Best Free Spyware And Adware Remover

 
Other Language?
  Read this article in Spanish
In a Hurry?
  Go straight to the Quick Selection Guide
Introduction
The Internet is a dangerous place to be in the 21st century. Unscrupulous people using malicious software are finding ingenious ways to access your information or lead you into spending money.  Spyware harvests information from your computer with keylogging and data capture techniques, while adware tracks your browsing habits and tempts you with popup ads related to websites you have visited.  Another less known troublemaker is scumware.  This software attacks websites and changes their advertising, for example changing family friendly links to adult rated links.
 
With every new generation of malware (adware, spyware, scumware, virus, rootkits, trojans), there will be a new generation of software to combat it.  Gizmo's offers many useful articles and reviews to help today's computer user obtain the necessary tools to combat the virtual foe.  This category will look at adware and spyware removers.  
 
The following products have been reviewed for this category;
Spybot-Preventor, Remover
SAS (SuperAntiSpyware) - Remover
Malwarebytes - Remover
Spywareblaster - Preventor
 
Discovery: All of these programs will perform manual scans, but some will not provide real-time scanning protection unless you upgrade to the paid version.  Some are removers, some are preventors.  It was difficult to find a free program that combined all the components.  The winner in this category is Spybot for it's removal and prevention ability in a free program.  SAS found more to remove, however it doesn't offer real-time protection.  
Discussion

Spybot is a malware remover.  Designed for basic use yet offers complex menus and information for advanced users.  After installation the program will offer to create a Whitelist.  This process indexes files for faster scans and isn't recommended unless the host computer is known to be clearn.  For best results cancel this option, update the software, run a full scan then create a Whitelist if all is clean.   

After updating I ran a quick scan which did not find my test file.  The scan menu offers third party cookie blocking.  The immunization feature interacts with the web browser to warn users of potentially harmful websites.  I tried to install sweetpacks toolbar and spybot put up a warning.  Spybot's full scan will also check for rootkit malware .  Spybot detected the EICAR bogus website the first time, however it didn't detect the bogus malware/virus file downloads.  Spybot also flagged a warning when I clicked on a 7-zip advertisement on C/NET.  Spybot works very well to warn of potential problems with links or websites.  

SuperAntiSpyware aka SAS detects and removes malware. Installation is simple however the install offers a free trial of pro version which I declined. After the program installs the home menu page opens. I ran the quick scan which impressively found 65 tracking cookies and 2 malware files. Other menus provide custom scans, the ability to set trusted items, and exclude folders. There are more options to set specific folders for scanning, doing quick scans and complete scans. The menu screen has a prefences button, but also has check boxes for features only available on the pro version. These boxes are somewhat annoying as they look meaningful but are essentially promo buttons to upgrade. The free version does not provide real time protection. SAS detected the footprint of two EICAR temp files from a previous visit to the EICAR website.

Malwarebytes is a malware detection and removal software. When the program first installs it will ask you if you want to update to the free pro trial, update definitions and launch the program. I selected to update the definitions and launch the program. The program launched with a configuration menu providing the options to peform a quick scan or full scan. I performed the quick scan which surprisingly detected 7 malware files the previous programs failed to recognize. Unfortunately the free version doesn't offer real time protection. Updating definitions is a good feature, and quarantined files can be manually deleted. A history of the logs is kept in an easily accessable history. There are several options for configuring how the program scans but scheduling isn't one of them. Rootkit scanning requires a separate file download.

Note: Malware Bytes uses the CNET website however it does not contain unwanted third party offers.

Honorable Mention: Spywareblaster is a prevention not a removal program but I felt worth mentioning here for it's unique features.

