Get our latest top picks
Subscribe to our Top Picks RSS Feed or enter your email address below to get the feed delivered to you by email:
|
Follow Gizmo |
 |
 |
 |
Register/Login
Gizmo's Freeware is Recruiting
We are looking for people with skills or interest in the following:
- Mobile Platform Reviews
- Rootkit Scanner and Remover
- Streaming Media Recorder
- Email Client
- Archive Manager Interested? Click here
Best Free Adware-Spyware-Scumware Remover
|
Other Language?
|
 Read this article in Spanish |
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
The internet is a dangerous place to be in the 21st century, with many people using increasingly ingenious ways to part you with your hard earned cash, whether it be by exploitation, surreptitiously harvesting your credit card and bank details for their own nefarious purposes, or tempting you to spend money on products and services that you neither need nor want. During the latter years of the 20th century, and the early years of the 21st, Spybot S&D and AdAware were kings, protecting you from all manner of malware that tried to infect your computer with the sole intention of parting you from your wallet. But as technology improves, so do the malware writers, and the kings of yesterday in terms of protection may no longer be up to the job. With every new generation of malware, there will be a new generation of software to combat it, and in my own tests, these are the best free products I recommend. |
|
Discussion
|
|
Top of the list is Malwarebytes Anti-Malware Free (MBAM). MBAM is a top notch and reputable product. A fairly lightweight download (just over 10 MB) and simple installation means this is not a burdensome product. In my testing, even when the PC was severely infected with many nasties running, it started without any problem and scanned and removed those nasties effectively. The interface is very simple, the scans are very fast and detection is first class. A reboot to complete cleaning was still required for some malware, though this is a minor inconvenience, and required by most programs of this type. The only downside is it has no portable version, and if there is no working network connection in the infected PC you won't be able to download the latest virus definition updates. Second is SUPERAntiSpyware (SAS). Once upon a time this was a good product but recent releases have not been up to the mark. The interface is simple, updates are speedy but it still installs a start-up item which doesn't actually do anything at all. The scan speed is twice to thrice that of MBAM and the detection is less than half of it. The removal also left a lot to be desired. It left a few nasties running even when it showed them as removed. SAS also requires a reboot to complete the removal process. The upside is, it has a portable version which will help with the removal of infections from computers without a working network connection. I hope version 5 brings improvements. ~~~~~ Below is the old review which is still going to be updated ~~~~~
Top of the list once again is SuperAntiSpyware, which successfully detected and cleaned 121 threats on my test system. A fairly lightweight download and simple installation (5.99 MB) mean that this is not a burdensome product. If anything the general package whilst aesthetically similar, has improved, managing to detect and clean after a single scan rather than the two scans required previously. A reboot to complete cleaning was still required, though this is a minor inconvenience, and required by most packages. If I had to raise a criticism, it's that the freeware version still installs a start-up item which doesn't actually do anything at all. In the paid version, it loads the always on protection which is not available in the freeware version. This minor annoyance aside, it remains my top recommendation.
Promoted this time to joint second place is Emsisoft Anti Malware free edition, and let me be very clear that it is ONLY the free edition that I am able to recommend. Emsisoft Anti Malware was able to identify just 43 infections; though some of the more serious threats identified by SAS were included in these. If we disregard tracking cookies, then the margins narrow. However, detection rate is only half the battle, and unfortunately EAM was unable to automatically clean some of the more virulent infections found by itself. Nevertheless, it helpfully provides a link to forums for manual removal instructions.
The downside of EAM is the download size, being a huge 91.69 MB, immediately followed by further updates. Anyone on restricted bandwidth or dial up may be advised to look elsewhere, but for an average broadband connection this should not be a factor.
Separating A2 and MBAM is almost impossible. I found them to be on a par with each other regarding their scans, but both require a technical proficiency that many may not possess; A2 requires manual removal of many threats, whilst MBAM forced me to jump through hoops to get it working.
