, Norton Power Eraser does include options to create a system restore point and undo previous fixes. When used in conjunction, EEK and Norton Power Eraser should ensure a successful malware clean up.

NOTE 2: Panda Cloud Cleaner – Anyone looking for an installable alternative to Malwarebytes Free might be interested in checking out Panda Cloud Cleaner. Panda Cloud Antivirus has always scored very highly for detection rates in lab tests and Panda Cloud Cleaner utilizes the same cloud database to identify and remove existing malware. Panda Cloud Cleaner is pretty basic but because it utilizes always up-to-date cloud-based scanning it never requires updating and is superior at detecting newer malware strains.

Online Solutions

Again, provided the operating system boots up, quite a few security companies provide an online malware scanning facility, possibly the most well known of which is Trend Micro House Call. The obvious advantage of utilizing these services is that there is nothing to download and they are always up-to-date. Most are quite simple to use and can be very effective at cleaning up malware infections. Of course, the machine in question will require a working internet connection. In no particular order, here are links to several of the most reputable of these types of services:


Clean Up Malware When The System Will Not Boot

When a machine is so heavily infected that the operating system won’t boot you’ll need to rely on a bootable solution of which, thankfully, there are quite a few to choose from. These solutions are generally known as ”rescue discs” or ”bootable antivirus discs” and most often involve downloading an ISO file which then needs to either be burned to CD/DVD or used to create a bootable flash drive. You would then boot from the bootable media which, when loaded, you can use to scan the system and remove any identified malware. In no particular order:

  • Kaspersky Free Rescue Disc – Professional product. Full graphical interface. Configurable scans. Scans for a wide range of malware (591 MB)
  • ESET SysRescue Live – Excellent graphical interface. Highly configurable scans. Loads of advanced extras (677 MB)
  • Comodo Rescue Disc – Graphical interface. Comparatively small download. Good variety of scan types. Includes heuristics scanning option (50.6 MB)

NOTE:

Once an operating system has become so badly infected that it will no longer boot it is difficult to guarantee getting back to a malware-free status. Plus, even though malware has been removed it may still leave behind damaged system files. If a bootable rescue disc manages to get your operating system up and running again I suggest you take the following further steps:

  1. Scan the system again with either installed or portable second-opinion malware scanners, then scan again with one of the online scanners.
  2. Run the System File Checker– open an elevated command prompt, type in sfc /scannow and then hit Enter. If file corruptions are found but not fixed, run the scanner several times. If still not fixed, please read:  SFC Fails To Fix Errors – What Now?

With these types of severe infections, it is often safer to start over again with a fresh Windows installation.


FURTHER READING:

About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.

3 Comments

    • Hey Otto,.

      Panda Dome is an antivirus with real time protection whereas Panda Cloud Cleaner is merely a malware scanner/remover with no real time protection included. You’re better off using a different second-opinion scanner to the one provided by your antivirus developer. The whole idea of a second-opinion scanner is to check that your main antivirus hasn’t missed anything and that isn’t going to work if both are sharing the same database.

  1. Am glad Jim is helping out those caught with an infection. Know full well not everyone can or wants to purchase protection software. Yet, decided years ago, it is cheaper (time wise) to prevent getting a bug, than trying to disinfect later. By using (purchasing) a Pro-active product, to block malware, and using scanners from other companies to verify all is good is ideal. Even better to have layers of protection (which work without conflict) is a safer approach. Then to each, their own, Mindblower!

Leave a Reply

Your email address will not be published. Required fields are marked *