Category Archives: Manual Malware Removal

Kill Malware And Fix Windows With Free UVK – Ultra Virus Killer

imageI’d venture to guess, that the majority of computer users take it for granted, that – if they should become infected by malware –  their antimalware application will do all the hard work in detecting and removing the infection. All will be well, once more, with the World – so to speak.  Good luck with that!

Given the complexity of much of today’s malware, its removal can hamper normal Windows operations; leading to an unstable system (or worse). To deal with that, most users will have to seek professional help. Unless, that is, they can turn to a specialty system repair tool like UVK – Ultra Virus Killer (portable version available).

Given the application’s name, it would be easy to assume that the focus here is on scanning for, and removing malware. And, to a point, that’s true – the application can be set to scan with MalwareBytes, SUPERAntiSpyware, and Hitman Pro (these applications will be automatically downloaded and installed, if not already on your system). Additionally, you may choose to run Kaspersky TDSS Killer and ComboFix.

The real strength of the application, in my view, lies in the repair tools which have been designed to repair Windows (if necessary), after the disinfection. On top of that – users may create and run scripts that perform complete system repair and maintenance.

Quick walkthrough:

The following “Welcome” screen is the business end of the application. From here you can –  analyze and clean your machine of malware, spyware and adware, and perform complete system repair and maintenance.

image

This is a rather full program with a range of capabilities. I have chosen to highlight just a few, for this short review.

Startup Entries and services and Drivers/Tasks:

Delete startup entries, infected services, drivers or scheduled tasks and corresponding files simultaneously.
Select and manage several entries at once.
Verify startup entries files signatures.
Search information about a file over the internet.
Submit one or more entries files MD5 to VirusTotal using the VT API.
Open the registry key where the entry is located with regedit.
Open the entry’s file location.
View the entry’s file properties.
Maximizable window on these sections for a better view.

image

Run UVK Scripts:

Disinfect your computer by pasting lines from UVK log to delete corresponding registry entries and files.
Use custom commands to download files, execute programs, delete or add registry entries, terminate processes and delete files and folders, run cmd scripts and register system dll’s or run UVK Fixes.
Create system restore points, empty the recycle bin and all users temporary folders.
Create and run scripts that perform complete system repair and maintenance.
Automatically run any of the UVK fixes or scans.

image

Repair system and UVK Fixes:

Fix your computer with more than fifty exclusive fixes: Fix file extensions, register system dlls, enable and repair Windows update, clear dns and hosts cache, reset user default registry settings, fix installation problems, empty all browsers cache, reset security settings, defragment and optimize the hard drives, install Java, Flash, DirectX, .Net Framework, Fix the WMI and the system restore, delete all restore points, fix the windows shell and the user shell folders and much more.

image

Automatic anti-malware scans:

Perform automated scans with the most known malware removal programs: MalwareBytes’ AntiMalware, SuperAntiSpyware, Hitman Pro, Kaspersky TDSS Killer and ComboFix.
Automatically delete the threats found in the scans.
Run a configurable automated UVK system repair script after the scans.
Run ComboFix in unattended mode.
Perform all these actions automatically with no user interaction, which can save several hours of work.

image

Then, on to SUPERAntiSpyware.

image

image

In the short time I’ve been running this application – I’ve been impressed. I’ll keep this one around.

I should point out – taking full advantage of all of the features of this application, requires better than average skills.

Checkout the full feature list (much, much more), here – UVK – Ultra Virus Killer

Download at the developer’s site: carifred.com

Developer’s Note:

If your .exe file extension has been corrupted by malware, download the .com version.

You can take a peek at the application in action. Watch – UVK – Ultra Virus Killer – Powerful Virus Removal & System Repair Tool by Britec, on YouTube.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

13 Comments

Filed under Anti-Malware Tools, Computer Tools, Free Anti-malware Software, Freeware, Malwarebytes’ Anti-Malware, Manual Malware Removal, Software, Spyware - Adware Protection, SUPERAntiSpyWare

Runscanner – Aggressively Queries Your System And Applications For Unauthorized Changes

image

The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

Sounds a bit like HijackThis, the free utility from Trend Micro, which has a well deserved reputation for being aggressive in tracking down unauthorized changes that have been made to your system/applications.

Runscanner though, takes this process miles beyond HijackThis, and does so by  using an intuitive approach that casual users*, and experienced users alike, should find easy to work with.

