Update: Tools to remove almost any malware

Topic

New Reply

---

On Security

Update: Tools to remove almost any malware

By Fred Langa Special-purpose anti-malware scanners not only clean up some of the worst forms of malware, they can also be used for routine deep scans. Here are 12 tools you can use to verify that your full-time anti-malware tool is truly keeping your PC malware-free.

---

The full text of this column is posted at windowssecrets.com/top-story/update-tools-to-remove-almost-any-malware/ (opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

Reply | Quote

Replies

Fred,

Thank you, very good article and reminder. I have some question(s) though.

Your repeatedly used formulations like “I’ve run it on Win8 and Win10 systems without trouble” or something similar to this effect.

Just writing this I think I want to know if you ran these utilities against systems that you knew where infected with real viruses and/or rootkits?

Or did you just want to ascertain that they did not blow up with silly messages like”Wrong or unsupported operating system” or similar?

TIA for your response
Eike

Reply | Quote

Someting I’ve never been clear about: Do rescue disks have to be constantly updated for latest malware?

Reply | Quote

Depends on whether the disk has a network client to allow it to update automatically, but generally, yes, you need the latest rescue disk.

cheers, Paul

Reply | Quote

Thanks. Since a rescue disk is typically put aside for emergencies, it would seem to defeat the purpose to have to check for and burn new versions frequently. That’s why I’ve been reluctant to use them.

Reply | Quote

Just bear in mind that it’s only a temporary update. When you boot from the rescue media (CD or USB) the software creates a RAM disk. The network client downloads the latest AV definition updates to the RAM disk (and any AV engine update). When you reboot, the updates are gone and your rescue media itself hasn’t been updated.

I’ve used the Avira Rescue System on CD and USB in the past (and very good it was too, albeit rather slow). This seemed to use a single VDF (Virus Definition File) update which took some time to download and became progressively slower to download as the file grew in size. I haven’t used Avira Rescue System for a while so this may have changed.

I currently use the Kaspersky Rescue Disk using a 2GB USB stick (used in conjunction with my main ‘utilities’ USB stick with AdwCleaner, etc. on it). It’s rare that any of my family/friends’ PCs/laptops cannot boot from this USB stick but I can always burn a disk if needed. The Kaspersky Rescue Disk system uses small, cumulative differential updates rather than one huge definition file so it’s usually quicker to update the RAM disk, particularly if you use the Update utility.

Hope this helps…

Reply | Quote

Yes, it does. Thamks

Reply | Quote

After reading the article yesterday I downloaded and ran “Stinger-ePO for 64bit systems” from McAfee to check for rootkits on my Win 7 Pro 64-bit computer. In looking at Stinger’s settings I discovered scanning for rootkits was not checked by default. I checked it. Also, running Stinger installed “Real Protect”.

Not wanting to run Real Protect, I ended Real Protect using task manager and I removed all of the downloaded Stinger files. Later, my Zone Alarm firewall blocked something called “McAfee Validation Trust Protection Service” trying to access the Internet. A search revealed the service is difficult to stop and difficult to delete. I got rid of it by reloading a restore point I had created before I ran Stinger.

Reply | Quote

After reading the article yesterday I downloaded and ran “Stinger-ePO for 64bit systems” from McAfee to check for rootkits on my Win 7 Pro 64-bit computer. In looking at Stinger’s settings I discovered scanning for rootkits was not checked by default. I checked it. Also, running Stinger installed “Real Protect”.

Not wanting to run Real Protect, I ended Real Protect using task manager and I removed all of the downloaded Stinger files. Later, my Zone Alarm firewall blocked something called “McAfee Validation Trust Protection Service” trying to access the Internet. A search revealed the service is difficult to stop and difficult to delete. I got rid of it by reloading a restore point I had created before I ran Stinger.

The ePO (e-Policy Orchestrator) versions are for ‘managed’ devices, i.e. within a ‘corporate/business’ environment. If yours is a home computer then, on the face of it, you have the choice of downloading a non-ePO version without Real Protect or with a Beta version of Real Protect.

44202-stinger
Click to enlarge

To see what was happening for myself I downloaded and ran the Stinger for x64 systems version, i.e. the non-ePO version supposedly without the Beta version of Real Protect, in a new VM. The EULA informed me that Real Protect was included, which surprised me.

44203-stinger1
Click to enlarge

I checked running processes before I clicked on the Scan button in Stinger’s GUI and found RealProtect was already running.

