It has been a while since I posted a review of the anti-spyware/anti-malware "Top 10 Anti-Malware Tools".
In it I listed the top 10 tools I use when working to clean junk off a Windows computer. Since then I have found
three four fantastic new anti-malware tools that I have to add to the list!
- AVG Anti-Spyware 7.5 (free for personal use)
- A-Squared Free (free for personal use) - Updated to post on 1-16-07
- A-Squared Command Line Scanner 2.1 (appears free for personal and ? corporate use ?)
- Sysinternal's Process Monitor (free for personal and corporate use)
This post isn't intended to be a "how-to" guide...more like a resource list. One day I will try to do a general tutorial on malware removal.
My (updated) selection conditions: Must be available in a 100% freeware version or have a free for personal-use version (restriction of "non-essential" features for the free version is OK), and must be able to be used (safely or not) by users with normal to above-normal computer experience. With the exception of the Microsoft product (big-surprise) all of these can be downloaded to a USB device and used as portable tools!
I also have additional utilities and tools I need to use at times (Portable SysAdmin Tools), but these are the primary ones I depend on time-after-time for dealing with malware and spyware cleaning.
(in alphabetical order)
- A-Squared Free (NEW! Keep reading for more on this!) - Updated to post on 1-16-07
- A-Squared Command Line Scanner 2.1 (NEW! Keep reading for more on this!)
- AVG Anti-Spyware 7.5 (NEW! Keep reading for more on this!)
- LavaSoft Ad-Aware SE Personal
- Meirjn's HiJack This
- Microsoft's Windows Defender
- Noël Danjou's Locked Files Wizard.
- Spybot Search & Destroy
- Sysinternal's AutoRuns
- Sysinternal's Process Explorer
- Sysinternal's Process Monitor (NEW Enhanced Tool over Filemon and Regmon)
- Sysinternal's RootkitRevealer
(not used near as much...but good to have handy)
Meet the New First Round Draft Picks
A-Squared Free - Thanks to an anonymous commenter, I'm adding this one in as I completely missed it the other day. I had a chance to download this application earlier today and then (lucky me) got to try it out on a real-world malware infected pc. I must say, the GUI interface is very simple and well laid out. It allows you a number of malware scanning options (Quick Scan - all active programs, spyware traces, and tracking cookies; Smart Scan - same as above, but only important folders will be scanned; Deep Scan - same as above, and all files on hard disks will be deep scanned; and Custom Scan - you edit your own preferences). I ran a Deep Scan on the machine and it did a good job of finding what was targeted. I was also impressed when it found a malware log file remnant, even though the malware application was long gone years ago by the file date. Signature updates are easy to get and apply and seem to be offered daily or more frequently. The application even has an "Windows Explorer" context menu integration option, so you can click files to scan on demand. That's a very nice touch! It appears to me to be using the same DAT files and engine as their Command Line Scanner version listed below. It's pretty fast and can dig down deep with a very large DAT file list. Well worth using. With some easy steps, it can be made "USB Portable" (for the most part) so you wouldn't have to necessarily "install" it on each pc. I'm going to let you work out how to do that. It seems to be a very well supported and designed program. I'm looking forward to adding this to my first-strike team! An expanded-feature version a-squared Anti-Malware is also available for purchase with a 30-day free trial period. - Added to original post 01/16/06
A-Squared Command Line Scanner 2.1 - I had passed on this one before as it is "...a console application to scan your PC. It was made for professionals who don't need a setup or graphical user interface. All features of the Anti-Malware scanner are included." In most cases, I wouldn't recommend a command line tool that requires clear understanding of command arguments/switches, but it is just too good to pass up. My only tip is to create a "Logs" subfolder where unpacked so it can find the location to save you log results (if so desired). It did seem to stumble on some files I had on my system with the "~" character in them, but on others it did just fine. Just be sure to read and make sure you understand the brief "readme" file in the download package. You will also need to be sure to run the update command to get the latest DAT files for it. Overall it is an amazing tool and I can't believe a-squared is making it available for free just because it is a command-line tool!
AVG Anti-Spyware 7.5 - I love AVG's free anti-virus product and it is my personal recommendation for home users. It is light and fast, has a decent interface, doesn't use too much memory, nor hook too deeply into your system, and the DAT files are updated daily.
So imagine my surprise when I stumbled across Ewido Network's anti-spyware tool, only to then see that Ewido is now owned by Grisoft (AVG) and is being offered free for personal use! Wow. I had to check it out and came away highly impressed. It had the highest detection rate when compared to the other malware scanners I recommend (keep reading for results).