PCTools SpywareDoctor SE also performed well in scanning, finding 24 threats (excluding cookies). Unfortunately, cleaning the system proved more problematic. Despite reporting successful cleansing, SD failed to terminate processes already running, and did not in fact clean some of the more annoying infections. It would also be useful if SD prompted a reboot after cleansing, though it did not do this, and only experience dictated that this would be a good idea.
SD does, however, include real time protection, which most other products don't, and this protection did block those infections that it had failed to clean. Nevertheless, a further scan and clean with SAS was needed to fully clean my test system. A fine effort, but sadly falling short of the mark. Do note that the free version is no longer available from the PCTools website. It can be obtained as part of the Google pack, or from *here. *Warning: This is a Cnet download link. Downloads from Cnet (Download.com) now require the use of a proprietary installer.
Old timer Ad-Aware, coming in at 35.7MB performed reasonably, if not exceptionally, finding a further 24 infections even after cleaning with A-squared, 4 of which represented real threats, whilst the remaining 20 were cookies.
Doing less well in on demand tests were Spybot S&D, and The Cleaner 2010. Spybot was the other program that was actively blocked from running, and nothing I tried could overcome this. It does come with an on demand file scanner which can be run from the command line and set to scan your entire drive. However, after letting this run for over an hour and noting that progress had barely touched my relatively small installation system (2.1 GB) I cancelled. It would take an age to complete the scan, and would only examine files. Registry entries and services would be left untouched. The Cleaner 2010 found absolutely none.
Arovax Shield is still in development, and starting to mature, though there are still bugs to be ironed out. For example, once installed, and after the obligatory reboot to enable it to start it's services, it immediately complained that it could not find Firefox. This is no surprise since FF was not installed on the test system, though I fail to see why it should prevent it from doing its job. Maybe as time progresses this will become more viable, but in my opinion it isn't quite there yet.
And so that leads us to my standard "other recommendations". Internet Explorer has now reached version 8, which I am sure will become the most prolific web browser before too long, and as such will be the most heavily targeted. I stand by previous recommendations that an alternative browser (of which there are many free ones these days, including Firefox, Opera, Google Chrome and Safari) will offer a safer browsing experience.
And in order to shut the door after the horse has bolted, there are few more useful than HiJack This, which is still a tool requiring expert help, but can be invaluable in helping to clean an infected system. Fortunately, the expert help is still only a forum away.
And as always, let common sense guide you. Don't run a program from an untrusted source, and don't visit websites where infection is likely. You should also beware of popups from programs that you haven't installed, some of the fake anti-spyware I managed to pick up in my browsing sessions was surprisingly convincing. Remember, sometimes malware will scream into your face that it is there (see pic, not a genuine window amongst them). It will just not tell you what it really is.
|
|
Related Products and Links
|
Some issues have been reported on 64 bit systems
|
Editor
|
|
This software category is in need of an editor. If you would like to give something back to the freeware community by taking it over, check out this page for more details. You can then contact us from that page or by clicking here |
The comments section below is so lengthy that it has become difficult for our visitors to read. Future posts will now be edited for length and repetition, and personal attacks deleted. You are all welcome to join our Security Forum which is much better-suited for intensive debate.
- Article type:
- Login or register to post comments
Printer-friendly version
Comments
Hi
I think the main thing is about educating users. You could have the best anti-virus, multiple anti-spywares, multiple behavioural blockers, a firewall and a sandbox. But if you allow everything in the sandbox to get to your real hard drive and allow all the prompts in your behavioural blocker and firewall and press ignore when your signature scanners pop up because you think they are false positives or you want to play a game or something, all the protection is useless (except for using up resources).
Hi
I think what you are suggesting is more like a whole security setup page, not just anti-malware, so people could get confused.
You can also mention Hijackthis, which is the fastest scanner on the market and the best, IMHO, for everyday use and it is also the more lightweight. Personaly I have a sandbox and only run Defender once a month or so and Ad-aware when required. In Hijackthis, if you create a huge ignorelist after scan, in sequent scans you can monitor every unnauthorized system change at ease. Hijackthis is my favorite.
You posted something about educating users. I do believe that explaining the different type of protection and their use is educating users. And educating them should eliminate confusion.
Also, your approach to protecting your computer is not applicable to every other user. In some cases, more security may be needed and is NOT overkill. Every form of protection has is benefits and its drawbacks. A user has to decide what level of security (and how many layers) are needed for their particular circumstance, and they also have to decide whether the resources required to attain that level of security are worth it. So, educating the user on the types of security software should help them to make these decisions.
Hi
I don't believe Hijack This is suitable for everyday use for many people as it is quite an advanced tool.
"you can monitor every unauthorized system change at ease". Cool. I didn't know that. What exactly does it monitor?
Thanks
Don't believe this site is only for begginers. It monitor's:
R0, R1, R2, R3 Internet Explorer Start/Search pages URLs
F0, F1, F2,F3 Auto loading programs
N1, N2, N3, N4 Netscape/Mozilla Start/Search pages URLs
O1 Hosts file redirection
O2 Browser Helper Objects
O3 Internet Explorer toolbars
O4 Auto loading programs from Registry
O5 IE Options icon not visible in Control Panel
O6 IE Options access restricted by Administrator
O7 Regedit access restricted by Administrator
O8 Extra items in the IE right-click menu
O9 Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
O10 Winsock hijacker
O11 Extra group in IE 'Advanced Options' window
O12 IE plugins
O13 IE Default Prefix hijack
O14 'Reset Web Settings' hijack
O15 Unwanted site in Trusted Zone
O16 ActiveX Objects (aka Downloaded Program Files)
O17 Lop.com/Domain Hijackers
O18 Extra protocols and protocol hijackers
O19 User style sheet hijack
O20 AppInit_DLLs Registry value Autorun
O21 ShellServiceObjectDelayLoad
O22 SharedTaskScheduler
O23 Windows XP/NT/2000 Services
O24 Windows Active Desktop Components
But this list is not updated for 202.
Hi
Thanks for the quick reply.
You're welcome. There are a lot of DB on the Internet where you can get more information about each section. Check the urls here:
http://www.bleepingcomputer.com/tutorials/tutorial42.html
When I find something suspicous, I usualy go to Castlecops, but now it belongs to Microsoft, so I don't know how long will be there...
Hi
Thanks
But on that website the first sentence it says is "HijackThis should only be used if your browser or computer is still having problems", so it is not for regular use?
Well, I use it before and after 'problems', with no problem. They say a lot on Hijackthis... that tutorial is the more complete I know, it's old, there are others, you can Google it... but this tool can be used for several purposes.
Personaly I don't use it, but you can auto-analyse online your Hijackthis *.log in these urls:
http://hijackthis.de/
http://www.prevx.com/hijackthis.asp
http://www.help2go.com/component/detective/
http://hjt.networktechs.com/
(this is a simple copy-paste)
For offline auto-analysis use the Hijackreader:
HijackThis Reader - http://www.hollmen[dot]dk/files/hjred103.zip
(it's a portable app, just unpack, no need to install; but read the 'readme' before using)
Remember you always proceed at your own risk and that those recommendations are as accurate as possible.
Hi
Thanks for the reference to the tutorial! I haven't finished reading it but it is very helpful.
Hi
Thank for the links. It seems interesting. Do you know how accurate they are?
Thanks
Quote:
Disclaimer: This system is to be used as a generalized guide, this will not be right 100% of the time. We are of course trying our best to make it as accurate as possible. Even when an item is "red flagged" you need to double check this before deleting.
http://hjt.networktechs.com/
I guess this is valid for all of them.
HiJack This
HiJackThis should not be considered to be a beginners tool. It is, undoubtedly, one of the most effective means available of identifying threats, but you must know what you are looking for.
In fact, HiJack this will feature in the rewrite of the article, but there are caveats that come with it. You must know how to interpret the results, or know where to go to get them interpreted.
Because the software will identify many, many system processes as potential threats (a side effect of using Windows), it is all to easy for the inexperienced to remove a critical system component or process.
Fortunately, as a diagnostic tool only, it is amongst the best, but please ensure expert advice is taken before acting upon it's results.
More will be included in the re-write. In the meantime, if you are going to use HiJack This, please search for reliable forums to upload the results to and take advice before disabling or removing anything.
Steve
I agree... only advanced or expert computer users should utilize hijackthis on their own, and all others should use Hijackthis only when instructed by an expert (e.g. on a malware removal forum). I have seen a lot of people crash their systems when they used programs that were beyond their knowledge level (e.g. registry cleaners, Hijackthis, regedit, tweaking programs). Your words of caution are well stated...
Okay everybody, if you want to avoid messing up your computer, then heed the Steve!
If you do not know what Hijackthis is...then you probably do not have enough expertise to be making trustworthy recommendations about cleaning and securing a computer.
Maybe I shouldn't have talked about it...?
You couldn't be more wrong. I encourage input - and HijackThis is more than relevant input. My post was to try to stop the novice and inexperienced user doing what they often do best (no offense intended to those of you that fall into this category) - which is jumping in the deep end before they learn to swim.
Please feel free to continue to add your thoughts.
Steve
But I agree with you Steve, I never said Hijackthis was for inexperienced or novice, I said it was not for begginers.... and I did give them several warnings about it. Maybe you should rethink whether to put Hijackthis in your review or not .
Well - since it is free - and an excellent malware resource, I don't think it should be ignored either. However, I will take care to be as clear as I can with caveats.
I don't think that, just because something is complicated, it should be excluded. It just means people generally have to be aware of the dangers.
Steve
That's the Tech Support Alert I know! In future posts I'll be carefull on oversimplification.
Cheers
In the lastest newsletter - Issue 158, 19th June, 2008 - Gizmo talked about Hijackthis on-line automated tools. There are several methods you can use, acording to your experience:
I. Begginer: either don't use Hijackthis or upload the log to on-line support forums
II. Average: use on-line automated tools
(1) http://hijackthis.de/
(2) http://www.prevx.com/hijackthis.asp
(3) http://www.help2go.com/component/detective/
(4) http://hjt.networktechs.com/
In the newsletter Gizmo states (1) is the more informative. I agree, but the problem here is accuracy. If I want to use only 1 service, probably I would go to (1) but if I'm double checking I will be using all of them (1-4). In my testing - my system is clean - neither (1), (2) or (3) give me any "false positives". The service (4) give me 4 "false positives":
- 2 false "Bad - Remove almost always":
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL') (This is a safe Windows Sidebar entry)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede') (This is a safe Windows Sidebar entry)
- 2 false "Safe to remove":
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
TrueImageMonitor.exe (Part of Acronis True Image - backup software; this is a Acronis tweak)
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" (Part of Acronis True Image - backup software. Another Acronis tweak, don't mess with this one or your backup/restore tasks may not work correctly!)
More on Acronis startup entries: http://www.wilderssecurity.com/showthread.php?t=42407
The service (3) was accurate and give me one aditional recommendation:
"The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources:
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
(Description: Nvidia system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)" (this is a Nvidia tweak, certainly not malware related)
III. Advanced: use on-line Malware Search (5) or Hijackreader (6) in a computer without internet/ off-line analysis
(5) Malware Search: https://addons.mozilla.org/en-US/firefox/addon/6718
This Firefox extension adds a menu item to the context menu that you get when you right click. Just highlight text, right click, go to “Malware Search”, and select the section you wish to search. The results will open in a new tab. Support forum guys might also find it usefull.
Available search options :
- RunScanner (Filename search, GUID search, MD5 search)
- ThreatExpert
- BleepingComputer Search (Startup List, File Database, Uninstall List)
- Castlecops (Browser Helper Objects (BHOs) / Toolbars / URL SearchHook, Windows Startups, Internet Explorer Extra Buttons, Layered Service Providers, ActiveX, Extra Protocol and Protocol Hijackers, AppInit_DLLs and Winlogon Notify, ShellServiceObjectDelayLoad, Shared Task Scheduler, NT/XP Services)
- Whois
- Process Library
- Microsoft DLL
- TuxMaster's Google Malware Search Engine (Beta)
(6) Hijackreader: http://www.hollmen.dk/content/view/69/31/
This tool is based on Merijn's tutorial on the subject, and automatically searches in Pacman's startup list as well as Tony Klein's Browser Helper Object (BHO) list. Limitations: Since Castlecops' full list isn't available for download, the program will not recognize all entries (perhaps this will be possible in the future). In such instances, however, a (search) link is provided to the Castlecops site in HTML reports. The current version (v1.03) does not read the "Running processes" list. In my testing I get:
- 12 R0/R1 "FIX IF UNKNOWN" IE entries;
- 8 O8 "FIX IF UNKNOWN" entries for Adobe extra context menus
- 2 O4 "UNDETERMINED" entries for NVIDIA Driver Helper Service (classified as GOOD two lines below)
- 2 O4 "UNDETERMINED" entries for COMODO Firewall Pro and Launchy (unclassified below)
Not bad, providing the tool is still in Beta. This tool can always be used for double checking and to generate *.HTML reports that can be further analised with the Malware Search add-on.
IV. Expert: In a secure computer you can safely use the "ignore" switch to monitor unattended changes. Also, let us know if you find any better methods to use Hijackthis.
DISCLAIMER: This system is to be used as a generalized guide, this will not be right 100% of the time. It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. Please use caution, even when an item is "flagged" you need to double check before deleting.
Well Steve, hope this one is better, feel free to use it. And please, do warn them!!!
I think that Spyware Terminator should be placed at the no.1 spot above as it is much better than Spyware doctor starter edition and Windows defender, and it also has an immunization feature and web security guard.
Hi
Well it does say "As of today, we think that Spyware Terminator has the edge as the best balanced product of the three,". So that says it's number 1.
The immunization really isn't that effective, in my opinion. The Web Security Guard is quite good but takes up a lot of browser space (a small annoyance). But I prefer WOT.
Hi
well, neither spyware doctor nor spyware terminator is number one because their detection rate are not that high as some other products.. what I feel is the combination of COMODO BO Clean and super antispyware should be on the top, as one of them provides real time protection and the other provides solid on demand scanner.. and sandboxie is much better than spyware blaster at other hand....
Does anyone have information on "Spyzooka"? Promises to eliminate 100% of spyware...
Hi
Well detection rates isn't everything, real-time protection and HIPS is also a factor. and Comodo BO Clean's detection rate is not as high as some other products either. But I agree, SUPERAntiSpyware is an excellent on-demand scanner.
"and sandboxie is much better than spyware blaster at other hand...." I never said it wasn't. I agree with you.
Hi
I wouldn't recommend it. Also, looking at their own advertising for factual information is usually quite misleading, as they want you to buy their product.
Just looking at their claim of 100% is suspicious, as absolutely no product provides 100% protection.
Anyway, from their website it looks like the free version on scans, not removes.
And it was in Spyware Warriors rogue list until 2005.
I think we need more free anti spyware here, only three? you got like 5 or six with firewalls. i'm just saying that there might be things even better than what we got here, i have been looking around and found some but i'm not good at testing out software nor am i set up to. (I am a Home user) i can list them here for ya, if any are fake, oops... well here is the list. These are coming from friends who are want-to-be techs. like my self lol.
Tenebril Spy Catcher Express (never heard of it)
EMCO Malware Destroyer (this looks strange...)
Comodo BOClean (all my friends use this, looks ok.)
WinCleaner AntiSpyware (only a few know of this in my area.)
ArovaxShield (alex says it rocks but i think its a wanna be firewall lol.)
SpywareGuard (is it just me or is this really out of date?)
Spy-Ad Exterminator (looks like spyware to me)
Doctor Alex Antispyware ( alex just found this...)
Spy Cleaner Lite ( a lot of people here use this...)
AIO Security Manager 1.0 (one of my friends use this but i don't think its a antispyware)
X Spyware Scan 3.2 ( Looks like a shield to me)
this is what is used here in my city here... the only thing that looks ok is BoClean... you all are far more smarter then me when it comes to this kind of thing and a lot of people ask me to help them out and what is best or near best to use. and what real and not real... so i thought i would ask you all because i have no idea. thanks!