First (or Second) Pass AV/AM Scanner Tools

This past week at the church house, one of the secretaries reported some slowness on her system.

We did some troubleshooting and fixed a number of obvious issues, however the slowness persisted.

It was running Symantec AV and it had quarantined a few things. Those were deleted and removed, but time did not allow a second pass with a different AV/AM tool.

A few days later (and a few new SAV update packages) Symantec reported some more items were detected and quarantined.

I wasn’t able to get back to the system but another IT administrator at the church house did. This time Symantec reported finding a possible threat called “Kaeria Dust Remover”.

The core file name was “mvsbtej.exe” and here is some limited information on I was able to uncover:

• Malware scan of mvsbtsej.exe (Dust Remove) - herdProtect

To be sure things were cleaned, he installed (alongside Symantec) the 30-day trial of Kaspersky AV and kicked off a scan.

The user did report that once that malware was pulled off, the system performance returned to normal and things were so much better again.

While I don’t usually recommend installing more than one AV/AM product on a system at the same time (Malwarebytes excepted), if you aren’t planning on “nuking” a system (zero-out the drive, and reinstall the OS from source disks) it always is good to run a second or third AV scan from a different AV/AM vendor on a system.

There are some “standalone\light-install” and “cloud” based AV/AM scanners that can be used independently of the primary AV/AM software installed on a Windows system. I find these provide the perfect solution to getting a second/third opinion of a system’s post-infection status. Download or copy over to a system from a USB drive. Most do a temporary unpacking of the core scan engine files, may download the latest DAT files, and scan away. They typically quarantine anything they find, then you can delete the files once everything is done. 

Some other products pack the DAT files together with the scan engine. This can be handy if you don’t have a network connection either due to the attack or because you don’t want to place the system back on your network until you are sure it is remediated.

Then there are the cloud-based solutions than you can run and will upload the scan results to the vendor’s cloud server and match the files looking for issues. These may have a benefit of using the newest signature detection patterns available.

And by being “standalone\light-install” tools, the impact/conflict with an already-installed AV/AM product might be minimized.

• Bitdefender Adware Removal Tool for PC – Bitdefender (hat tip to Next of Windows)
• VIPRE Rescue - VIPRE Computer Recovery Solution – One of my favorite standalone AV/AM scan tools. Package/defs change daily.
• Kaspersky Removal Tool 2015 – Kaspersky Labs.
• See also this link: How to run a scan task in Kaspersky Virus Removal Tool 2015
• Kaspersky Virus Removal Tool 2011 – Kaspersky Labs
• Malicious Software Removal Tool (MRT) - Microsoft Safety & Security Center
• Microsoft Safety Scanner – Microsoft
• eScanAV Anti-Virus Toolkit (MWAV) - eScan
• Emsisoft Free Emergency Kit: Portable malware scanner – Emsisoft
• ERA (ESET Rogue Applications) Remover - ESET
• PC Cleaner - Avira Download Center (look at the bottom of the list)
• Stinger - McAfee Free Tools
• Software Removal Tool – Google – Mostly useful against Google browser hijacks

And here are some “cloud-based” AV/AM scanners. They typically still download some components to the local system before doing the threat-analysis work in the cloud.

• Bitdefender 60-Second Virus Scanner – Bitdefender
• Panda Security Tools - Panda Security. Panda Cloud Cleaner/Portable + with bootable versions as well
• Norton Security Scan - Norton
• HouseCall Antivirus - Trend Micro USA
• Free Internet Security Scan - Kaspersky Lab US
• Online Virus Scanner - ESET
• Comodo Cleaning Essentials (CCE) – Comodo
• herdProtect Anti-Malware - Reason Company Software Inc.

For a deeper look

• grand stream dreams: Anti-Malware Response “Go-Kit”
• grand stream dreams: “Advanced” Anti-Rootkit Tool List - Mostly Modern

Cheers,

--Claus Valca