Thank you for flagging this up…

Reply | Quote

I have been trying to implement your suggestions re malware cleanup. I don’t understand the difference between MRST and “Safety Scanner.” Do I need to run both of these? Also, when I went to download “Safety Scanner” there was a note that indicated that the software is only good for 10 days and has to be reloaded every 10 days thereafter. Is this correct?

Thanks!

Reply | Quote

Over the years, I have tried to avoid McAfee as much as possible because every experience I have had with it has been bad and it’s extremely difficult to get rid of anything McAfee once it’s been installed or “hitched” a ride with other software.
Just my opinion.

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

Over the years, I have tried to avoid McAfee as much as possible because every experience I have had with it has been bad and it’s extremely difficult to get rid of anything McAfee once it’s been installed or “hitched” a ride with other software.
Just my opinion.

Which I would tend to agree with regarding McAfee’s home products. :flee:

On the other hand, within the corporate environment I used to work in (with ~6,500 devices), McAfee was easily managed and worked very well re: protection 99% of the time… and Stinger also worked very well for the remaining 1%. (I have no experience since it was bought out by Intel.)

Reply | Quote

Which I would tend to agree with regarding McAfee’s home products. :flee:

+1 Rick!
For years I have seen nothing good with the McAfee brand, sorry Intel.
Slooow computers started to work sort’a normal once McAfee was removed.
And BTW, removing McAfee always meant:

1. Uninstall.
2. Re-start into Safe Mode.
3. Search C: drive for McAfee and delete anything it still finds.
4. Re-start into normal mode.
5. Search thoroughly for any McAfee service eventually still running; stop it, set it to disabled and delete associated executable.
6. Search for eventual McAfee drivers still being loaded (I do it with AutoRuns, YMMV); delete the registry entries that load them and delete the files.
7. Re-start computer.

Mostly I found either in step 5 and/or step 6 some left overs!

Thanks John McAfee and Intel for some job security!

Reply | Quote

…And BTW, removing McAfee always meant:

1. Uninstall.
2. Re-start into Safe Mode.
3. Search C: drive for McAfee and delete anything it still finds.
4. Re-start into normal mode.
5. Search thoroughly for any McAfee service eventually still running; stop it, set it to disabled and delete associated executable.
6. Search for eventual McAfee drivers still being loaded (I do it with AutoRuns, YMMV); delete the registry entries that load them and delete the files.
7. Re-start computer…

Have you tried the McAfee removal tool? http://us.mcafee.com/apps/supporttools/mcpr/mcpr.asp

FAQ page for the McAfee removal tool: https://service.mcafee.com/webcenter/portal/cp/home/articleview;jsessionid=6x43QuAY27Bgcp9sH81B2drV_u_E6JRMYtBD90K1Im5YE77Z_nd5!-1326482139!-733624095?articleId=TS101331&_afrLoop=528303204666472#!%40%40%3F_afrLoop%3D528303204666472%26articleId%3DTS101331%26centerWidth%3D100%2525%26leftWidth%3D0%2525%26rightWidth%3D0%2525%26showFooter%3Dfalse%26showHeader%3Dfalse%26_adf.ctrl-state%3Dhygbrqhf6_4

Reply | Quote

I expected to see MalWareBytes as a highly rated malware detection tool. Has it not kept up with the times or these other tools are just better at the moment or is it not in the same category?

Reply | Quote

After running all the apps which did not require booting from a CD etc., I downloaded the Windows Defender Offline and booted from the resulting disk. Every attempt to actually use it resulted in an error when attempting to update data files. This makes sense, since I had no internet connection after booting from a CD, but I had downloaded it only a few minutes before – how could it possibly be out of date? There was no way around this problem and the program would never allow me to start a scan. Yes, there are other tools, but I’d like to know how to actually run this one.

Reply | Quote

After running all the apps which did not require booting from a CD etc., I downloaded the Windows Defender Offline and booted from the resulting disk. Every attempt to actually use it resulted in an error when attempting to update data files. This makes sense, since I had no internet connection after booting from a CD, but I had downloaded it only a few minutes before – how could it possibly be out of date? There was no way around this problem and the program would never allow me to start a scan. Yes, there are other tools, but I’d like to know how to actually run this one.

My understanding is that it should scan immediately when you boot to it on a CD/DVD, as it’s only intended to be updated on a USB flash drive:

If you created a CD or DVD you shouldn’t reuse it; it contains definitions to help it detect malware. Definitions are updated frequently so the definition files on the CD or DVD will be out of date. If you created a USB flash drive, you can reuse it. Windows Defender Offline will update the definitions when you rerun the wizard.
Windows Defender Offline: frequently asked questions: I’ve used Windows Defender Offline before, can I re-use the CD or DVD that I created?

Reply | Quote