Malware Removal Center

Help Center

 How To Use the Help Center 
# Look Up the full threat by name or partial name at the Malware Online Search Engines below. Generally, full files and registry keys are posted of the entire malicious installation and degree of danger to personal information comprimise that may have occurred.

# Look up a file or process with the File/Process Online Search Engines below. Identify a file or process as good or bad.

# Install antimalware (antivirus and antispywware) listed below which are about the only Free with Real Time Protection activated (blocks all threats in real time 24/7 ) and add a free firewall if you do not currently have the funds or use for life until you purchase subscription antimalware with real Time Protection activated. Perform FULL SCANS.

# Install some of the other free items as additional antivirus and antispyware - stand alone on demand scanners, no protection. One product may get what another misses. This is called adding "additional layers of protection" to beef up your Security Solution for your PC. Add anti-rootkit scanners and use them. (Since about 2005 all quality antivirus now also scans for rootkits. ) Install and try some of the other mentioned utilities such as the diagnosis items and browser plug ins like SiteAdvisor or WOT (shows good/bad sites in search results) .

# Finish Up.... Get the rest together by making a Emergency Repair CD which is the Windows Operating System burnt to a CD/DVD to use when it is impossible to undo malware damage (generally by lethal virus or worm). This is legal by Microsoft and is only used as the last resort which will erase (wipe) the entire computer disk of everything and re-install Windows to factory fresh (out of the box). ALSO get a USB Drive and add some portable antimalwares. 


CA Spyware Information Center (Search Engine)
CA Spyware Information Center search engine (ComputerAssociates, makers of PestPatrol and many security wares)

Webroot Threat Research Center
Database Search: Know the name of a specific spyware threat? Search our comprehensive spyware database for all the details including method of infection, program characteristics, consequences and recommended course of action.

CounterSpy Research Center
CounterSpy Research Center (search engine for threats)

Microsoft Malware Protection Center
Threat Research and Response, Microsoft opens security 'portal'
New site carries prevalence data, updates and malware resources.

Trend Micro Threat Encyclopedia

ESET Threat Encyclopedia 

Avira Virus Info
BitDefender Virus Encyclopedia
CA's Virus Information Center
F-Secure Virus Description Database
Fortinet Virus Encyclopedia
Kasperksy's VirusList.Com
McAfee Avert Labs Threat Library
Microsoft's MMPC Encyclopedia
Panda Encyclopedia
Sophos Threat analyses
Symantec Security Response
Trend Micro Virus Encyclopedia


File Research Center - Free File and Process Information
The File Research Center provides a free scanning service to identify what is running on your computer. We also provide free information about safe and
unsafe files, processes, services, spyware, adware, malware, trojans, and other programs that may be on your computer. - Search
Search engine.

WinTasks Process Library
In the recesses of your computer, 20-30 invisible processes run silently in the background. Some hog system resources, turning your PC into a sluggish computer. Worse yet, other useless processes harbour spyware and Trojans - violating your privacy and giving hackers free reign on your computer. WinTasks Process Library is an invaluable resource for anyone who wants to know the exact purpose of every single process.

WinTasks DLL Library
Search engine is about mid-page. Look up .dll information - whether valid .dll files.
Search engine

FILExt - The File Extension Source

ProcessQuickLink [Genuine Freeware]
For your PC to function Windows needs to run and manage many different processes. While many processes run by Windows are essential and legitimate, most PCs get bogged down with processes that are useless or downright harmful. ProcessQuickLink gives you an easy way to analyze each process running on your PC. Is it a resource hog? Could it be part of a virus infection? Or maybe a sign of spyware? ProcessQuickLink will give you the answer. How it works..... Once you install ProcessQuickLink access the Task Manager. Near each process you will see an button. Click on the button and you will be linked to the process page as listed on ProcessQuickLink is compatible with Windows 2000, 2003, XP, Vista and 7.


We perform HiJackThis and all Security Logs best Analysis !
BlueCollarPCSecurity · BlueCollarPC Security and Tech Help

TRY / Install / Post Results For Analysis : (other products have logs to copy/paste/post)

HijackThis can generate a plain-text logfile detailing all entries it finds, and some entries can be fixed by HijackThis. Inexperienced users are often advised to exercise caution, or to seek help when using the latter option.
HijackThis (What Is?)
From Wikipedia, the free encyclopedia

DIAGNOSIS: Advanced…
Emsisoft HiJackFree (Genuine Freeware)
[Included in Emsisoft Antimalware)
A detailed system analysis tool designed to help advanced users to detect and remove all types of HiJackers, Malware, Spyware, Adware, Trojans and Worms.
Detect malicious code at every possible weak point
Processes: Manage all running processes and their associated modules.
Ports: View open ports and the associated listening processes.
Autoruns: Manage all types of autoruns on your system.
Services: Control all services, even those Windows doesn't display.
Plugins: Control all explorer and browser plugins (BHOs, toolbars, etc.).
LSPs: Manage installed layered service providers (LSPs).
DNS: View all DNS entries in the hosts file.
System configuration: Analyze the system configuration using our live online analysis.

DIAGNOSIS: Advanced...

(Genuine Freeware) [wrkx w/ Netbooks]
Freeware! HiJackFree helps advanced users to detect and remove Malware manually. With HiJackFree you can manage all active processes, services, drivers, autoruns, open ports, hosts file entries and many more. For your full control over your system.

Regain Access to the Registry
Malware often disables access to the Windows Registry. In some cases, the Registry may open but then quickly close. Here's how to regain access to the Windows System Registry.

Regain Access to Task Manager
Preventing access to the Windows Task Manager is another favorite trick of malware writers. Here's how to regain access to Windows Task Manager.