The free-for-personal use version is a "full" version for 30 days. With it you get: daily database updates, heuristic detection, and an automatic cleaning engine. Once the 30 days is up, you loose the following additional features--unless you pay for a full license: automatic online-update (manual updates can be run fine), real-time monitoring of the entire system, self-protection at kernel layer, and consent for commercial use.
It can be made "USB Portable" (for the most part) but doing so would break the spirit of Grisoft's License Agreement on Use of an AVG Anti-Spyware Free so I'm going to take a pass and not post how to do it. Grisoft is a stand-up software company and I think it's fair to respect them for that.
Anti-Malware / Anti-Spyware Scan-Off!
Just for kicks, I decided to run a highly non-controlled, non-scientific comparison between the following products: Spybot S&D, Microsoft Windows Defender, LavaSoft Ad-AwareSE, AVG Anti-Spyware, and a-squared Command Line Scanner 2.1.
They were run on the same system (Lavie's XP Home laptop) under my user-profile. Each scan was run using the "default" setting where best compared to each application. I updated all the DAT files for each program to the most recent versions available.
No files were removed after each scan was performed; each application had a fair chance to find the same things.
Your mileage may vary.
Application: AVG Anti-Spyware
Scan type: Quick Scan
Scan time: 12min 57sec
Items found: 290 cookies under 51 trackers
Application: Spybot S&D
Scan type: default settings
Scan time: 12min 22sec
Items found: 48 cookies under 13 trackers
Application: LavaSoft Ad-AwareSE
Scan type: Smart Scan
Scan time: 2min 51sec
Items found: 7 tracking cookies.
Application: A-Squared Command Line Scanner 2.1
Scan type: Memory, Traces and Cookie scan enabled, Use heuristics, display riskware and scan in ADS
Scan time: 1min 25sec
Items found: 27 Traces, 88 Cookies
Application: Microsoft Windows Defender
Scan type: Quick Scan
Scan time: 9min 23sec
Items found: none.
Reflections on the Results
AVG Anti-Spyware and Spybot both took about the same amount of time (quite long) to complete their scans, but AVG Anti-Spyware found a total of 290 cookies compared to the 48 found by Spybot!
Ad-AwareSE ran a very quick scan, but only found 7 cookies. Ad-Aware only seems to scans for IE cookies, not for Firefox, even when told to look in the Mozilla profile folder where they are stored. Since I don't user IE much, that's likely why it found so few items. Firefox users of Ad-AwareSE need to remember that fact!
A-Squared Command Line Scanner was the fastest, finding over 88 cookies in just under 2 minutes.
Finally, Microsoft's Windows Defender took almost 10 minutes to complete its scan...and found nothing.
Since I keep our home systems very clean, no "hostile malware/spyware applications" were on my system to begin with, so I cannot really say how effective an "advanced" cleaning session would turn out as compared to this "cookie" cleaning test. However, I have used Ad-AwareSE, Spybot, and Windows Defender more times that I would like to clean heavily infected machines in the past with good success. When I get the chance to try out the two newcomers out under "hostile live-fire", I will let you know the results.
In my experience, it takes multiple products and techniques (and tons of patience) to fully sanitize a Windows system heavily compromised by malware/spyware. Hence why I keep a number of these products on my USB stick at all times.
RunAlyzer - Spybot Search and Destroy team's "...brand-new autostart and configuration manager that allows you to view and edit all the spots where Windows looks for programs or services to start. It's a combination of a standard configuration manager and an advanced tool to locate and remove places where hijackers, spyware and other malware hide."
FileAlyzer - From the same Spybot folks, "...allows a basic analysis of files (showing file properties and file contents in hex dump form) and is able to interpret common file contents like resources structures (like text, graphics, HTML, media and PE).
Blink Personal Edition - This freeware product from eEye Digital Security "...combines intrusion prevention, application and network firewall, identity theft protection, and vulnerability assessment into a single, unified client security solution." It does quite a large number of things, and is a bigger package than I am interested in, but looks to be a promising solution for security-minded users.
Ad-Aware 2007 is on its way -via Download Squad. Not available to the public just yet, but a promising sign. Sign up for their Beta tester program and maybe you can get your hands on a version. I'm hoping the new version supports automatic scanning of the Firefox folders as well.
CounterSpy - ($) From the ever-amazing Alex Eckelberry's Sunbelt Software, this anti-spyware product is top-notch. I have only two reasons why I didn't list it above. First, it has a 15-day trial period (fair enough). Secondly, it isn't portable to USB devices (that I know of). But for a home user who has an ongoing issue with stumbling into malware and needing protection and cleaning--it's a very good product. They are also offering their v2 (beta) for users who join their beta test team! Nice! Keep up the fine product work, Alex!
There you go!