What, no scan feature? That's right because this program doesn't need one. Spywareblaster is all about prevent and protect. Heck this program doesn't even have to run in the back ground. It tweaks some browser security settings, adds some restricted sites and goes to sleep. Wake it up once a week to update the database, update the profiles and put it back to bed, that simple. What kind of program is this? One of the least intrusive yet most powerful malware blockers available. Spywareblaster has the smallest file size of the reviewed programs. The home screen opens letting you know protections are disabled. Run the update, enable the protections and you're done. Use system snapshot to create a restore point in case things go wrong. Spywareblaster is the only program reviewed to recommend this step. The tools option offers customer configurations and flash player blocking. Manually install updates and Spywareblaster will prompt you to reset the protections. The unique feature of this program is its focus to prevent and protect from the installation of adware, spyware and scumware using the web browser rather than perform cleanup or drain system resources by running in the back ground. Like virus definitions, Spywareblaster updates a list of troublesome maleware daily, this is why it's important to run the updates frequently for this program, recommendation is at least weekly. The paid version allows automatic updating.

Quick Selection Guide

SpyBot
5
 
Gizmo's Freeware award as the best product in its class!

Runs as a stand-alone program on a user's computer
real-time protection, protects one or more user profiles
scan didn't detect malware coded file, does not uninstall cleanly
http://www.safer-networking.org/
2.19.1
36 MB
32 bit but 64 bit compatible
Unrestricted freeware
There is no portable version of this product available.
Windows XP, Vista, Windows 7 and Windows 8

2.0 Supports IE, Chrome, Firefox, Apple Safari, Opera. Languages: English, German, Italian, Russian. Spybot Search & Destroy 1.6.2 available for older PCs.
v2.1.21 SR2 released 30 July, 2013
View the malware engine updates here

SUPERAntiSpyware
4
 
Runs as a stand-alone program on a user's computer
Simple functional menus, good cookie tracker, supports all browsers
Free version doesn't offer real time protection, only scans.
http://www.superantispyware.com/
5.6.1018
24.3 MB
32 and 64 bit versions available
Feature limited freeware
A portable version of this product is available from the developer.
Win 2000 - Win 8

Supports all web browsers. Lanuages; Danish, French, German, Italian, Macedonian, Norwegian, Polish, Portuguese, Spanish, Swedish.
Supported formats: 32 and 64 bit

Malwarebytes Anti-Malware Free
4
 
Runs as a stand-alone program on a user's computer
detected files other programs missed, light and simple
no real-time protection, no scheduling, rootkit scanning requires additional download
http://www.malwarebytes.org/
1.75.0.1300
9.8 MB
32 bit but 64 bit compatible
Feature limited freeware
There is no portable version of this product available.
Windows Vista/Windows 7/Windows 8 /Windows XP Service Pack 2 or Later

Languages Available: English, Arabic, Bosnian, Bulgarian, Catalan, Chinese Simplified, Chinese Traditional, Croatian, Czech, Danish, Dutch, Estonian, Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Latvian, Lithuanian, Macedonian, Norwegian, Polish, Portuguese (Brazil), Portuguese (Portugal), Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Thai, Turkish, Vietnamese.

Spywareblaster
3.5
 
Runs as a stand-alone program on a user's computer
customizable block lists, doesn't use system resources by running in the back ground, does not affect browser performance or conflict with other software.
not a removal tool, must update protections after updating lists
5.0
4 MB
32 bit but 64 bit compatible
Unrestricted freeware
There is no portable version of this product available.
Windows 2000, XP, Vista, 7, 8.

Supports Internet Explorer, Google Chrome, Mozilla Firefox, Netscape, Seamonkey, Pale Moon, K-Meleon; and browsers that use the IE engine, including: AOL web, browser, Avant Browser, Slim Browser, Maxthon (formerly MyIE2), Crazy Browser, GreenBrowser

Editor

This software review is copy-edited by Glyn Burgess. Please help edit and improve this article by clicking here.

The comments section below is so lengthy that it has become difficult for our visitors to read. Future posts will now be edited for length and repetition, and personal attacks deleted. You are all welcome to join our Security Forum which is much better-suited for intensive debate.