*The only difficulty I see, that casual users might have a problem with is – the enormous volume of information this application is capable of producing. This could make it difficult for a casual user to interpret results.

Runscanner is a simple executable, and no installation is required. Just click on the file, and then choose your mode – beginner or expert.

image

The following screen capture shows the results of a full scan I ran on a Win 7 (32 bit), machine. The only entry I was unfamiliar with was Staropen.sys. Runscanner was right on the job though, with the right click context menu providing access to “lookup” services, as the screen shot below illustrates.

image

I took a look at Staropen.sys using a Google link to the Prevx file investigation site, and found the following: The filename Staropen.sys is used by objects that are classified as safe. It has not yet been seen to be associated with malicious software.

I then uploaded the file to VirusTotal (another context menu option),and VirusTotal reported the following – as shown in the screen shot below.

image

I suspected that this system driver was a component of CDBurner XP, and opening the location (another context menu option), then reading the driver with NotePad, indicated this was correct.

The next part of the test involved generating an online malware analysis report, which generates a massive report on all items which are considered safe, unsafe, whitelisted and additionally, verification of each file’s digital signature.

The screen capture below shows only a tiny (and I do mean tiny), portion of this report. The report is the most comprehensive of any I’ve ever seen, produced by this type of utility.

When you click on the screen capture below, to expand to the original size, you’ll notice that I’ve queried  Nitro PDF Spool Service. Rather than go directly to the site, instead, I’ve used COOL Previews to gather the relevant information. If you’re not yet familiar with COOL Previews – you can read a review of this outstanding time saver here – Surf Smarter – Take A Sneak Peek At Links With CoolPreviews Firefox Add-on.

image

Fast facts:

100+ start/hijack locations

Online malware analysis

Import and export of .run files

Powerful process killer

Save to text log file

Powerful file filtering

Host file editor

History backup / restore

Explorer jump

Analysis of file certificates

Beginner, Expert mode

Bit9 FileAdvisor MD5 lookup

Systemlookup.com lookup

Upload file to VirusTotal

Analyze loaded modules

Google lookup

Runscanner database lookup

Regedit jump

If you are a casual user, one caveat from the developer you should be aware of: Runscanner requires advanced Windows knowledge. If you delete an item, without knowing what it is, it can lead to major Windows problems. If you are not sure what to delete, post your Run file to a helper forum.

A list of helper forums is available directly from within the application, or here.

System requirements: Windows 2003, Windows 2000, Windows Vista, Windows XP, Windows 7 (according to the developers, the application is x 64 compatible).

Download at: Download.com

Public process list is an additional service provided by the developers. In this list you will be able to browse all processes and files found by Runscanner. Extra information for top processes is added to the database and optional security info is provided by research.

Runscanner has additional capabilities not reviewed here, so I recommend that you take a close look at this freebie. I think you’ll find that it’s worth the effort.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on Runscanner – Aggressively Queries Your System And Applications For Unauthorized Changes

Filed under 64 Bit Software, downloads, Freeware, Geek Software and Tools, Malware Removal, Manual Malware Removal, Software, System Process Scanners, System Utilities, Utilities, Windows Tips and Tools

14 Free Tools To Use To Identify And Remove Tough Malware

imageThe following tools have been specifically designed to help users better identify malware infections, and then eradicate those specific infections. These tools require advanced computer knowledge, and unless you feel confident in your diagnostic skills, you should avoid them.

Here’s a reasonable test to determine if you have the skills necessary to use these application effectively. If you’re not capable of using, and interpreting, an application such as HiJackThis for example, it is unlikely that using these applications will prove to be beneficial. On the other hand, if you can interpret the results of a  HiJackThis scan, you’re probably “good to go”.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

Emsisoft HiJackFree

The program operates as a detailed system analysis tool that can help you in the detection and removal of Hijackers, Spyware, Adware, Trojans, Worms, and other malware. It doesn’t offer live protection but instead, it examines your system, determines if it’s been infected, and then allows you to wipe out the malware.

Runscanner

If you’re a malware hunter, and you’re in the market for a free system utility which will scan your system for running programs, autostart locations, drivers, services and hijack points, then Runscanner should make your shortlist. The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

HijackThis

HijackThis is a free utility which heuristically scans your computer to find settings that may have been changed by homepage hijackers, spyware, other malware, or even unwanted programs. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

The program doesn’t target specific programs, but instead it analyses registry and file settings, and then targets the methods used by cyber-crooks. After you scan your computer, HijackThis creates a report, and a log file (if you choose to do so), with the results of the scan.

