Saturday, September 24, 2016

Excellent Review of Free Anti-Malware

[From Gizmo's Freeware]

Malware, trojans and threats
Most PCs are now connected to the Internet and networks, making easier the spread of malicious software (malware), which includes trojans (also known as trojan horses), viruses, worms, spyware, adware, rootkits and other malicious or unwanted programs.
Like spyware and adware, trojans can get onto your computer in a number of ways, including: from a web browser; via email; or in a bundle with other software downloaded from the Internet. You may also inadvertently transfer malware via a USB flash drive or other portable media. It is possible that you could be forced to reformat your USB flash drive or other portable device in order to eliminate the infection and avoid transferring it to other machines.
Unlike viruses or worms, trojans do not replicate themselves, but they can be just as destructive. On the surface, trojans appear benign and harmless, but once the infected code is run, trojans kick in and perform malicious functions to harm the computer system without the users' knowledge.
For example, waterfalls.scr is a waterfall screen saver as originally claimed by the author, but it can be associated with malware and become a trojan to unload hidden programs and allow unauthorized access to the users' PC.
Some typical examples of threats by trojans are as follows:
  • Erase, overwrite or corrupt data on a computer
  • Help to spread other malware such as viruses (by a dropper trojan)
  • Deactivate or interfere with anti-virus and firewall programs
  • Allow remote access to your computer (by a remote access trojan)
  • Upload and download files without your knowledge
  • Gather e-mail addresses and use them for spam
  • Log keystrokes to steal information such as passwords and credit card numbers
  • Copy fake links to false websites, display porno sites, play sounds/videos, display images
  • Slow down, restart or shut down your computer
  • Re-install themselves after being disabled
  • Disable the task manager
  • Disable the control panel
To minimise the threats, most PC users will need an effective anti-malware program to remove trojans along with other malware.
Anti-malware and anti-trojan programs
As more computer security developers are extending their product capabilities to address more than one type of malware, the boundary between different types of anti-malware programs is no longer clear-cut and has become blurred.
For example, an anti-virus program such as AVG Anti-Virus covers not only viruses, but offers protection against spyware, adware and others. An anti-spyware program such as SuperAntiSpyware not only detects spyware, but removes trojans, rootkits and other threats. Likewise an anti-trojan program can offer to remove viruses, spyware and other types of malware.
More appropriately, these security products are to be classified as anti-malware programs rather than to be grouped by the name of the products.
In this respect, anti-malware products which are designed to detect and remove trojans more effectively than the others will be reviewed in this category.
How many anti-malware programs do I need to install?
The following extract attempts to answer the aforementioned question and forms part of Gizmo Richards' Support Alert Newsletter, Issue 156, April 2008.
InterviewerSo do you still need an AV program plus an anti-spyware program and an anti-trojan scanner?
GizmoFor the majority of average users the answer is no. A single competent broad spectrum anti-malware product is enough. Of course, not everyone is an average user. Users who engage in high risk activities, like sourcing their software from P2P services, should load up their PC with all the protection they can get. Similarly, there are users for whom the best possible protection is paramount, regardless of cost or performance implications. Finally, users of freeware scanners who cannot afford [and/or are unwilling to pay for] a premium product may be well advised to use more than one signature-based scanner.
Despite their ratings in this review, some anti-malware programs in certain cases are able to detect more malware than the others depending on their designs, online databases and the infections on computers.
Emsisoft Anti-Malware is a good choice to scan and remove malware, especially trojans, from your PC. It removes the trojans containing backdoors, keyloggers, diallers and other destructive pests that make it dangerous to surf the web.
Other than trojans, it also can be used to recognize and remove spyware, adware, tracking cookies, worms, viruses and rootkits from your PC.
Designed for ease of use, this program combines Emsisoft Anti-Malware and the Bitdefender Anti-Virus engine to cut down on unnecessary double detection routines for one and the same malware. Prior to version 7.0 Ikarus was employed, but this has now been replaced by Bitdefender because of the former's tendency to produce false positives.
Any suspicious file/s can be uploaded to Emsisoft for analysis: and also, you may find their forums helpful:
Features such as quarantine, online updates and heuristic scan for unknown malware are included.
From the Emsisoft website, 'By default Emsisoft Anti-Malware installs as a free fully functional 30 day trial version. After the trial period you can either choose to buy a full version license or switch to the limited freeware mode. The freeware mode still allows you to scan and clean infections, but it doesn't provide any real-time protection to guard against new infections'.
In other words, the free version does not provide other features such as file guard, behavior blocker and surf protection.