 

Share this
3.99614
Average: 4 (259 votes)
Your rating: None

Comments

by JonathanT on 16. June 2008 - 7:35  (2157)

Hi

I think the main thing is about educating users. You could have the best anti-virus, multiple anti-spywares, multiple behavioural blockers, a firewall and a sandbox. But if you allow everything in the sandbox to get to your real hard drive and allow all the prompts in your behavioural blocker and firewall and press ignore when your signature scanners pop up because you think they are false positives or you want to play a game or something, all the protection is useless (except for using up resources).

by JonathanT on 16. June 2008 - 7:42  (2158)

Hi

I think what you are suggesting is more like a whole security setup page, not just anti-malware, so people could get confused.

by Anonymous on 16. June 2008 - 12:40  (2171)

You can also mention Hijackthis, which is the fastest scanner on the market and the best, IMHO, for everyday use and it is also the more lightweight. Personaly I have a sandbox and only run Defender once a month or so and Ad-aware when required. In Hijackthis, if you create a huge ignorelist after scan, in sequent scans you can monitor every unnauthorized system change at ease. Hijackthis is my favorite.

by Anonymous on 17. June 2008 - 2:26  (2220)

You posted something about educating users. I do believe that explaining the different type of protection and their use is educating users. And educating them should eliminate confusion.

Also, your approach to protecting your computer is not applicable to every other user. In some cases, more security may be needed and is NOT overkill. Every form of protection has is benefits and its drawbacks. A user has to decide what level of security (and how many layers) are needed for their particular circumstance, and they also have to decide whether the resources required to attain that level of security are worth it. So, educating the user on the types of security software should help them to make these decisions.

by JonathanT on 17. June 2008 - 7:05  (2227)

Hi

I don't believe Hijack This is suitable for everyday use for many people as it is quite an advanced tool.

"you can monitor every unauthorized system change at ease". Cool. I didn't know that. What exactly does it monitor?

Thanks

by Anonymous on 17. June 2008 - 10:21  (2239)

Don't believe this site is only for begginers. It monitor's:

R0, R1, R2, R3 Internet Explorer Start/Search pages URLs
F0, F1, F2,F3 Auto loading programs
N1, N2, N3, N4 Netscape/Mozilla Start/Search pages URLs
O1 Hosts file redirection
O2 Browser Helper Objects
O3 Internet Explorer toolbars
O4 Auto loading programs from Registry
O5 IE Options icon not visible in Control Panel
O6 IE Options access restricted by Administrator
O7 Regedit access restricted by Administrator
O8 Extra items in the IE right-click menu
O9 Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu
O10 Winsock hijacker
O11 Extra group in IE 'Advanced Options' window
O12 IE plugins
O13 IE Default Prefix hijack
O14 'Reset Web Settings' hijack
O15 Unwanted site in Trusted Zone
O16 ActiveX Objects (aka Downloaded Program Files)
O17 Lop.com/Domain Hijackers
O18 Extra protocols and protocol hijackers
O19 User style sheet hijack
O20 AppInit_DLLs Registry value Autorun
O21 ShellServiceObjectDelayLoad
O22 SharedTaskScheduler
O23 Windows XP/NT/2000 Services
O24 Windows Active Desktop Components

But this list is not updated for 202.

by JonathanT on 17. June 2008 - 10:29  (2240)

Hi

Thanks for the quick reply.

by Anonymous on 17. June 2008 - 10:43  (2241)

You're welcome. There are a lot of DB on the Internet where you can get more information about each section. Check the urls here:

http://www.bleepingcomputer.com/tutorials/tutorial42.html

When I find something suspicous, I usualy go to Castlecops, but now it belongs to Microsoft, so I don't know how long will be there...

by JonathanT on 17. June 2008 - 10:54  (2243)

Hi

Thanks

But on that website the first sentence it says is "HijackThis should only be used if your browser or computer is still having problems", so it is not for regular use?