RKill

RKill is a program developed at BleepingComputer.com – “It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.”

Emsisoft BlitzBlank

BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, Registry entries and drivers at boot time before Windows and all other programs are loaded.

McAfee Labs Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

Specialty Removal Tools From BitDefender

Eight special removal tools including Conficker Removal Tool

Microsoft Malicious Software Removal Tool

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

NoVirusThanks

NoVirusThanks Malware Remover is an application designed to detect and remove specific malware, Trojans, worms and other malicious threats that can damage your computer. It can also detect and remove rogue security software, spyware and adware. This program is not an Antivirus and does not protect you in real time, but it can help you to detect and remove Trojans, spywares and rogue security software installed in your computer.

Norton Power Eraser

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Rootkit Tools:

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

Tizer Rootkit Razor

Tizer Rootkit Razor, will allow you to identify and remove Rootkits from your computer. I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

This article was originally posted November 2, 2010.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Anti-Malware Tools, downloads, Free Anti-malware Software, Freeware, Geek Software and Tools, Malware Removal, Manual Malware Removal, Rogue Software Removal Tips, Rootkit Revealers, Scareware Removal Tips, Software, Windows Tips and Tools

A Computer Recovery Walkthrough With Free Trinity Rescue Kit

Popular guest writer Mark Schneider, walks you through a computer recovery operation using the Trinity Rescue Kit, which, as he puts it, “saved my bacon”.

image Today, I was doing a little maintenance on my daughters Gateway laptop, uninstalling one anti-spyware program, and upgrading another to real-time protection. It seemed to go fine – I ran the Uninstall from Programs and Features in Vista, and enabled the full time protection in Malwarebytes, with the registration codes and rebooted.

When the computer shut down, I noticed it installing several updates. I didn’t think much of it at the time but when the machine restarted, the brown stuff hit the fan. I didn’t have any mouse! Even the Track pad was totally unresponsive. So, I plugged in a old USB trackball mouse, success!

I then clicked on the admin account I keep on the machine and went to type my password – nope, the keyboard didn’t work either. So I rebooted after plugging in my USB keyboard. Windows went through its usual routine and told me the keyboard had installed and was ready to use, except, it wasn’t. It wouldn’t work at all.

Basically, I was hosed! I couldn’t run the device manager from the limited account, or do a system restore. I had to get into the admin account, or I was stuck.

So I did what any red-blooded geek would do, I Googled “resetting a password in Vista”. I came up with usual Microsoft solution, you know the one where you use the password reset CD you made when you set up the computer, yep that one, the one no one ever makes!

Fortunately for me, I also found a reference to TRK or the Trinity Rescue Kit. TRK is a Linux based bootable CD, that can be used for resetting passwords, recovering files and a few other things relating to Windows calamities.

Publisher’s description: Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.

Once the CD booted normally, I typed in “winkey u admin” – this started TRK searching, and mounting all the files in the system. I choose “Enter” in the next dialog, and then typed an “*” confirmed this with a “y”, and this created a new administrator account with no password.

I was able to log into the Administrator account and then began the next phase of fixing the corrupted drivers. This took a little longer than I anticipated. I tried deleting the Track pad and keyboard in Device Manager , both had the little caution signs next to them indicating a damaged or corrupted driver; rebooted but this didn’t work.

I finally resolved the problem by using a restore point. Fortunately, you can get there with just a few clicks of the mouse. So I got lucky; the USB mouse worked, and the TRK worked after some trial and error.

Get the Trinity Rescue Kit here. I recommend it for your toolkit, it definitely saved my bacon.

image

Fast facts:

TRK is a complete command line based distribution, apart from a few tools like qtparted, links, partition image and midnight commander.