Malwarebytes' Anti-Malware (MBAM) is an on-demand scanner which can be used to find and remove trojans, along with other malware such as viruses, worms, rootkits, diallers and spyware.

Since the launch of version 2.0, in March 2014, the GUI has benn drastically altered and long-term users' of MBAM might take a while to get used to the new layout. Qiuick scan has been replaced by Threat scan, but the program is still intuitive and simple to use.
As well as ditching the former utilitarian interface, MBAM now has a Progress Scanner bar and the ability to review any detected items during a scan - previously users' needed to wait until the scan had completed to see the items.
As there are daily updates, always ensure the software has been updated prior to scanning your PC. For those of a forgetful nature, you can set the program to warn about the database being outdated.
I would strongly recommend that you tick Scan for rootkits, this can found under:Settings > Detection and Protection > Detection options.
Other features include: multiple-drive scanning; custom scanning; malware exclusions; quarantine (to hold threats prior to deletion or restoration), and application logs.
Another plus point is that MBAM rarely causes any conflicts with other anti-malware utilities. If you encounter problems that are not covered in the help section you can visit the Malwarebytes forum:

SUPERAntiSpyware (SAS) is worth a try as well. In addition to its focus on detecting and removing spyware infections, this program deals with trojans and other types of threats such as diallers, keyloggers,worms, rootkits, etc.
It supports a quick scan, complete system scan or custom scan with trust items and exclude folders. The program also provides an option to check for latest definition updates before scanning to protect you from the newest threats. SAS also has a Trojan Threat List shown here. There are 100 examples of different dll and exe files, all of which should not be allowed to run on your PC. Clicking on any of the items in the list will give you a more detailed description of that particular threat.
Among other features, it includes Hi-Jack Protection which prevents other applications (excluding Task Manager) from terminating the program.
FAQs and help with false positives can be found over at:
On the down side, the free version of this program does not support real-time blocking, scheduled scanning and some other features.

Comodo Cleaning Essentials (CCE) contains an on-demand scanner and is portable ie it can run from a USB stick, or a CD/DVD and doesn’t install itself on your hard drive. It employs both heuristic and signature-based scanning and can detect trojans, rootkits and other forms of malware.

I prefer to run CCE. exe from a shortcut on my desktop, but whichever method you choose will work fine.

There are 3 scanning modes in CCE:
  • Smart* – performs a quick scan of critical areas of your PC eg the registry and boot sectors etc
  • Full – a complete scan of all areas of your system
  • Custom – individual files, folders and drives can be added for scanning. Dragging and dropping can also be employed if preferred.
The GUI is very clean and straightforward and during a scan there is a rotating green dial that appears and resembles a radar screen. In the midst of a scan, any malware that is detected can either be cleaned/quarantined, or reported as a false positive to Comodo, or simply ignored if you are fully confident that it is benign.

There is an excellent online help section that can be launched from within the software and is also available here:

Anybody requiring further help can also take a look at the forums:
One thing I should draw your attention to is that my CPU temperature rose from 38⁰C to a peak of 58⁰C when scanning my system. Even though an increase in CPU usage, and therefore temperature, is perfectly normal when running security scanning software, some users might find the aforementioned increases rather alarming; you have been warned!
Under Options you’ll find plenty of choices to tweak CCE. Other features include MBR scanner, Virus scanner, CAMAS - Comodo Automated Malware Analysis System (hence the acronym!) and Settings.
From within the Tools section you can access Quarantined Items, Manage Trusted Vendors (whitelist), Import Virus Database, Browse Logs and Check for Updates (manually).
(Also included in CCE are KillSwitch and Autorun Analyzer and both are beyond the remit of this review: suffice to say that the former is similar to the Task Manager in Windows and the latter shows programs and services which run on start-up.)
*Smart scan took just 1m 24secs and when it reached 100% it stated, Your computer will now be restarted in order to scan for hidden services. For more info on hidden services please click on the following link:
In conclusion, CCE has become a welcome addition to my security toolkit and, aside from the aforementioned CPU issues, I recommend folks to at least give it a try. After all, you don’t even need to install the application!

No comments:

Post a Comment