Malware Help

Alexa Spying
Information Only Last Reviewed: 2009-05-01
Is Alexa Spying On You?
“Well, no … probably not. At least not if you haven’t deliberately installed some of their software. But Lavasoft’s Ad-Aware identifies a standard registry key included with Internet Explorer as Data Miner spyware, with little or no further explanation, and offers to delete it. I hope this page offers a better explanation, and other alternatives to deletion. Spybot identifies it too, also without much explanation, though they have a smarter strategy to deal with it (more below).”
Anchor Link Anti-Spy Tools
Information Only Last Reviewed: 2009-05-01
A list of … “Adware and spyware scanners and related products to protect your privacy by detecting PC monitoring tools, keyloggers and also adware mechanisms that may track user activities.”
Anchor Link Acronis Antimalware CD
License: Freeware Last Reviewed: 2012-04-27
Windows: All
File Size: 333 MB
“Acronis Antimalware CD is media from which you can boot your machine and scan the system for malware. The CD will be downloaded as an ISO file, that you will need to burn to a CD/DVD.”
Anchor Link HijackThis
License: Freeware Last Reviewed: 2010-04-21
Version: 2.04 – Released: 2010-04-21 Windows: 2000, XP, 2003, Vista, 2008, 7
File Size: 1.7 MB Portable
“Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.”
Anchor Link Junkware Removal Tool
License: Freeware Last Reviewed: 2013-04-23
Version: 4.89 – Released: 2013-04-23 Windows: XP, Vista, 7, 8
File Size: 538 KB Both 32- and 64-bit compatible
“Junkware Removal Tool is a security utility that searches for and removes common adware, toolbars, and potentially unwanted programs (PUPs) from your computer. A common tactics among freeware publishers is to offer their products for free, but bundle them with PUPs in order to earn revenue. This tool will help you remove these types of programs.
“Junkware Removal Tool currently is able to remove the following program types: Babylon, Ask, Claro, Conduit, CrossRider, Facemoods / FunMoods, Conduit, Browser Manager, Coupon Printer, IncrediBar, iLivid, Web Assistant, Searchqu and MyWebSearch.”
Anchor Link Kaspersky Internet Security
License: Trial – $59.95 for 3 users 1 year Last Reviewed: 2013-04-25
Version: 13.0.1.4190 – Released: 2013-01-25 Windows: XP, Vista, 7, 8
File Size: 167 MB
“Complete Internet security protection with anti-virus, anti-spyware, anti-phishing, anti-spam and anti-hacker technologies. Plus parental controls and virtual keyboard perfect for home or small office. Features:
Protects from viruses, Trojans, worms, spyware, adware
Scans files, email, and Internet traffic
Protects instant messengers
Protects from unknown threats
2-way Personal Firewall
Safe Wi-Fi and VPN Connections
Intrusion Prevention System
Configuration and Privacy Tools
Cleans traces of user activity
Application Filter to user resources and data
Analyzes and closes IE vulnerabilities
Vulnerability scanning for OS and applications
Disables links to malware and phishing sites
Global Threat Monitoring
Virtual keyboard for safe entry of personal data
Blocks all types of Keyloggers
Parental Controls
Anti-spam protection
Blocks unwanted web banners
Automatic database updates
Free technical support
Whitelisting
Hourly updates and fastest response times
“Our 30-day trial versions are the same software as the fully licensed versions. When you’re ready to make Kaspersky your permanent online security solution, all you need to do is purchase and insert the activation code or key into the console of your trial version to make it a fully licensed product.”
Anchor Link Malicious Software Removalupdate
License: Freeware Last Reviewed: 2013-05-15
Version: 4.20 – Released: 2013-05-14 Windows: XP, 2003, Vista, 7, 8
File Size: 19.3 MB Both 32- and 64-bit versions
“The Microsoft Windows Malicious Software Removal Tool checks for and helps remove infections by specific, prevalent malicious software – including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.
“Microsoft will release an updated version of this tool on the second Tuesday of each month. New versions will be made available through this Web page, Windows Update, and the Microsoft Download Center.”
[ 64-bit version is here:
( 64-Bit Version of MSRT )
Anchor Link Malwarebytes
License: Free and Shareware Last Reviewed: 2013-04-10
Version: 1.75.0.1300 – Released: 2013-04-09 Windows: XP, 2003, Vista, 2008, 7, 8
File Size: 10 MB Both 32- and 64-bit compatible
“Malwarebytes’ Anti-Malware is considered to be the next step in the detection and removal of malware. We compiled a number of new technologies that are designed to quickly detect, destroy, and prevent malware. Malwarebytes’ Anti-Malware can detect and remove malware that even the most well-known Anti-Virus and Anti-Malware applications on the market today cannot. Malwarebytes’ Anti-Malware monitors every process and stops malicious processes before they even start. The Realtime Protection Module uses our advanced heuristic scanning technology which monitors your system to keep it safe and secure. In addition, we have implemented a threats center which will allow you to keep up to date with the latest malware threats.
“Activating the full version unlocks realtime protection, scheduled scanning, and scheduled updating. It is a one time fee of $24.95.”
[ See this page for additional information; Ed. ] Sunbelt Software and Malwarebytes
Anchor Link Microsoft Safety Scanner
License: Freeware Last Reviewed: 2011-04-22
Version: 1.0.3001.0 – Released: 2011-04-22 Windows: XP, Vista, 7
File Size: 67.8 MB Both 32- and 64-bit versions
“The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.
“Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.
“The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection.
“For real-time protection that helps to guard your home or small business PCs against viruses, spyware, and other malicious software, download Microsoft Security Essentials (see below).”
Anchor Link Microsoft Security Essentials
License: Free to Genuine Advantage clients Last Reviewed: 2013-02-27
Version: 4.2.223.1 – Released: 2013-02-27 Windows: XP, Vista, 7
File Size: 10.6 MB Both 32- and 64-bit versions
“Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software. Microsoft Security Essentials is a free download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.
“Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times.”
Anchor Link Panda SafeCD
License: Freeware Last Reviewed: 2010-06-07
Version: 4.4.3.0 – Released: 2010-06-07 Windows: 2000, XP, Vista, 7
File Size: 215 MB (ISO) Both 32- and 64-bit compatible
“This useful utility comes in handy when you need to clean a friend’s PC (or your own) from a malware infested state. It is specially useful for detecting and disinfecting malware infections which give regular AV products running within Windows a hard time.
√ Automatic detection and removal of all types of malware.
√ Boot from CD or USB stick.
√ Supports using updated signature files.
√ Supports 13 languages.
√ Supports both FAT and NTFS drives.
“The download consists of an ISO. You can either burn this into a CD/DVD or alternatively create a more convenient Boot USB stick by using something like the Universal Netboot Installer.
( UNetbootIn )
Anchor Link PC Tools AntiVirus Free Edition
License: Freeware Last Reviewed: 2012-12-15
Version: 9.1.0.2898 – Released: 2012-12-07 Windows: XP, Vista, 7, 8
File Size: 3.65 MB
“With PC Tools AntiVirus Free Edition you are protected against the most nefarious cyber-threats attempting to gain access to your PC and personal information. Going online without protection against the latest fast-spreading virus and worms, such as Netsky, Mytob and MyDoom, can result in infections within minutes. PC Tools AntiVirus Free Edition provides world-leading protection, with rapid database updates, OnGuard real-time protection and comprehensive system scanning to ensure your system remains safe and virus free. PC Tools products are trusted and used by millions of people everyday to protect their home and business computers against online threats.
“For the High-speed updates, dedicated 24/7 support and Phone support, you must purchase a PRO license for $29.95/yr.”
Anchor Link Prevx
License: Shareware Last Reviewed: 2012-03-06
Version: 3.0.5.220 – Released: 2010-11-25 Windows: All
File Size: 923 KB Both 32- and 64-bit editions
“Prevx detects, removes, and protects, helping to keep your PC and personal information safe from malicious software such as rootkits like MBR, Banking Trojans like Zeus, BOTs like Conficker as well as regular viruses, worms, spyware and adware.
“Use Prevx free (see terms) to check if your PC is infected by malicious software such as rootkits, trojans, viruses, worms, bots, spyware and adware. Millions of people use Prevx in this way for added security. They like the ultra-fast scans and the fact that Prevx 3.0 does not slow their PC in any way. Should Prevx detect infections missed by your existing security product(s) you can always upgrade to add malware removal and protection at any time or report the infection to your existing security vendor. It’s a great way to boost your PC security free of charge. Many Prevx users run the fast scan to check their PCs several times a day.”
Anchor Link RegAuditor
License: Freeware Last Reviewed: 2013-04-17
Version: 2.3.3 – Released: 2013-04-17 Windows: XP, Vista, 7, 8
File Size: 552 KB
“RegAuditor gives you a quick look at the Adware, malware and spyware installed on your computer including parasites and trojans.
“RegAuditor tells you by colored icons ( green icon – safe, yellow icon – unknown, red icon – harmful ) whether specific Objects are known to be safe or harmful, also the program searches the registry for entries including filenames that aren’t present on and allows you to delete unwanted registry entries. The tool is designed with a user-friendly interface and is easy to use.”
Anchor Link RegRun Reanimator
License: Freeware Last Reviewed: 2013-04-21
Version: 6.9.7.118 – Released: 2013-04-19 Windows: XP, Vista, 7, 8
File Size: 10.9 MB
“Reanimator is a free of charge software for removing Trojans/Adware/Spyware and some of the rootkits. Reanimator does not contains any adware/spyware modules. Compatible with all known antiviral software.”
Anchor Link RISING Antivirus
License: Free for private use Last Reviewed: 2012-03-06
Version: 24.0.2 – Released: 2011-07-02 Windows: 2000, XP, 2003, Vista, 2008, 7
File Size: 28.4 MB Both 32- and 64-bit compatible
“RISING Antivirus protects your computers against all types of viruses, Trojans, Worms, Rootkits and other malicious programs. With it’s Easy to use, Active Defense technology, Patented Clean Unknown Virus and Smartupdate technology, RISING lets you focus on what you really want to do. Rising Antivirus Free Edition is a solution with no cost to personal users for home and non-commercial use. Features:
• Anti virus, worms, trojans
• Anti Rootkit
• Mail Protection (POP3/SMTP)
• Application Protection
• Proactive Defence (protects your security safe from malicious program)
• Application Access Control
• Program Startup Control
• Malicious Behavior Detection
• Hidden Process Detection
• Multiple Languages
• High Speed Update Service
• Support Service
• Trusted by 40 millions of users”
Anchor Link Rogue-Suspect Anti-Spyware
Information Only Last Reviewed: 2012-09-10
Author: Eric L. Howes
Last Updated: May 4, 2007
“Note: Rogue/Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection.
“Some of the products listed on this page simply do not provide proven, reliable anti-spyware protection. Others may use unfair, deceptive, high pressure sales tactics and false positives to scare up sales from gullible, confused users. A very few of these products are either associated with known distributors of spyware/adware or have been known to install spyware/adware themselves. Users are advised to rely on anti-spyware applications with deserved reputations for trustworthy performance. On this page…
¤ Rogue/Suspect Anti-Spyware Products
¤ Rogue/Suspect Anti-Spyware Sites
¤ Clones/Knockoffs
¤ Trustworthy Anti-Spyware Products
¤ Google and Anti-Spyware Products
¤ More Information
¤ Background and Bio
¤ Question and Contact”
Anchor Link RogueKiller
License: Freeware Last Reviewed: 2012-08-26
Version: 8.0.0.0 – Released: 2012-08-26 Windows:XP, Vista, 7
File Size: 1.30 MB
“RogueKiller is a tool written in C, which scans the processes running, and kill those who are malicious. I developed this tool after seeing that some rogues (e.g., Security Tools) blocked the execution of disinfection programs, and some programs (e.g., Rkill) appeared ineffective in killing the rogue process. So I developed a tool based on speed of execution, which is to clean up the process and requested clean the registry to make a sanitizing faster and safer then with the usual tools.
“User manual:
1. Download the desktop RogueKiller
2. Quit all running programs
3. On Vista / Seven, right click -> run as administrator
4. Otherwise just throw RogueKiller.exe
5. When prompted, type 1 and validate
6. When the report opens (RKreport.txt is also located next to the executable), save and give to the person who is helping you
7. If the program has been blocked, do not hesitate to try several times. If it really does not (it could happen), rename it to winlogon.exe
“Notes:
» If a registry key has been detected, if you are sure it is up to Rogue, go to Mode 2. If you do not get help. In all cases, the infection process have been killed, you can disinfect quietly with more generic tools (e.g., Malwarebytes)
» If you notice that your HOSTS file is corrupt (HOSTS Section of the report), boost mode 3 RogueKiller to restore a clean copy
» If you notice any unwanted proxy, raise RogueKiller Mode 4
» If you notice any unwanted DNS, restart RogueKiller mode 5
» If your shortcuts and folders on the desktop / start menu / etc have diparu, boost mode RogueKiller 6”
[ See this page for additional information; Ed. ] MajorGeeks
Anchor Link Spy Sweeper
License: Subscription Last Reviewed: 2010-08-07
Version: 6.1.0.145 – Released: 2009-11-13 Windows: 2000, XP, 2003, Vista, 2008, 7
File Size: 40 MB
“Spy Sweeper safely detects and removes more traces of spyware than any other program including; Trojans, adware, keyloggers and system monitoring tools (e.g. Gator, Xupiter, CoolWebSearch, Backorifice and more). And because removing some spyware can break other programs on your system, Spy Sweeper offers the ability to quarantine (or disable) spyware, preventing the spy from functioning, but still allowing you access to your favorite free or shareware programs.”
Anchor Link SpyDllRemover
License: Freeware Last Reviewed: 2012-04-18
Version: 5.0 – Released: 2012-04-14 Windows: XP, Vista, 7
File Size: 5.1 MB Portable
“SpyDLLRemover is one of the apps that could add a new security layer to your computer, trying to detect spyware and hidden rootkits DLLs on your computer. ”
In addition to Spyware Dlls, it can also detect user-land Rootkit processes using multiple Anti-Rootkit techniques. It uses Heuristic analysis and ‘Online Threat Verification’ for deeper analysis of unknown Malware Threats. One of the unique feature of SpyDllRemover is ‘Advanced Dll Ejection’ which helps in completely removing Spyware/Rootkit Dlls from any running Process. It works very well with any Remote process across the session boundaries imposed in Vista/Windows7.
“All these unique features makes it one of the generic tool for removing known as well as Unknown Threats compared to traditional Antivirus Softwares which can detect only known threats.”
Anchor Link Spyware Doctor
License: Shareware – $29.95 Last Reviewed: 2012-11-07
Version: 9.1.0 – Released: 2012-11-07 Windows: XP, 2003, Vista, 7
File Size: 500 KB Both 32- and 64-bit compatible
“Spyware Doctor is an adware and spyware removal utility that detects and cleans thousands of potential adware, trojans, keyloggers, spyware and other malware from your PC. It offers various options, including Browser monitor and immunization against ActiveX controls, as well as automatic cookie deletion, quarantine and more.”
Anchor Link Spyware Guide
Information Only Last Reviewed: 2010-04-12
“The Spyware Guide was created to provide an all inclusive and updated resource on spy ware applications, what they do and how they’re used. These resources include: which software applications can detect and defeat spyware, an extensive database of all known spy software and adware applications and contact information as well as other privacy related products. As the spy versus spy battle rages on we have decided not to take sides, but to merely document the battlefield.”
Anchor Link Spyware Terminator
License: Free and Paid Versions Last Reviewed: 2012-09-10
Version: 3.0.0.80 – Released: 2012-09-08 Windows: XP, Vista, 7
File Size: 4.8 MB Both 32- and 64-bit compatible
“Effectively remove spyware, adware, viruses, Trojans, keyloggers, and other malware threats, even dangerous threats like WebRebates, Look2Me, BetterInternet, VX2, and CWS. Spyware Terminator requires minimal PC resources and has fast scanning speed. Comes with powerful real-time protection shield, advanced system scanning and safe quarantine for found spyware. Latest version includes HIPS to protect your computer against penetration of unknown threats, plus powerful antivirus that detects malicious programs during scans and within the Real-time Shield. Scan your computer manually or schedule full system sweeps. Real-Time Protection guards your computer, privacy, and personal information from hidden threats before they run, stopping most threats before they install. Internet, System, and Application Guards monitor over 50 security checkpoints to verify any unknown activity.”
Anchor Link Spyware Warrior
Information Only Last Reviewed: 2009-09-06
Last Updated: 2009-08-31
“Protecting Your Privacy & Security
“Welcome to Eric Howes’ Privacy and Security Page”
Anchor Link SpywareBlaster
License: Freeware – Donations appreciated Last Reviewed: 2010-09-01
Version: 4.4 – Released: 2010-08-31 Windows: All
File Size: 3 MB
“SpywareBlaster doesn’t scan and clean for spyware— it prevents it from ever being installed. How? By setting a ‘kill bit’ for the CLSIDs of spyware ActiveX controls, it prevents the installation of any of them from a webpage. You can run Internet Explorer with Active-X enabled, but you will never even get a ‘Yes/No’ box popped up, asking you to install a spyware Active-X control (Internet Explorer will never download or run it!). All other Active-X controls or plug-ins will work fine. The SpywareBlaster database contains information on these known spyware Active-X controls. Make sure you run the Check For Updates feature frequently to get the latest database! (And make sure you check the new items to protect your system against them!) As a side benefit, setting this ‘kill bit’ will also prevent the spyware Active-X from running, in many cases, if it is already installed on your system.”
Anchor Link SUPERAntiSpyware
License: Free for Personal Use – Shareware Last Reviewed: 2013-05-09
Version: 5.6.0.1018 – Released: 2013-05-09 Windows: 2000, XP, 2003, Vista, 7, 8
File Size: 24.3 MB Portable version available on-site
Both 32- and 64-bit compatible
“SUPERAntiSpyware is the most thorough scanner on the market. Our Multi-Dimensional Scanning and Process Interrogation Technology will detect spyware that other products miss! SUPERAntiSpyware will remove ALL the Spyware, NOT just the easy ones! Easily remove over 100,000 pests such as SmitFraud, Vundo, WinFixer, SpyAxe, SpyFalcon, WinAntiVirus, AntiVermins and thousands more!
» Quick, Complete and Custom Scanning of Hard Drives, Removable Drives, Memory, Registry, Individual Folders and More!
» Includes Trusting Items and Excluding Folders for complete customization of scanning!
» Detect and Remove Spyware, Adware, Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits and many other types of threats.
» Light on System Resources and won’t slow down your computer like many other anti-spyware products.
» Won’t conflict with your existing anti-spyware or anti-virus solution!
» Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System!
» 32/64-bit Users: New blended (32/64) bit installer pre-release available on our forums. A single install handles both 32-bit and 64-bit installations/updates!
“SUPERAntiSpyware Free Edition does not include real-time blocking or scheduled scanning. All purchases are backed by a 30-day unconditional money back guarantee.”
Anchor Link Svchost Process Analyzer
License: Freeware Last Reviewed: 2013-02-20
Version: 1.1.0.44 – Released: 2013-02-20 Windows: 2000, XP, 2003, Vista, 2008, 7
File Size: 527 KB Portable
Both 32- and 64-bit compatible
“Svchost.exe is the most mysterious process in Windows XP/Vista. Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs). The authentic svchost.exe file is located in C:\Windows\System32, but a lot of viruses and trojans use the some file and process name to hide their activities.
“The free Svchost Process Analyzer enumerates all svhost instances and checks the containing services. So it is easy to discover svchost worms like the infamous Conficker worm. Features:
• doesn’t require runtimes
• doesn’t require installation
• doesn’t write to the registry
• doesn’t modify files outside of its own directories
• 100% freeware, is not adware”
Anchor Link ThreatFire
License: Free Last Reviewed: 2010-01-21
Version: 4.10 – Released: 2010-01-21 Windows: XP, 2003, Vista, 2008, 7
File Size: 8.6 MB Both 32- and 64-bit compatible
“The behavior-based anti-malware software Cyberhawk has been renamed and released as PC Tools ThreatFire.
“ThreatFire is dramatically different to traditional antivirus software. Normal antivirus products usually need to have first identified and seen a threat before they can provide adequate protection against it. The protection is then provided via a signature or fingerprint update, which must first be written by an antivirus researcher. This creates a large window of time where threats are undetected and can therefore infect your PC even when you have antivirus software installed.
“ThreatFire’s patent-pending ActiveDefense technology offers protection against all types of internet threats — both known and unknown — spyware, adware, keyloggers, viruses, worms, Trojans, rootkits, buffer overflows, and other malware. ThreatFire uses its unparalleled protection to hunt down and paralyze those threats that are either too new or too clever to be recognized by traditional ‘signature-based’ antivirus software.”
Anchor Link VIPRE Antivirus
License: Shareware Last Reviewed: 2012-09-27
Version: 6.0.5449 – Released: 2012-09-27 Windows: XP, Vista, 7, 8
File Size: 22.6 MB Both 32- and 64-bit compatible
“VIPRE Antivirus + Antispyware combines antivirus and spyware protection is a single software package that doesn’t slow down your PC like traditional antivirus products. It includes advanced anti-rootkit protection, kernel level real-time monitoring and automatic email scanning, along with several bonus tools that include a history cleaner, a secure file eraser, and a PC Explorer for advanced users. Other features include an easy-to-use interface, automatic updates, scheduled scanning, Explorer integration and more. VIPRE has been designed for low impact on system resources without sacrificing security and reliability.”
[ See this page for additional information; Ed. ] Sunbelt Software and Malwarebytes
Anchor Link VirusTotal
License: Free Online Last Reviewed: 2009-07-03
“VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. Specs:
• Free, independent service
• Use of multiple antivirus engines
• Real-time automatic updates of virus signatures
• Detailed results from each antivirus engine
• Real time global statistics”


Moneta

github.com

Price: Open-Source
License: GPLv3
License URL: github.com
Platform: Windows
Last Modified: October 11, 2020

For advanced users only.

Moneta is a live usermode memory analysis tool (memory scanner) for Windows with the capability to detect malware IOCs in the command-line.

The scanner is written in C++

Article about how its made:
https://securityboulevard.com/2020/07/masking-malicious-memory-artifacts-part-ii-insights-from-moneta/