Full read/write and rpm support (since build 333)

Easily reset windows passwords (backup and restore option)

Four different virus scan products integrated in a single uniform command line with online update capability

Full ntfs write support thanks to ntfs-3g (all other drivers included as well)

Clone NTFS file systems over the network

Wide range of hardware support (kernel 2.6.39.3 and recent kudzu hwdata)

Easy script to find all local file systems

Self update capability to include and update all virus scanners

Full proxy server support

Run a samba fileserver (windows like file sharing)

Run an ssh server

Recovery and un-deletion of files with utilities and procedures

Recovery of lost partitions

Evacuation of dying disks

UTF-8 international character support

Powerful multicast disk cloning utility for any file system

Two rootkit detection utilities

Elaborate documentation

It is possible to boot TRK in three different ways:

As a bootable CD which you can burn yourself from a downloadable iso file.

From a USB stick/disk (optionally also a fixed disk), installable from Windows, or from the bootable TRK CD.

From network over PXE, which requires some modifications on your local network (version 3.2). Has the ability to act as a network boot server itself, without any modifications to your local network.

Trinity Rescue Kit is now in Version 3.4, and is better than ever before.

Getting started with TRK.

Download at: Developer’s site.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world. Why not pay a visit to Mark’s site today.

This article was originally posted here on March 11, 2010.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under CD/DVD Recovery Tools, computer repair, Computer Tools, downloads, Free Password Recovery Software, Freeware, Geek Software and Tools, Manual Malware Removal, Portable Applications, Software, System Recovery Tools, System Utilities, Utilities, Windows Tips and Tools

Specialty Malware Removal Tools For Killing Tough Malware

imageLooking at recent estimates provided by a large number of Internet security providers, the consensus seems to be that there are over 20,000,000 malware programs currently circulating on the Internet. So, if you should become infected by malware, it might not be any consolation – but, rest assured; it can happen to any one of us. We are, after all, facing overwhelming odds.

Much of today’s malware can be extremely difficult to identify and remove –despite a user relying on frontline antimalware applications to do the job. If you’re struggling with the reality of this statement, take a look at “Testing of antiviruses for the treatment of active infections” from Anti-malware Test Lab.

The following tools have been specifically designed to help users better identify malware infections, and then eradicate those specific infections. These tools require advanced computer knowledge, and unless you feel confident in your diagnostic skills, you should avoid them.

Here’s a reasonable test to determine if you have the skills necessary to use these application effectively. If you’re not capable of using, and interpreting, an application such as HiJackThis for example, it is unlikely that using these applications will prove to be beneficial. On the other hand, if you can interpret the results of a  HiJackThis scan, you’re probably “good to go”.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

A-squared HiJackFree

The program operates as a detailed system analysis tool that can help you in the detection and removal of Hijackers, Spyware, Adware, Trojans, Worms, and other malware. It doesn’t offer live protection but instead, it examines your system, determines if it’s been infected, and then allows you to wipe out the malware.

Runscanner

If you’re a malware hunter, and you’re in the market for a free system utility which will scan your system for running programs, autostart locations, drivers, services and hijack points, then Runscanner should make your shortlist. The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

HijackThis

HijackThis is a free utility which heuristically scans your computer to find settings that may have been changed by homepage hijackers, spyware, other malware, or even unwanted programs. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

The program doesn’t target specific programs, but instead it analyses registry and file settings, and then targets the methods used by cyber-crooks. After you scan your computer, HijackThis creates a report, and a log file (if you choose to do so), with the results of the scan.

RKill

RKill is a program developed at BleepingComputer.com – “It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.”

Emsisoft BlitzBlank

BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, Registry entries and drivers at boot time before Windows and all other programs are loaded.

McAfee Labs Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

Specialty Removal Tools From BitDefender

Eight special removal tools including Conficker Removal Tool

Microsoft Malicious Software Removal Tool

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

NoVirusThanks

NoVirusThanks Malware Remover is an application designed to detect and remove specific malware, trojans, worms and other malicious threats that can damage your computer. It can also detect and remove rogue security software, spyware and adware. This program is not an Antivirus and does not protect you in real time, but it can help you to detect and remove trojans, spywares and rogue security software installed in your computer.

Norton Power Eraser

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Rootkit Tools:

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

Tizer Rootkit Razor

Tizer Rootkit Razor, will allow you to identify and remove Rootkits from your computer. I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

Since the false positive issue, is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under Anti-Malware Tools, Computer Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Malware Removal, Manual Malware Removal, Microsoft, Rogue Software Removal Tips, Rootkit Revealers, rootkits, scareware, Scareware Removal Tips, Software, Windows Tips and Tools

Got ZBot (ZeusBot) Malware? Then Download BitDefender’s Free Special Removal Tool

image Lately it seems, we’re seeing more and more specialty malware removal tools, each one specially designed to eliminate a specific malware threat. Or, in some cases, a specific class of malware. In fact, we’ve covered several of these tools in the last week or so.