by Anonymous on 17. June 2008 - 11:10  (2244)

Well, I use it before and after 'problems', with no problem. They say a lot on Hijackthis... that tutorial is the more complete I know, it's old, there are others, you can Google it... but this tool can be used for several purposes.

by Anonymous on 17. June 2008 - 12:10  (2245)

Personaly I don't use it, but you can auto-analyse online your Hijackthis *.log in these urls:
http://hijackthis.de/
http://www.prevx.com/hijackthis.asp
http://www.help2go.com/component/detective/
http://hjt.networktechs.com/

(this is a simple copy-paste)

For offline auto-analysis use the Hijackreader:
HijackThis Reader - http://www.hollmen[dot]dk/files/hjred103.zip

(it's a portable app, just unpack, no need to install; but read the 'readme' before using)

Remember you always proceed at your own risk and that those recommendations are as accurate as possible.

by JonathanT on 17. June 2008 - 12:17  (2247)

Hi

Thanks for the reference to the tutorial! I haven't finished reading it but it is very helpful.

by JonathanT on 17. June 2008 - 12:19  (2248)

Hi

Thank for the links. It seems interesting. Do you know how accurate they are?

Thanks

by Anonymous on 17. June 2008 - 12:37  (2252)

Quote:

Disclaimer: This system is to be used as a generalized guide, this will not be right 100% of the time. We are of course trying our best to make it as accurate as possible. Even when an item is "red flagged" you need to double check this before deleting.
http://hjt.networktechs.com/

I guess this is valid for all of them.

by Steve Hargreaves (not verified) on 18. June 2008 - 22:39  (2356)

HiJack This

HiJackThis should not be considered to be a beginners tool. It is, undoubtedly, one of the most effective means available of identifying threats, but you must know what you are looking for.

In fact, HiJack this will feature in the rewrite of the article, but there are caveats that come with it. You must know how to interpret the results, or know where to go to get them interpreted.

Because the software will identify many, many system processes as potential threats (a side effect of using Windows), it is all to easy for the inexperienced to remove a critical system component or process.

Fortunately, as a diagnostic tool only, it is amongst the best, but please ensure expert advice is taken before acting upon it's results.

More will be included in the re-write. In the meantime, if you are going to use HiJack This, please search for reliable forums to upload the results to and take advice before disabling or removing anything.

Steve

by Anonymous on 19. June 2008 - 1:52  (2367)

I agree... only advanced or expert computer users should utilize hijackthis on their own, and all others should use Hijackthis only when instructed by an expert (e.g. on a malware removal forum). I have seen a lot of people crash their systems when they used programs that were beyond their knowledge level (e.g. registry cleaners, Hijackthis, regedit, tweaking programs). Your words of caution are well stated...
Okay everybody, if you want to avoid messing up your computer, then heed the Steve!

by Anonymous on 19. June 2008 - 2:16  (2369)

If you do not know what Hijackthis is...then you probably do not have enough expertise to be making trustworthy recommendations about cleaning and securing a computer.

by Anonymous on 19. June 2008 - 13:13  (2467)

Maybe I shouldn't have talked about it...?

by Steve Hargreaves (not verified) on 19. June 2008 - 18:17  (2518)

You couldn't be more wrong. I encourage input - and HijackThis is more than relevant input. My post was to try to stop the novice and inexperienced user doing what they often do best (no offense intended to those of you that fall into this category) - which is jumping in the deep end before they learn to swim.

Please feel free to continue to add your thoughts.

Steve

by Anonymous on 19. June 2008 - 19:09  (2530)

But I agree with you Steve, I never said Hijackthis was for inexperienced or novice, I said it was not for begginers.... and I did give them several warnings about it. Maybe you should rethink whether to put Hijackthis in your review or not .

by Steve Hargreaves on 19. June 2008 - 22:33  (2553)

Well - since it is free - and an excellent malware resource, I don't think it should be ignored either. However, I will take care to be as clear as I can with caveats.

I don't think that, just because something is complicated, it should be excluded. It just means people generally have to be aware of the dangers.

Steve

by Anonymous on 20. June 2008 - 12:09  (2656)

That's the Tech Support Alert I know! In future posts I'll be carefull on oversimplification.

Cheers

by Anonymous on 20. June 2008 - 18:05  (2714)

In the lastest newsletter - Issue 158, 19th June, 2008 - Gizmo talked about Hijackthis on-line automated tools. There are several methods you can use, acording to your experience:

I. Begginer: either don't use Hijackthis or upload the log to on-line support forums

II. Average: use on-line automated tools

(1) http://hijackthis.de/
(2) http://www.prevx.com/hijackthis.asp
(3) http://www.help2go.com/component/detective/
(4) http://hjt.networktechs.com/

In the newsletter Gizmo states (1) is the more informative. I agree, but the problem here is accuracy. If I want to use only 1 service, probably I would go to (1) but if I'm double checking I will be using all of them (1-4). In my testing - my system is clean - neither (1), (2) or (3) give me any "false positives". The service (4) give me 4 "false positives":

- 2 false "Bad - Remove almost always":
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL') (This is a safe Windows Sidebar entry)
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede') (This is a safe Windows Sidebar entry)

- 2 false "Safe to remove":
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
TrueImageMonitor.exe (Part of Acronis True Image - backup software; this is a Acronis tweak)
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" (Part of Acronis True Image - backup software. Another Acronis tweak, don't mess with this one or your backup/restore tasks may not work correctly!)
More on Acronis startup entries: http://www.wilderssecurity.com/showthread.php?t=42407

The service (3) was accurate and give me one aditional recommendation:
"The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources:
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
(Description: Nvidia system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)" (this is a Nvidia tweak, certainly not malware related)

III. Advanced: use on-line Malware Search (5) or Hijackreader (6) in a computer without internet/ off-line analysis

(5) Malware Search: https://addons.mozilla.org/en-US/firefox/addon/6718

This Firefox extension adds a menu item to the context menu that you get when you right click. Just highlight text, right click, go to “Malware Search”, and select the section you wish to search. The results will open in a new tab. Support forum guys might also find it usefull.
Available search options :
- RunScanner (Filename search, GUID search, MD5 search)
- ThreatExpert
- BleepingComputer Search (Startup List, File Database, Uninstall List)
- Castlecops (Browser Helper Objects (BHOs) / Toolbars / URL SearchHook, Windows Startups, Internet Explorer Extra Buttons, Layered Service Providers, ActiveX, Extra Protocol and Protocol Hijackers, AppInit_DLLs and Winlogon Notify, ShellServiceObjectDelayLoad, Shared Task Scheduler, NT/XP Services)
- Whois
- Process Library
- Microsoft DLL
- TuxMaster's Google Malware Search Engine (Beta)

(6) Hijackreader: http://www.hollmen.dk/content/view/69/31/

This tool is based on Merijn's tutorial on the subject, and automatically searches in Pacman's startup list as well as Tony Klein's Browser Helper Object (BHO) list. Limitations: Since Castlecops' full list isn't available for download, the program will not recognize all entries (perhaps this will be possible in the future). In such instances, however, a (search) link is provided to the Castlecops site in HTML reports. The current version (v1.03) does not read the "Running processes" list. In my testing I get:
- 12 R0/R1 "FIX IF UNKNOWN" IE entries;
- 8 O8 "FIX IF UNKNOWN" entries for Adobe extra context menus
- 2 O4 "UNDETERMINED" entries for NVIDIA Driver Helper Service (classified as GOOD two lines below)
- 2 O4 "UNDETERMINED" entries for COMODO Firewall Pro and Launchy (unclassified below)

Not bad, providing the tool is still in Beta. This tool can always be used for double checking and to generate *.HTML reports that can be further analised with the Malware Search add-on.

IV. Expert: In a secure computer you can safely use the "ignore" switch to monitor unattended changes. Also, let us know if you find any better methods to use Hijackthis.

DISCLAIMER: This system is to be used as a generalized guide, this will not be right 100% of the time. It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. Please use caution, even when an item is "flagged" you need to double check before deleting.

Well Steve, hope this one is better, feel free to use it. And please, do warn them!!!

by Anonymous on 23. June 2008 - 0:54  (2926)

I think that Spyware Terminator should be placed at the no.1 spot above as it is much better than Spyware doctor starter edition and Windows defender, and it also has an immunization feature and web security guard.

by JonathanT on 23. June 2008 - 7:10  (2949)

Hi

Well it does say "As of today, we think that Spyware Terminator has the edge as the best balanced product of the three,". So that says it's number 1.

The immunization really isn't that effective, in my opinion. The Web Security Guard is quite good but takes up a lot of browser space (a small annoyance). But I prefer WOT.

by Anonymous on 23. June 2008 - 16:03  (2979)

Hi
well, neither spyware doctor nor spyware terminator is number one because their detection rate are not that high as some other products.. what I feel is the combination of COMODO BO Clean and super antispyware should be on the top, as one of them provides real time protection and the other provides solid on demand scanner.. and sandboxie is much better than spyware blaster at other hand....

by Anonymous on 24. June 2008 - 3:48  (3003)

Does anyone have information on "Spyzooka"? Promises to eliminate 100% of spyware...

by JonathanT on 24. June 2008 - 7:09  (3013)

Hi

Well detection rates isn't everything, real-time protection and HIPS is also a factor. and Comodo BO Clean's detection rate is not as high as some other products either. But I agree, SUPERAntiSpyware is an excellent on-demand scanner.

"and sandboxie is much better than spyware blaster at other hand...." I never said it wasn't. I agree with you.

by JonathanT on 24. June 2008 - 7:22  (3014)

Hi

I wouldn't recommend it. Also, looking at their own advertising for factual information is usually quite misleading, as they want you to buy their product.

Just looking at their claim of 100% is suspicious, as absolutely no product provides 100% protection.

Anyway, from their website it looks like the free version on scans, not removes.

And it was in Spyware Warriors rogue list until 2005.

by Anonymous on 24. June 2008 - 19:46  (3039)

I think we need more free anti spyware here, only three? you got like 5 or six with firewalls. i'm just saying that there might be things even better than what we got here, i have been looking around and found some but i'm not good at testing out software nor am i set up to. (I am a Home user) i can list them here for ya, if any are fake, oops... well here is the list. These are coming from friends who are want-to-be techs. like my self lol.

Tenebril Spy Catcher Express (never heard of it)
EMCO Malware Destroyer (this looks strange...)
Comodo BOClean (all my friends use this, looks ok.)
WinCleaner AntiSpyware (only a few know of this in my area.)
ArovaxShield (alex says it rocks but i think its a wanna be firewall lol.)
SpywareGuard (is it just me or is this really out of date?)
Spy-Ad Exterminator (looks like spyware to me)
Doctor Alex Antispyware ( alex just found this...)
Spy Cleaner Lite ( a lot of people here use this...)
AIO Security Manager 1.0 (one of my friends use this but i don't think its a antispyware)
X Spyware Scan 3.2 ( Looks like a shield to me)

this is what is used here in my city here... the only thing that looks ok is BoClean... you all are far more smarter then me when it comes to this kind of thing and a lot of people ask me to help them out and what is best or near best to use. and what real and not real... so i thought i would ask you all because i have no idea. thanks!

Gizmo's Freeware is Recruiting!

Gizmos Needs YouShare your knowledge of free software with millions of Gizmo's readers by joining our editing team.  Details here.