Windows Repair Portable 3.9.20
REVIEW: Windows Repair Utility – What Super Users Say
"For the real power here, though, click Start Repairs, select “Custom Mode” and click Start. And here you’ll see options to reset Registry and File permissions, re-register system files, remove system policies commonly set by malware, and repair WMI, your firewall, IE, Hosts file, Winsock and DNS cache, and more. Just check the boxes next to the repair you’d like to carry out, click Start and Windows Repair will fix the selected problems for you.
There’s no doubt that Windows Repair includes some powerful optio
ns which may be able to help you fix all kinds of odd Windows issues."
Read more:

What is System Restore?
System Restore: frequently asked questions
Windows Vista System Restore
System Restore - Windows 7 features
Learn how Windows 7 can recover your data from a virus or catastrophic crash with System Restore.

Using Windows 7 or Vista System Restore - How-To Geek

Safe mode
Safe mode is a diagnostic mode of a computer operating system (OS). It can also refer to a mode of operation by application software. Safe mode is intended to fix most, if not all problems within an operating system. It is also widely used for removing rogue security software.
Microsoft Windows XP - Start the computer in safe mode
Start your computer in safe mode Windows Vista
Start your computer in safe mode - Windows 7
Start Windows in a troubleshooting mode that is useful for diagnosing problems.

Startup Repair: frequently asked questions
What is Startup Repair?

Startup Repair is a Windows Vista recovery tool that can fix certain problems, such as missing or damaged system files, that might prevent Windows from starting correctly. When you run Startup Repair, it scans your computer for the problem and then tries to fix it so your computer can start correctly. MORE...

The 7 best ransomware removal tools - clean up Cryptolocker and CryptoWall

Ask HTG: Reading Blue Screen of Death Codes
Generally IRQL errors are hardware or driver related. We’d suggest
checking to see if any drivers have been updated recently and either
roll them back to the old driver or see if an even newer driver is
available (the vendor may have released a driver to fix the crashes). If
that doesn’t help you’ll find BlueScreenView, a crash dump analyzer,
rather helpful. We have a guide to using BlueScreenView to help get you

BlueScreenView v1.40 - View BSOD (blue screen) crash information stored in dump files.
Copyright (c) 2009 - 2011 Nir Sofer

(free scanners do NOT protect the computer ! Must have Real Time Protection)

Comodo Free Anti Virus Software Internet Security 5* (FULL) BEST FREE ANTIMALWARE PROGRAM (Genuine Freeware)
Free Antivirus Software from Comodo eliminates viruses, spyware, and other malware from desktops and networks fighting against Internet security threats. Full Real Time Protection !
PRESS: Great News !
Comodo Internet Security Earns the Prestigious VB100 Virus Certification (press release) April 14, 2011

Microsoft Security Essentials w/Real Time Protection) [Only Basic Protection!!!!! ]
Microsoft Security Essentials (5* Stars!) (FULL) [wrkx w/ Netbooks]
(Genuine Freeware)
Windows OneCare Antivirus is now Free from Microsoft and very highly rated, West Coast Labs Certified and has won the VB100 Award ! Now called Microsoft Security Essentials..... (Includes antispyware ! Full shields)
SPECIAL NOTE / BASIC SECURITY....Microsoft: Security Essentials is designed to be bottom of the antivirus rankings. Microsoft has admitted Windows users should install antivirus above and beyond its own Security Essentials, describing its protection as merely a "baseline" that will "always be on the bottom" of antivirus software rankings.

Spyware Terminator [Genuine Freeware] (Antispyware and antivirus. Real Time Protection ) 4* (Full) [wrkx w/ Netbooks, tad heavy] 
Millions of users worldwide rely on Spyware Terminator, winner of many awards and high ratings from industry experts and users. Its free comprehensive
protection is comparable to competitors' paid versions! Originally with Clam Antivirus (enterprise) now with F-Prot Antivirus !
Spyware Terminator includes: 
* Fast spyware scanning
* 100% real-time protection
* HIPS protection
* Antivirus protection
* Multilanguage Support 
View List of All Features »

Generally, Do not use two antimalware products that have real time protection technology. These generally will conflict and worst. You can use these below with free free stand alone products. Both do work with Microsoft Security Essentials with no problems, personally tried them)

ThreatFire AntiVirus 4-5* (Full) (Genuine Freeware)
ThreatFire AntiVirus - Behavioral Virus and Spyware Protection
ThreatFire features innovative real-time behavioral technology that provides powerful protection against both known and unknown viruses, worms, trojans, ... 

Mamutu (Emsisoft.Com, makers of Emsisoft Anti-Malware) [$20USD Year] [SHAREWARE/PAY]
Monitors live all active programs for dangerous behavior (Behavior Blocking).
Recognizes new and unknown Trojans, Worms and Viruses (Zero-Day attacks), without daily updates.
Small but very powerful. Saves resources and does not slow the PC down.
1 Year: US$20. SHAREWARE / (Purchased)
(This is the Real Time Process used in well awarded Emsisoft Antimalware)


Emsisoft Antimalware (formerly a-squared) (Free Working Version and Proactive Premium Version) [NOW WITH IKARUS ANTIVIRUS] [wrkx w/ Netbooks]
- probably best antimalware in world ! Largest world database defintions - over 5 Million (2010) detects botnet infections - removes safely)
a-squared (antispyware) [Now Emsisoft AntiMalware] is a complementary product to antivirus software and desktop firewalls on MS Windows computers. Antivirus software specializes in detecting classic viruses. Many available products have weaknesses in detecting other malicious software (Malware) like Trojans, Dialers, Worms and Spyware (Adware). a-squared fills the gap that malware writers exploit. Automatic updates: In a-squared Free the updater must be run manually. The auto-update feature of a-squared Personal checks hourly for new available updates and installs them automatically. a-squared Free is freeware! You can download and use it completely for free. [Updated: 3 or 30 Day Full Trial and or buy, recommended tops]

Lavasoft Ad-Aware [working-freeware, personal use] (Works with Netbook) [wrkx w/ Netbooks]
Ad-Aware Personal provides advanced protection from known data-mining, aggressive advertising, Trojans, dialers, malware, browser hijackers, and tracking components. This software is downloadable free of charge for personal use. (Lavasoft Ad-Aware is one of the pioneers in antispyware as we know it today along with Spybot Search and Destroy and Webroot Spysweeper)

SUPERAntiSpyware [working-freeware, and premium version] [wrkx w/ Netbooks]
SUPERAntiSpyware scans your computer for known Spyware, Adware, Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers and many other types of threats, and allows you to remove or quarantine them. It offers daily (manual) definition updates, as well as home page hijack protection and customizable scan options. Furthermore, the program includes a Repair feature that allows you to restore various settings which are often changed by malware programs, but usually not corrected by simply removing the parasite. The free version lacks real-time blocking and protection as well as several other advanced options.

Google Pack [wrkx w/ Netbooks]
Google Pack is:; Software specifically selected by Google; Always free - no trial versions or ... International versions of Google Pack available in: ... INCLUDES PC Tools Spyware Doctor, Norton Security Scan, more

STOPzilla [working freeware] (Real Time Protection) 4* [wrks w/Netbooks]
Scans, removes and blocks Malware...
STOPzilla received antispyware certification from West Coast Labs
STOPzilla successfully scans, removes and blocks Malware, Adware, Pop-up ads, Phishing attacks, hijackers, rootkits, Trojans, bots, drive-by downloads, rogue programs, messenger service ads, keyloggers, malicious BHOs, dialers, and much more. STOPzilla's technology has protected users from Spyware / Adware in over 60 countries and has been downloaded by more than 15 million users, worldwide. True Real-timeTM Protection...
STOPzilla's True Real-Time protection detects, blocks, and quarantines both known and potential Spyware infections before they can attack your system and do damage. Legitimate software programs are allowed to execute freely. From the moment you start your computer, STOPzilla is working to protect you from malicious programming, so your PC is never vulnerable.

BitDefender Offers Free Tool Against Autorun Malware
SYS-CON Media (press release)
For years, this form of malware has ranked high in the worldwide e-threat landscape, with notorious examples
including Trojan.AutorunInf, the Conficker worm (Win32.Worm.Downadup), Worm.Autorun.VHD or the fearsome Stuxnet.
To help computer users more ... 

Free anti-malware (Has become popular, detection rates have greatly improved ! )

(Free versions / no protection / scan - remove)

NEW -------> (FREE / Home Use)

BitDefender Launches Free 60-Second Virus Scanner

Avira Free Antivirus
Avira Free Antivirus - Download Best Antivirus
Protects your computer against dangerous viruses, worms, Trojans and costly dialers - Avira Free Antivirus.
(One of top detection ratings in industry)

AVG - Free Antivirus
AVG Anti-Virus Free is virus and anti-spyware available for free.
(Popular, many awards)

ClamWin Free Antivirus [Open Source - working freeware] [wrkx w/ Netbooks] (Real Time Protection version in Spyware Terminator now)
ClamWin is a Free Antivirus for Microsoft Windows 98/Me/2000/XP and 2003. ClamWin Free Antivirus comes with an easy installer (and open source code). You may download and use it absolutely free of charge. It features: High detection rates for viruses and spyware; Scanning Scheduler; Automatic downloads of regularly updated Virus Database. Standalone virus scanner and right-click menu integration to Microsoft Windows Explorer; Addin to Microsoft Outlook to remove virus-infected attachments automatically. The latest version of Clamwin Free Antivirus is . Please note that ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.

Ad-Aware Free Antivirus+
Leaner, meaner, faster. Ad-Aware Free Antivirus+ combines our legendary Anti-spyware with a super fast, free Antivirus. It now features download protection (blocks malicious files before being written to disk), sandboxing (keeps unknown apps running in a virtual environment) and advanced detection - it's our most powerful free antivirus yet. 450 million Downloads and Counting....

Avast AntiVirus Home Edition [working-freeware] [wrkx w/ Netbooks]
Free avast! 4 Home Edition. avast! 4 Home Edition is a full-featured antivirus package designed exclusively for home users and non-commercial use. Institutions (even non-commercial ones) are not allowed to use avast! Home Edition. However, ALWIL Software provides the full line of avast! antivirus products at special discount prices for non-profit, charity, educational and government institutions. Please see our price lists for details.

BitDefender Free Edition
BitDefender Free Edition is an on-demand virus scanner, which is best used in a system recovery or forensics role. If you are on an "always-on" Internet connection, we strongly advise you to consider using a more complex antivirus solution.

Try clean up with portable products when access/download blocked or getting dreaded Blue Screen Of Death......

How to Remove Boot Block Malware
Boot block malware is malicious software that settles into your computer's hard
drive in the first sector and replaces the boot block instructions with malware
instructions. When you start, or boot up, your computer, the malware is loaded
into your computer's memory and from there it can spread to any other part of
your computer. ....


Emsisoft Emergency Kit 2.0 [genuine freeware, best, recommended]
Your emergency kit for infected PCs! Detects and removes Malware > 5 million known dangers. World class dual-scan-engine. 100% portable – perfect for USB sticks. HiJackFree and BlitzBlank included.
Emsisoft BlitzBlank
BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. These days the software pests use clever techniques to protect themselves from being deleted. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, registry entries and drivers at boot time before Windows and all other programs are loaded.
Self made Emergency USB stick – Expand the content of the Emsisoft Emergency Kit to an USB stick and make your own universal tool to scan and clean infected PCs. 

Microsoft Standalone System Sweeper (Beta) [FREE]
NOW CALLED Windows Defender Offline
Microsoft ships free malware cleaner that boots from CD or USB
ZDNet (blog)
June 1, 2011, 10:15am PDT In a move aimed at cutting down on support call costs, Microsoft has released a malware recovery tool that boots from a CD or USB stick. Ryan Naraine is a journalist and social media enthusiast specializing ...

Windows Defender Offline Beta
(Free from Microsoft, Scan with Windows Defender Offline Betafrom CD/DVD or USB Drive at Start Up to remove blocking malwares)

What is Windows Defender Offline Beta?
Windows Defender Offline Beta: frequently asked questions
How to Create a Bootable Offline Version of Windows Defender

We should point out that you can also scan your PC with a BitDefender boot disk,
a Kapersky boot disk,
an Avira boot disk,
or even an Ubuntu Live CD,
this is one more tool to add into your toolkit.

ClamWin Portable (Antivirus, more) [FREE]
Antivirus to go.... ClamWin Portable is the popular ClamWin antivirus packaged as a portable app, so you can take your antivirus with you to scan files on the go. You can place it on your USB flash drive, iPod, portable hard drive or a CD and use it on any computer, without leaving any personal information behind.
NEWS: ClamWin Portable 0.97.1 (anti-virus) Released | ...
ClamWin Portable 0.97.1 (anti-virus) Released. Submitted by John T. Haller on June 17, 2011 - 7:46pm. logo ClamWin Portable 0.97.1 has been released. ...

 SUPERAntiSpyware Portable Scanner (Antispyware) [FREE]
Follow the instructions below to download the SUPERAntiSpyware Portable Scanner. The scanner features our complete scanning and removal engine and will detect AND remove over 1,000,000 spyware/malware infections. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled. The scanner contains the latest definitions so you DO NOT need Internet Access on the infected system to scan.

Comodo Cleaning Essentials
Comodo Cleaning Essentials is a set of portable antivirus tools
that will help you to detect and remove malware from an infected PC.

ESET SysInspector is a powerful, portable security tool that will inspect your system's files, running processes, Registry keys and more, looking for and highlighting anything that could be a sign of malware.
(Makers of famous Eset NOD32 Antivirus - most awarded in history)

Norman Malware Cleaner is an interesting portable antivirus tool which will scan your PC, detecting and removing any malware that it uncovers.

The AVG Rescue CD is a portable environment that comes with a range of tools to help you clean up a virus-infected PC, fix hard drive problems, and get an unbootable system working again. This variant of the rescue CD is intended for installation on a USB flash drive. After downloading, you should extract the archive contents directly to the root folder of the USB drive
you'd like to use. (If you don't have a tool that can read RAR files, then try 7-ZIP).

CCleaner Portable
CCleaner Portable is a compact version of CCleaner that you can store on a CD, USB flash drive, microSD, or even two floppy disks if you still use those.

Emsisoft Emergency USB Stick (Antivirus + Antispyware) [BUY] (USB Drive / Installed)
Emsisoft Anti-Malware Personal Edition. Malware, adware and spyware removal and scanning. Plug in an run - It is that easy to clean an infected computer with the Emsisoft Emergency USB Stick!
How it works: The Emsisoft Emergency USB Stick contains two useful programs which can be used to scan and clean an infected computer
quickly without a required software installation

How to Make a Bootable Antivirus Cd
How to Make a Bootable Antivirus Disc This document will teach you how to make a bootable anti-malware ( bootable antivirus ) cd/dvd step-by-step. ... This is the best free way to remove any piece of malware with a 100% success rate. Steps: ... Get Free Ultimate Boot CD


Mozilla Firefox, Portable Edition
your browser, your way... in your pocket
Mozilla Firefox Portable Edition is the popular Mozilla Firefox web browser bundled with
a Launcher as a portable app, so you can take your bookmarks,
extensions and saved passwords with you.

Google Chrome Portable
browse with speed, simplicity and style
Google Chrome Portable is a web browser that runs web pages and applications with lightning speed.
It's designed to be simple and stylish. It's packaged as a portable app, so you can take your browsing
experience with you.


Title: The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites 
Description: Bad, False, Fake products 

LavaSoft -- The Rogue Gallery
The Rogue Gallery, powered by the Malware Labs at Lavasoft, is a resource dedicated to keeping computer users safe from rogue security software. By
providing a comprehensive database of current rogue security applications, you have the ability to clearly see what programs are considered rogue – and avoid them.

Partial list of rogue security software

From Wikipedia, the free encyclopedia
Rogue security software
From Wikipedia, the free encyclopedia

FBI — Don't Be Scared of 'Scareware'
They're called “scareware” because they try to frighten you into purchasing fake antivirus software with a seemingly genuine security ...

FUD "Fear, Uncertainty and Doubt, a marketing or political strategy" ...
FUD (definition)
There are many, many idiots and the corrupt in computer security calling all things FUD (or snake oil - worhtless product, does nothing - such as industry wide security products as antivirus, antispyware, personal firewalls etc. ) . Some of the count are actual cyber criminals socially engineering you ! Some advocate never using a registry cleaner which can not  pass
legal compliance in IT Security - yet they will advise you to use antivirus and antispyware that does indeed remove malware Windows Registry keys.
We as intermediate and advanced users have known for years and have used for years Registry products that are an invaluable help to manually
locate malware items and as well identify reported malware by security products (antivirus. antimalware, firewalls).
These others are telling you 'feel-good' false security lies as 'sugar daddies' or ease-of-use 'candy man' tactics to be your "security guru" at many forums.
We do not promote any false sense of security or environment. Those wishing to profit from calling security FUD are what we use to call Judas Iscariot and are NOT welcomed here or anywhere there is intelligence.



Microsoft Baseline Security Analyzer 2.1.1 (for consumers / IT - will find missing Windows Updates, more for average User PC)

ESET (NOD32) Stand-alone malware removal tools

List of free Ransomware Decryptor Tools to unlock files

Secunia Personal Software Inspector (PSI) [MILLIONS OF DOWNLOADS]
The Secunia PSI is a free security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks.

Belarc Advisor
The Belarc Advisor builds a detailed profile of your installed software and hardware, missing Microsoft hotfixes, anti-virus status, ...
Belarc, located in Maynard, MA, develops and licenses Internet based products which help make personal computers easier to use and maintain by large enterprises, small businesses and individual consumers. Our products are used for software license compliance, hardware upgrade planning, cyber security status, information assurance audits, IT asset management, configuration management, and more.
Belarc's products are in use on well over twenty million computers and are licensed by numerous customers including: AIG, Dana, Kindred Healthcare, NASA, National Park Service, U.S. Air Force, U.S. Army, U.S. Census Bureau, U.S. Coast Guard, U.S. Marine Corps, U.S. Navy, Unilever, WebMD/Emdeon, and many more.

HiJackFree (free from famed / awarded Emsisoft.Com)[wrkx w/ Netbooks]
Freeware! HiJackFree helps advanced users to detect and remove Malware manually. With HiJackFree you can manage all active processes, services, drivers, autoruns, open ports, hosts file entries and many more. For your full control over your system.

RegSeeker [working-freeware] (One of world's best registry cleaners) [wrkx w/ Netbooks]
[Latest versions work with Windows Vista]
RegSeeker is a handy tool for managing several popular registry items and searching the registry by keyword. It offers quick access to Startup Entries,
Uninstall Information, Color Schemes, History items (URLs, Recent Documents etc) and IE Favorites. The program also includes a registry cleaning feature that finds invalid and unused registry entries, allowing you to delete them. RegSeeker can automatically create a backup before deleting any registry entries. The program comes with an attractive, easy to use interface. Nevertheless it is not intended for complete beginners and you should feel comfortable working with the Windows registry before using it.

List of Free Anti-Ransomware Tools for Windows computers
BitDefender Anti-Ransomware, CryptoMonitor, CryptoPrevent, HitmanPro.Alert, Trend Micro AntiRansomware Tool, Cryptolocker Prevention Kit, CryptoLocker Tripwire,

Transaction Guard
Note to Trend Micro Internet Security Users: Trend Micro Internet Security already includes all the functionality of Spyware Monitor, plus the ability to remove spyware. Use Spyware Monitor when you are using a computer that does not have Trend Micro Internet Security installed (for example: at a library or an Internet cafe). Version 2.0
Transaction Guard is FREE software that protects you against spyware while performing sensitive online tasks on a public computer, like Internet banking or other financial transactions.
Transaction Guard has two components:
Spyware Monitor
– Monitors for spyware and notifies you of any intrusions. Password ClipBoard – An on-screen keyboard for securely entering user names and passwords.

a-squared Anti-Dialer [working-freeware] [wrkx w/ Netbooks]
No chance for the Dialer rip off! Protect your PC with a-squared Anti-Dialer from manipulated dial up connections, which can cause a phone bill of several hundred dollars quickly. a-squared Anti-Dialer provides a complete defense against Dialers. Scan all files on your harddisks for Dialer behavior using the Dialer scanner. The integrated background guard protects the PC from new infections. As soon as a potential Dialer creates or manipulates a dial up connection, the a-squared Anti-Dialer will alert it.

CWShredder [working-freeware, install this! worst known threat, only known solution available] [wrkx w/ Netbooks]
CWShredder finds and destroys traces of CoolWebSearch. CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to and other sites affiliated with its operators.
Learn More:
(Note: CoolWebSearch has been reported as the worst, and the CWShredder is the only known true remover for all traces, variants - and is constantly updated. CWSredder has been aquired by Trend Micro AntiSpyware now but is still free as a stand alone program from them. Take a look at the extensive variants list of the CoolWebSearch toolbar browser hijacker at CA Spyware Information Center......):
CA Spyware Information Center (List of CWS variants)

Trend Micro RUBotted (free) 4-5* (Detect only) [wrkx w/ Netbooks]
Malicious software called Bots can secretly take control of computers and make them participate in networks called “Botnets.” These networks can harness massive computing power and Internet bandwidth to relay spam, attack web servers, infect more computers, and perform other illicit activities.
Security experts believe that millions of computers have already joined Botnets without the knowledge of their owners. By using remotely-controlled computers, the criminals in charge of the Botnets try to remain anonymous and elude authorities seeking to prosecute them. RUBotted monitors your computer for suspicious activities and regularly checks with an online service to identify behavior associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer.

Bothunter - Wikipedia, the free encyclopedia
BotHunter is a free utility for Windows XP and Unix, which aims at detecting botnet activity within a network. It does so by analyzing network traffic and ...

Zombie computer (DEFINTION)
From Wikipedia, the free encyclopedia 
Zombie network (DEFINITION)
From Wikipedia, the free encyclopedia SEE Botnet 

P2P Dangers (Peer to Peer file swapping) [A major source of botnet infections ! ]
Summary: A peer network used primarily for music file sharing. In an organization, can degrade network performance and consume vast amounts of storage. Is bundled with many spyware/adware products. Category: P2P... Any peer-to-peer file swapping program, such as Audiogalaxy, Bearshare, Blubster, E-Mule, Gnucleus, Grokster, Imesh, KaZaa, KaZaa Lite, Limewire, Morpheus, Shareaza, WinMX and Xolox. In an organization, can degrade network performance and consume vast amounts of storage. May create security issues as outsiders are granted access to internal files. Often bundled with Adware or Spyware.

Botnet Infection in Safe Mode with Networking
Beware (bad) Helpers directions - "Enter Safe Mode with Networking" !
....Booby Trap - Backdoor.Tidserv | Symantec... TidServ = Compromised U.S. computers: 1.5 million Main crime use: This downloader Trojan spreads through spam e-mail, arriving as an attachment. It uses rootkit techniques to run inside common Windows services (sometimes bundled with fake antivirus software) or in Windows safe mode, and it can hide most of its files and registry entries....
Backdoor.Tidserv | Symantec
Sep 18, 2008 ... Remove Backdoor.Tidserv - Symantec Security Response provides comprehensive internet protection expertise to guard against complex threats, ..

Troubleshooting problems while in safe mode - Windows Vista Help (GOOD GUYS)
[Check for botnet infection activity first before entering] Try restarting your computer using Safe Mode with Networking, the only safe mode option that allows networking and Internet ... by restarting your computer and also any network ... 

 Malware runs even in safe mode – Cleaning Malware (MalwareHelp.Org)
April 1, 2011


Vista's Despised UAC Nails Rootkits, Tests Find
Rootkits unable to run on Windows Vista ! 

Rootkit List
BleepingComputer.Com is a very popular help destination on the web for years. See their comprehensive list of the malware - rootkits.
(Can hide from known security softwares.)

Trend Micro RootkitBuster (popular) [working-freeware] [wrkx w/ Netbooks]
Trend Micro RootkitBuster is a rootkit scanner that offers ability to scan for drivers, registry entries, processes, hidden files and hooked system service.
Trend Micro RootkitBuster also includes the cleaning capability for hidden files and registry entries.  License:  Freeware / OS:  Windows All

Sophos Anti-Rootkit (popular) [working-freeware] [wrkx w/ Netbooks]
Eliminates hidden applications and processes. Removing rootkits without compromising system integrity is particularly challenging and needs to be done with care. Our free software, Sophos Anti-Rootkit, finds and removes any rootkit that is hidden on your computer.

GMer Free Rootkit Scanner [wrkx w/ Netbooks]
License Type: Free Operating Systems: Windows NT, Windows 2000, Windows XP

a-squared HiJackFree [working-freeware] [wrkx w/ Netbooks]
a-squared Home:
a-squared HiJackFree is a detailed system analysis tool which helps advanced users to detect and remove all types of HiJackers, Spyware, Adware, Trojans
and Worms. (Note this is the superior alternative to HiJackThis for advanced users with instant analysis online).

SiteAdvisor.Com Information and Download [working-freeware, Internet Explorer and Firefox browsers] [wrkx w/ Netbooks]
We test the Web to help keep you safe from spyware, spam, viruses and online scams. SiteAdvisor's safety ratings are based on automated safety tests of Web sites (including of our own site) and are enhanced with user feedback from our users and our own manual analysis. We do not accept payment from sites to be rated, so we have no conflict of interest. We also document our safety tests for every site we analyze. (Now owned by McAfee).

EarthLink Free Software & Tools For All Internet Users [working-freeware security toolbar]
[wrkx w/ Netbooks]
EarthLink Toolbar: Surf safer and easier with our exclusive ScamBlocker and Pop-Up BlockerSM, plus a convenient Google search added to your browser toolbar. Free download. EarthLink Tools for the Firefox Browser, featuring ScamBlocker: Now you can use the popular Firefox Web browser with our customized EarthLink theme and our own extension—the EarthLink Toolbar featuring ScamBlocker! EarthLink Spy Audit: Do you have spyware on your machine? Find out now—FREE!

EULAlyzer 1.1 [wrkx w/ Netbooks]
EULAlyzer can analyze license agreements in seconds, and provide a
detailed listing of potentially interesting words and phrases.
Discover if the software you're about to install displays pop-up ads,
transmits personally identifiable information, uses unique identifiers
to track you, or much much more.

ALTERNATE BROWSERS / wrkx w/Netbooks

Firefox web browser | Faster, more secure, & customizable
The Firefox Web Browser is the faster, more secure, and fully customizable way to surf the web.

SeaMonkey free browser suite / wrkx w/Netbooks
The Internet browser at the core of the SeaMonkey suite uses the same rendering ... If that's still not enough, SeaMonkey can be extended with numerous Add-Ons that ...

Google Chrome runs websites and applications with lightning speed.
Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.

(necessary to block direct take over of pc by hackers)

PC Tools Firewall Plus - Free Edition 5* [wrkx w/Netbooks]
Easy-to-use, free software firewall for PC users to protect your computer from intruders and malicious network traffic.
(PC Tools is maker of famous Spyware Doctor)

Comodo Personal Firewall [new, advanced users]
(Genuine Freeware, and rated by international tests as about world's best - now includes antivirus real time)

Sygate Personal Firewall Free 5.6.2808 [Not supported, extinct, good system32 monitor]
(Old favorite now owned by Symantec)

ZoneAlarm Free Firewall
Protect your PC with #1 Free Firewall

Ashampoo FireWall Free 1.2 (popular) [wrkx w/ Netbooks]

Internet Tracks Cleaners Recommended
(Privacy and Security)
[You should have browsers Settings to delete all internet history each time it closes. Do NOT keep cookies on your computer at all. They have been broken into by crimewares. Cookies should only be given session cookies permissions as a privacy and security issue (cookies have been broken into by malwares) and only if necessary.

CCleaner - Wikipedia, the free encyclopedia (very popular, safe, freeware/donate)
CCleaner supports the cleaning of temporary and unneeded files from certain ...

:: Add-ons for Firefox
Customize Firefox, Thunderbird, and other Mozilla products with thousands of ... Better Privacy serves to protect against not deletable longterm cookies,....
....deletes flash cookies that none others generally delete. Cookies should only be given session cookies permissions as a privacy and security issue (cookies have been broken into by malwares) and only if necessary.


MalAware 1.0
Brand new out of the Emsi Software labs:
The basic idea behind MalAware was to create build the smallest possible (1 mb) and the fastest possible malware scanner (scan in less than 1 minute) that will only provide an indication of whether a PC is infected with malware or not. However, it should still get the full Emsi Software technology with more than 3 million known nasties. Not an easy task - but our developers have found ways and means to meet these seemingly impossible combinable requirements. By combining a strongly limited version of the signature database of known malware paths with a cloud based scan of all active processes, MalAware achieves a similar accuracy as a-squared Anti-Malware. If it detects that your PC is infected, the second step is to download the big a-squared Anti-Malware package to remove the malware and protect the PC against new infections.
Download MalAware 1.0
MalAware does not require software installation and can be started immediately for a quick first control of possibly infected PCs.

Trend Micro Housecall
Windows One-Care

Malicious Software Removal Tools

Microsoft Free Malicious Software Removal Tool
Emergency Download Link (USA English):
The Microsoft Windows Malicious Software Removal Tool checks computers running Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove any infection found. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.
Microsoft releases an updated version of this tool on the second Tuesday of each month, and as needed to respond to security incidents. The tool is available from Microsoft Update, Windows Update and the Microsoft Download Center.
Note  The version of the tool delivered by Microsoft Update and Windows Update runs in the background and then reports if an infection is found. If you would like to run this tool more than once a month, use the version on this Web page or install the version that is available in the Download Center.
Because computers can appear to function normally when infected, Microsoft advises you to run this tool even if your computer seems to be fine. You should also use up-to-date antivirus software to help protect your computer from other malicious software.
To download the latest version of this tool, please visit the Microsoft Download Center:

ESET Rogue Application Remover
DOWNLOAD free here:

McAfee AVERT Stinger
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist
administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

Microsoft Malware Prevention troubleshooter
The Microsoft Malware Prevention trouble shooter is designed to scan your computer and make recommended changes based on your current settings to provide you with the most up to date security for your Windows operating system. Building up your computer’s defenses helps secure your computer against viruses and other malicious software.

The Microsoft Malware Prevention troubleshooter does the following:
•Turns on your Windows Firewall. Enabling your Windows Firewall will protect your computer by blocking communication to your PC that may be malicious software.
•Antivirus software: Checks your Antivirus protection status. You will be prompted to update your Antivirus program if it is not up to date or enable Real-time protection. If you don't have an anti-virus program installed it will offer you to use Microsoft Security Essentials or learn more about other security software partners.
•Turns on Automatic Update. Windows Update helps keep your PC current, secure and enhance performance by automatically downloading and installing the latest security and feature updates from Microsoft. This helps ensure that both Important and Recommended updates are downloaded.
•Pop-blocker: Enabling Pop-up Blocker will make browsing the web safer by helping prevent malicious or unsafe pop-ups from automatically appearing.
•Remote Registry: The Windows Remote Registry service enables remote users to modify registry settings on this computer. If this service is stopped the registry can be modified only by users on this computer as opposed to over the network.
•Internet Explorer: The package will inform you if you have the latest version of Internet Explorer installed. It will also modify your current privacy settings to ensure you have a safe browsing experience. The package will delete your internet cache and browsing history, which will help protect against malicious threats attempting to access your computer while you’re online.
•Enables User Account Control (UAC). User Account Control (UAC) will prevent malicious software from modifying your computer settings without your consent.
•Proxy Settings: If malicious software has modified your Internet Proxy settings, therefore making it difficult to get online, the package will reset your settings so you can browse the internet normally.

EarthLink Spy Audit
When you browse the Web, spyware programs can sneak onto your computer. As a result, Web sites can track your browsing habits, corrupt your data, or even steal your identity. To scan your PC for spyware, just run a quick EarthLink Spy Audit.* This free service examines your computer and lists spyware results in minutes. It will not change or harm your system in any way.

Trend Micro AntiSpyware Scan Free Scan
Trend Micro Anti-Spyware for the Web is a free online tool that checks computers for spyware, and helps remove any infections found. When the detection process is complete, the tool will display a report describing the result including which if any, spyware were detected, and prompt you before the removal process.

Webroot Spy Audit 
Quickly scan your PC for spyware - It's free! At no cost or obligation to you, Spy Audit scans your system registry and hard drive space for thousands of known spyware programs. Spy Audit shows you what spyware is on your system. It will not remove or modify any files. Webroot Software respects your privacy - after all, that's our business. Running Spy Audit will not add cookies or harm your computer in any way. Spy Audit takes only seconds to run. Try it now.

Pest Patrol Free Spyscan
Windows Live Safety Center - free safety scan for your computer
Get a free safety scan for your computer. Windows Live Safety Center helps tune up your computer. Windows Live Safety Center is a new service that lets you scan your computer to help protect, clean, and keep it running at its best. The service is free and available directly from the Internet
at You can revisit the Windows Live Safety Center for subsequent tune ups as often as you like.

Panda (free scan)
Scans, viruses, worms and Trojans from all system devices, hard disks, compressed file and all your email.

Welcome to the CA Security Advisor site
Free Spyware Scan (Makers of PestPatrol)


The Malware that Murders Windows
(PC Magazine)
Malware usually makes Windows run badly, but it usually wants to keep it alive. Not always. The S21sec Labs blog details a few examples of malware that deliberately kills Windows...,2817,2344677,00.asp?kc=PCRSS03069TX1K0001121

This PC Will Self-Destruct in Ten Seconds
Several new variants of existing malware families are rendering the PC unbootable
An unpatched PC is likely to last just four minutes on the internet
Gone in 240 seconds
An unpatched PC is likely to last just four minutes on the internet
before being attacked and compromised.…

Incidents of "biometrics failure"
(in medical sense meaning rather than security
- or quarantine component failure)

Antivirus Quarantine containment failure
Amatuer Forensics Build - Nimrod Botnet

SAFE MODE (with networking) FAILURE
Backdoor.Tidserv | Symantec... TidServ = Compromised U.S. computers: 1.5 million Main crime use: This downloader Trojan spreads through spam e-mail, arriving as an attachment. It uses rootkit techniques to run inside common Windows services (sometimes bundled with fake antivirus software) or in Windows safe mode, and it can hide most of its files and registry entries....
Malware runs even in safe mode – Cleaning Malware (MalwareHelp.Org)
April 1, 2011


FBI Releases Warning about Scareware (US-CERT)

Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites 
Description: Bad, False, Fake products 

LavaSoft -- The Rogue Gallery
The Rogue Gallery, powered by the Malware Labs at Lavasoft, is a resource dedicated to keeping computer users safe from rogue security software. By
providing a comprehensive database of current rogue security applications, you have the ability to clearly see what programs are considered rogue – and avoid them.

Partial list of rogue security software

VB100 Award = Perfect scores ! (Top AntiVirus World Prize)
About the Virus Bulletin 100% award... The Virus Bulletin 100% awards recognise those products best able to detect viruses known to be 'in the wild'. Unlike some other similar-sounding schemes, Virus Bulletin uses the most up-to-date WildList in its tests. This means that products that are 'up with the game' are the ones most likely to be granted VB100 awards. More information about Virus Bulletin can be found on its website:

ESET NOD32 Currently 59 VB100 awards !
This brings the ESET Antivirus VB100 award total to 59 - still
the highest of any antivirus vendor!
December 2009 - ESET antivirus scoops 59th VB100 Award

Sophos Antivirus (UK)
Sophos's anti-virus engine and identities are now packaged into
Webroot Spy Sweeper with Anti-Virus (Webroot Spysweeper one of world's best)
Sophos wins VB100 on Windows XP
.....the 46th VB100 that Sophos has received !
(Note, Sophos is a corporate business application only available to Home Desktop in the new "marriage" combo suite created recently with industry leader Webroot Spysweeper.)

F-Secure Awards - Award-Winning Antivirus and Protection Products

Advanced +++ in AV-Comparatives Performance test
Dec 23, 2009
Anti-virus (Award)
F-Secure Internet Security 2010 receives VB100 award in the latest Virus Bulletin comparative review.
VB100 award
Dec 01, 2009
Internet Security (Award)

Kaspersky (Russia)
Kaspersky Lab's antivirus solutions win prestigious VB100 award in testing on Windows 7 platform
One of the most popular anti-virus solutions among computer users, Kaspersky Anti-Virus 2009, won a VB100 award from Virus Bulletin on
Windows Vista Business Edition.


PC Tools Spyware Doctor with AntiVirus (PC Tools Spyware Doctor one of world's best)
PC Tools receives prestigious Virus Bulletin VB100 awards
for Spyware Doctor and PC Tools AntiVirus

Desktop Products
 Avira AntiVir Premium
 Avira Premium Security Suite
 Avira AntiVir Professional

CounterSpy (antispyware) with Vipre Antivirus (CounterSpy one of world's best)
VIPRE® Antivirus + Antispyware from Sunbelt Software Wins VB100 Award for Malware Detection on Windows 7 Platform

Kingsoft Internet Security
Kingsoft Internet Security 2009 obtains VB100 award from Virus Bulletin for April 2009
Kingsoft Internet Security 9 Plus
Internet security suite that contains anti-virus, anti-malware, a vulnerability scanner and personal firewall. Find and fix rootkits, spyware, trojans, virus and malware infections. Protect your PC for less!

Forefront Client Security
Forefront Client Security wins VB100 award for Windows Server 2008 anti-malware


VB100 Award = Perfect scores ! (Top AntiVirus World Prize)
About the Virus Bulletin 100% award
The Virus Bulletin 100% awards recognise those products best able to detect viruses known to be 'in the wild'. Unlike some other similar-sounding schemes, Virus Bulletin uses the most up-to-date WildList in its tests. This means that products that are 'up with the game' are the ones most likely to be granted VB100 awards. More information about Virus Bulletin can be found on its website:

West Coast Labs
WCL provides an authoritative and independent service, delivering sound, meaningful technical information on which critical business decisions can be made. ...
Checkmark is the world's fastest growing certification system for information security products and services. It is a highly regarded accreditation program,
recognized globally by vendors, end users and by government agencies as providing End Users with effective confirmation of a product or service's effectiveness in an ever-changing threat landscape. Products registered and tested in the Real Time programme are eligible to display the Checkmark Platinum Product Award. Those products registered and tested in the standard certification programmes are eligible to display the Standard Checkmark logo (below left).
The company AV-Test GmbH is a worldwide operating and leading service provider for IT security testing and consultancy services. Our team has more than 15 years of experience in the area of anti-virus research and data security. Every year we perform more than 2,500 product tests of anti-virus, anti-spyware, personal firewalls and related products on behalf of vendors, integrators (OEM), corporate users and magazines.

Malware Research Group
MRG Malware Tests
MRG On Demand and System Rescue test
The purpose of this project is to assess the effectiveness of a set of five full AV/AM applications and two AM/AS applications against 1000 mixed samples on demand and their effectiveness in detecting and removing fifteen live infections from a system.

Welcome to the independent and renowned ProtectStar Test Lab
The ProtectStar™ Test Lab, which has achieved world renown through the "ProtectStar™ AWARD", carries out thorough ongoing in-depth testing on security solutions offered by leading manufacturers. In addition, the ProtectStar™ Test Lab is the first global IT security company to focus its attention on mobile terminals such as PDAs, cell phones and smart phones, as well as on their security testing and evaluation.
About Us

Welcome to
On this site you will find independent comparatives of Anti-Virus software. All products listed in our comparatives are already a selection of some very good anti-virus products. In order to get included in our main tests, vendors must fulfill various conditions and minimum requirements.

Epsilon Award - ESWC - the European Software Conference for ...
The Epsilon Award 2009 was won by Emsisoft. The nomination process for the Epsilon Award 2010 will begin on July 10, 2010. * ...
Epsilon is the fifth letter of the Greek alphabet and the Phoenician Word for sun derives from that root. An astronomer knows that there is a constellation in space called (Lambda)-Epsilon which we can see at the right hand side. So the Epsilon Award is a combination of Excellency, craftsmanship and visionary ability. These are characteristics of an outstanding programmer and a piece of true software art.