One of the tools we previously covered here, Rkill, an excellent free specialty tool designed to deal with the removal of rogue software, has been download 11,000+ times through Tech Thoughts, since June 17, 2010. I think those numbers speak to the need for these specialty tools.

The infamous ZBot, aka Zeus, ZeusBot or WSNPoem, can be one of the most frustrating Trojans to eradicate from a system, and recognizing this, BitDefender has developed and released, a free removal tool designed specifically to deal with this threat.

Since ZBot is one of the most prolific breeds of malware, and new variants appear every day, if you suspect that you are infected by this scourge, be sure to download the latest version of the ZBot Removal Tool.

Download at: BitDefender

More info about the threat is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Anti-Malware Tools, BitDefender, cybercrime, downloads, Freeware, Geek Software and Tools, Malware Removal, Manual Malware Removal, Software, trojans, Utilities, Windows Tips and Tools

2 Free Scareware (Rogue Software)Removal Tools – Norton Power Eraser and NoVirusThanks

I just took a second look at two free last resort malware removal tools, which I first looked at in June – Norton Power Eraser and NoVirusThanks. The developers of each tool makes reference to the fact that it is capable of detecting and removing Rogue Software, a scourge that currently infests the Internet.

The first tool – NoVirusThanks Malware Remover, (last updated August 23, 2010), according to the publisher, is “an application designed to detect and remove specific malware, Trojans, worms and other malicious threats that can damage your computer. It includes the ability to remove rogue software, spyware and adware.”

For a complex tool, the user interface is surprisingly simple, since it’s laid out in the familiar tabs and check boxes format, which makes it easy to follow.

Despite the publisher’s assertion that this tool “is very fast”, I didn’t find it particularly so. It took fully 15 minutes to complete the scan. Norton Power Eraser (described later), took less than 2 minutes.

No Virus Thanks 2

On the plus side though, NoVirusThanks Malware Remover did not return any false positives, which is a bit unusual for an aggressive specialty tool. This can be very positive of course, for those users unused to running such a high powered tool.

No Virus Thanks 3

Fast facts:

Accurate Disinfection Method
Remove Rogue Software and Unwanted Applications
Remove Trojans, Spyware and Worms
Quick Scan and Full Scan
Scan Processes
Scans Modules
Scans Registry
Backup Files and Folders
Easy to use

System requirements: Windows 7, Windows 2003, Windows 2000, Windows Vista, Windows XP

Download at: Novirusthanks.org

The second specialty malware removal tool I took a second look at, comes from a more familiar developer – Symantec, who’s free Norton Power Eraser, makes essentially the same claims as NoVirusThanks. Specifically, that it detects and removes scareware, or rogueware.

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Again, Norton Power Eraser’s user interface is simple, and easy to follow.

Norton Power Eraser 1

As opposed to NoVirusThanks, Norton did point out (for the second time), two issues that were in fact, false positives, as the following screen capture indicates.

Norton Power Eraser 2

Power Eraser, does offer the user additional information on suspicious files, so that the user can make a more accurate assessment as to the validity of the findings, as the following screen capture shows. You’ll note that in this case NoVirusThanks, is shown as a suspicious file.

It should be shown as a suspicious file, since its behavior replicates, in part, the familiar behavior of malware.

Norton Power Eraser 3

The second suspicious activity “advanced”, refers to my habit of hiding my Desktop icons, since I dislike that cluttered look. Besides which, on all my machines, my work applications are displayed in the Taskbar.

Norton Power Eraser 4

Note: According to Symantec – “You should use Power Eraser only when nothing else will remove the threat, and you are willing to accept the risk that the scanner may quarantine a legitimate program.”

System requirements: Windows 7, Windows Vista, Windows XP

Download at: Symantec

These tools require advanced computer knowledge, and unless you feel confident in your diagnostic skills, you should avoid them.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

14 Comments

Filed under Anti-Malware Tools, cybercrime, downloads, Free Anti-malware Software, Freeware, Geek Software and Tools, Malware Removal, Manual Malware Removal, Norton, Rogue Software, Rogue Software Removal Tips, scareware, Scareware Removal Tips, Software, Utilities, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP