Best Free Trojan Horse Scanning And Removal Software

Other Language?
  Read this article in Spanish
In a Hurry?
Go to details...  Go straight to the Quick Selection Guide

Malware, trojans and threats

Most PCs are now connected to the Internet and networks, making easier the spread of malicious software (malware), which includes trojans (also known as trojan horses), viruses, worms, spyware, adware, rootkits and other malicious or unwanted programs.

Like spyware and adware, trojans can get onto your computer in a number of ways, including: from a web browser; via email; or in a bundle with other software downloaded from the Internet. You may also inadvertently transfer malware via a USB flash drive or other portable media. It is possible that you could be forced to reformat your USB flash drive or other portable device in order to eliminate the infection and avoid transferring it to other machines.

Unlike viruses or worms, trojans do not replicate themselves, but they can be just as destructive. On the surface, trojans appear benign and harmless, but once the infected code is run, trojans kick in and perform malicious functions to harm the computer system without the users' knowledge.

For example, waterfalls.scr is a waterfall screen saver as originally claimed by the author, but it can be associated with malware and become a trojan to unload hidden programs and allow unauthorized access to the users' PC.

Some typical examples of threats by trojans are as follows:

  • Erase, overwrite or corrupt data on a computer
  • Help to spread other malware such as viruses (by a dropper trojan)
  • Deactivate or interfere with anti-virus and firewall programs
  • Allow remote access to your computer (by a remote access trojan)
  • Upload and download files without your knowledge
  • Gather e-mail addresses and use them for spam
  • Log keystrokes to steal information such as passwords and credit card numbers
  • Copy fake links to false websites, display porno sites, play sounds/videos, display images
  • Slow down, restart or shut down your computer
  • Re-install themselves after being disabled
  • Disable the task manager
  • Disable the control panel

To minimise the threats, most PC users will need an effective anti-malware program to remove trojans along with other malware.

Anti-malware and anti-trojan programs

As more computer security developers are extending their product capabilities to address more than one type of malware, the boundary between different types of anti-malware programs is no longer clear-cut and has become blurred.

For example, an anti-virus program such as AVG Anti-Virus covers not only viruses, but offers protection against spyware, adware and others. An anti-spyware program such as SuperAntiSpyware not only detects spyware, but removes trojans, rootkits and other threats. Likewise an anti-trojan program can offer to remove viruses, spyware and other types of malware.

More appropriately, these security products are to be classified as anti-malware programs rather than to be grouped by the name of the products.

In this respect, anti-malware products which are designed to detect and remove trojans more effectively than the others will be reviewed in this category.

How many anti-malware programs do I need to install?

The following extract attempts to answer the aforementioned question and forms part of Gizmo Richards' Support Alert Newsletter, Issue 156, April 2008.

Interviewer: So do you still need an AV program plus an anti-spyware program and an anti-trojan scanner?

Gizmo: For the majority of average users the answer is no. A single competent broad spectrum anti-malware product is enough. Of course, not everyone is an average user. Users who engage in high risk activities, like sourcing their software from P2P services, should load up their PC with all the protection they can get. Similarly, there are users for whom the best possible protection is paramount, regardless of cost or performance implications. Finally, users of freeware scanners who cannot afford [and/or are unwilling to pay for] a premium product may be well advised to use more than one signature-based scanner.


Despite their ratings in this review, some anti-malware programs in certain cases are able to detect more malware than the others depending on their designs, online databases and the infections on computers.


Emsisoft Anti-MalwareEmsisoft Anti-Malware is a good choice to scan and remove malware, especially trojans, from your PC. It removes the trojans containing backdoors, keyloggers, diallers and other destructive pests that make it dangerous to surf the web.

Other than trojans, it also can be used to recognize and remove spyware, adware, tracking cookies, worms, viruses and rootkits from your PC.

Designed for ease of use, this program combines Emsisoft Anti-Malware and the Bitdefender Anti-Virus engine to cut down on unnecessary double detection routines for one and the same malware. Prior to version 7.0 Ikarus was employed, but this has now been replaced by Bitdefender because of the former's tendency to produce false positives.

Any suspicious file/s can be uploaded to Emsisoft for analysis: and also, you may find their forums helpful:

Features such as quarantine, online updates and heuristic scan for unknown malware are included.

From the Emsisoft website, 'By default Emsisoft Anti-Malware installs as a free fully functional 30 day trial version. After the trial period you can either choose to buy a full version license or switch to the limited freeware mode. The freeware mode still allows you to scan and clean infections, but it doesn't provide any real-time protection to guard against new infections'.

In other words, the free version does not provide other features such as file guard, behavior blocker and surf protection.


Malwarebytes' Anti-Malware (MBAM) is an on-demand scanner which can be used to find and remove trojans, along with other malware such as viruses, worms, rootkits, diallers and spyware.

Since the launch of version 2.0, in March 2014, the GUI has benn drastically altered and long-term users' of MBAM might take a while to get used to the new layout. Qiuick scan has been replaced by Threat scan, but the program is still intuitive and simple to use.

As well as ditching the former utilitarian interface, MBAM now has a Progress Scanner bar and the ability to review any detected items during a scan - previously users' needed to wait until the scan had completed to see the items.

As there are daily updates, always ensure the software has been updated prior to scanning your PC. For those of a forgetful nature, you can set the program to warn about the database being outdated.

I would strongly recommend that you tick Scan for rootkits, this can found under:Settings > Detection and Protection > Detection options.

Other features include: multiple-drive scanning; custom scanning; malware exclusions; quarantine (to hold threats prior to deletion or restoration), and application logs.

Another plus point is that MBAM rarely causes any conflicts with other anti-malware utilities. If you encounter problems that are not covered in the help section you can visit the Malwarebytes forum:


SUPERAntiSpywareSUPERAntiSpyware (SAS) is worth a try as well. In addition to its focus on detecting and removing spyware infections, this program deals with trojans and other types of threats such as diallers, keyloggers, worms, rootkits, etc.

It supports a quick scan, complete system scan or custom scan with trust items and exclude folders. The program also provides an option to check for latest definition updates before scanning to protect you from the newest threats. SAS also has a Trojan Threat List shown here. There are 100 examples of different dll and exe files, all of which should not be allowed to run on your PC. Clicking on any of the items in the list will give you a more detailed description of that particular threat.

Among other features, it includes Hi-Jack Protection which prevents other applications (excluding Task Manager) from terminating the program.

FAQs and help with false positives can be found over at:

On the down side, the free version of this program does not support real-time blocking, scheduled scanning and some other features.


Comodo Cleaning Essentials (CCE) contains an on-demand scanner and is portable ie it can run from a USB stick, or a CD/DVD and doesn’t install itself on your hard drive. It employs both heuristic and signature-based scanning and can detect trojans, rootkits and other forms of malware.

I prefer to run CCE. exe from a shortcut on my desktop, but whichever method you choose will work fine.

There are 3 scanning modes in CCE:

  • Smart* – performs a quick scan of critical areas of your PC eg the registry and boot sectors etc
  • Full – a complete scan of all areas of your system
  • Custom – individual files, folders and drives can be added for scanning. Dragging and dropping can also be employed if preferred.

The GUI is very clean and straightforward and during a scan there is a rotating green dial that appears and resembles a radar screen. In the midst of a scan, any malware that is detected can either be cleaned/quarantined, or reported as a false positive to Comodo, or simply ignored if you are fully confident that it is benign.

There is an excellent online help section that can be launched from within the software and is also available here:

Anybody requiring further help can also take a look at the forums:

One thing I should draw your attention to is that my CPU temperature rose from 38⁰C to a peak of 58⁰C when scanning my system. Even though an increase in CPU usage, and therefore temperature, is perfectly normal when running security scanning software, some users might find the aforementioned increases rather alarming; you have been warned!

Under Options you’ll find plenty of choices to tweak CCE. Other features include MBR scanner, Virus scanner, CAMAS - Comodo Automated Malware Analysis System (hence the acronym!) and Settings.

From within the Tools section you can access Quarantined Items, Manage Trusted Vendors (whitelist), Import Virus Database, Browse Logs and Check for Updates (manually).

(Also included in CCE are KillSwitch and Autorun Analyzer and both are beyond the remit of this review: suffice to say that the former is similar to the Task Manager in Windows and the latter shows programs and services which run on start-up.)

*Smart scan took just 1m 24secs and when it reached 100% it stated, Your computer will now be restarted in order to scan for hidden services. For more info on hidden services please click on the following link:

In conclusion, CCE has become a welcome addition to my security toolkit and, aside from the aforementioned CPU issues, I recommend folks to at least give it a try. After all, you don’t even need to install the application!

Other Related Products

These are a number of other free trojan scanners and removers which were brought up in comments here or noted from other sources. As they are not rated in this review, I am listing them here with brief descriptions and links to their sites for ease of reference.

  • Rising PC Doctor comes with a scanner for trojans and spyware, and an option to enable automatic protection such as Trojan Interceptor, Trojan Download Blocker along with some other protections. Other tools such as start up control, process manager, service manager, file shredder, etc., are also included. 

               Version.7.0 File Size 9.3 MB  Installation Requirements Windows XP to 8

  • FreeFixer scans your system and can remove trojans and other malware but the user has to be able to interpret the results. Extra care must be taken as deletion of crucial files could damage your system. However, there is a FreeFixer user forum to help you with the scan results and the software is regularly updated.

               Version 1.11 File Size 2.4 MB  Installation Requirements Windows 2000 to 8 (32-bit and 64-bit)

   Información adicional There is now a FreeFixer Portable version and it's available here:
        (The .zip file contains both the 32-bit and 64-bit versions.)

  • Ashampoo Anti-Malware is normally a commercial product, however, it is currently available for free from Softpedia. It offers real-time protection from the usual suspects and also incorporates optimization tools. My thanks go to member settingsuns for finding this offer.
               Version 1.21  File Size 114 MB Installation Requirements Windows XP to 7 (32-bit and 64-bit)
  • UnThreat AntiVirus Free Edition Straight from the horse's mouth: Full-featured anti-virus solution with capability of cleaning existing threats and preventing them at the time they appear with latest "on access" technology. The package is also bundled with anti-rootkit and mail cleaner.

                Version File Size 977 KB Installation Requirements Windows XP to 8 (32-bit and 64-bit)

Have Your Say

You are invited to share and discuss your views in our freeware forum. To post in the forum you need to register first but that's quick and pain free! Alternatively, anyone can leave a comment at the bottom of this page.

NB We would be most grateful if you can keep your comments short and concise.

Please help us by rating this review

Related Links
Quick Selection Guide

Emsisoft Anti-Malware
Gizmo's Freeware award as the best product in its class!

Runs as a stand-alone program on a user's computer
Scans and removes trojans and other malware such as worms, viruses, spyware, trackers, diallers, etc. Easy to use, quarantine and updates are available. As of version 7.0 onwards, there are fewer false +ves and faster online updates.
After 30 days the real-time protection is removed and so are auto updates, scheduled scans, etc. Large download.
216 MB
32 and 64 bit versions available
Free for private use only
There is no portable version of this product available.
Windows XP, Vista, 7, 8 & 8.1
Malwarebytes' Anti-Malware
Runs as a stand-alone program on a user's computer
Scans and removes trojans along with other malware. Features include multiple drive and threat scans; database updates; ignore list and quarantine to hold threats, etc. Improved scanning speed since version 1.50 and since version 2.0 a much better GUI. A version for Android is now available: please refer to information below for download link.
Real-time protection; update and scan scheduler; Hyper scan mode; Chameleon driver; and Malicious website blocking are only available in the Premium version.
16.5 MB
32 and 64 bit versions available
Free for private use only
There is no portable version of this product available.
Windows XP, Vista, 7, 8, 8.1 (32-bit and 64-bit)

NB A version for Android is also available:

Please be aware that when installing MBAM Free the trial version of MBAM Premium is ticked by default. So, for those who don't wish to try the latter for 14 days, simply untick and install the Free version.

Runs as a stand-alone program on a user's computer
Scans and removes trojans along with spyware and other malware. Other features include quick, complete, or custom scans with definition updates, Hi-Jack protection, etc.
Real-time blocking and scheduled scanning not supported in the free version.
19.1 MB
32 and 64 bit versions available
Free for private use only
A portable version of this product is available from the developer.
XP to Windows 8

Download link for the portable scanner personal edition:

Comodo Cleaning Essentials
Runs as a stand-alone program on a user's computer
Doesn't require installing - just run CCE.exe, easy to use because of good GUI and has excellent online help.
Caused CPU issues on my system.
22.6 MB (ZIP)
32 and 64 bit versions available
Unrestricted freeware
This product is portable.
XP, Vista and 7


anti-malware, anti-trojan, anti-virus, anti-spyware, adware, freeware, free trojan horse scanner and remover, zero-day, portable, heuristic, signature-based, real-time protection, diallers, keyloggers, worms, rootkits, tracking cookies, backdoors

Back to the top of the article


Share this
Average: 4.1 (218 votes)
Your rating: None


by RiWalk (not verified) on 26. August 2012 - 3:23  (98315)

About Emsisoft I never tried it but I used its portable version on my flashdrive and was surprised that it put a whooping 100 mb on my hard drive!!! That alone made me not trust Emsisoft. As for Malwarebytes I use that and I think it is okay but it will install a fake svchost.exe sometimes, for what purpose I have yet to find. And yes, Cnet DOES have downloads with viruses/trojans and other malware...I think in about 10 or so downloads from Cnet at least 4 were dangerous like Avast that took over my pc but I reinstalled my os and downloaded Avast from another sight and it kicks butt pretty good. Now since I use Firefox and many add-ons like No Script and Better Privacy I never get any infections at all. Does anyone else know why Malwarebytes uses a fake svchost?

by MidnightCowboy on 26. August 2012 - 5:01  (98317)

In order to work, the Emsisoft scanner needs to first download an up to date signature database, hence the files you see arriving on your hard drive. This is explained in the program documentation.

Depending on what they do, third party program can launch a single or several instances of svchost. See this post for information concerning a possible relationship with Malwarebytes.

by Andrex (not verified) on 6. September 2012 - 13:36  (98871)

Emisoft is not for me. It caused me frustration, worry and wasted hours.

I downloaded the full trial version; got quarantined items; asked Emisoft whether I could delete. They verified registry traces had been quarantined; no false positives; I probably had rootkit infection. I was told to download an 'Emergency Kit'; run it; collect the resulting files; and send to their forum (had to sign up). The Emergency Kit would not run. I downloaded another version and sure enough, that didn't run iether. Emisoft advised that it could be the rootkit stopping it and I should send what I could.

I didn't do that. I went back to basics and ran Comodo Cleaning Essentials, Tdskiller, MatwareBytes Anti-Malware, GMER and you guessed it perhaps, NO THREATS DETECTED.

So I've deleted Emisoft and won't use again.

by AJNorth on 11. September 2012 - 9:39  (99093)

Malwarebytes' Anti-Malware (free) has been updated to v1.65.0.1400 (2012.09.11), incorporating several new features, improvements and bug fixes (full changelog at The executable weighs-in at 10 MB and can be downloaded from Softpedia at

by cinnamon toast crunch (not verified) on 12. September 2012 - 22:14  (99179)

i praise malwarebytes for its simplicity, and also super-antispyware for following the same line of relative codeing and structure. but emsisoft does appeal to me on a greater scale. for one thing, you dont just toss old signatures just because there older pieces that malicious users have stopped useing. this is something that seems to be running rampant on many software programs includeing the small sized malwarebytes and super-antispyware,etc. yes emsisoft is big, and yes they actually keep those old signatures because now black hat programmers have discovered its good practice to re-activate these old pieces of code after laying dormant for years! also emsisoft has remained true to not useing the ever so dangerous cloud services. continueing on this matter i also wish to mention there hijack free module is simply amazeing included in there portable emergency toolkit. the amount of hidden services it reveals is indeed alone a great tool ive used many times. simply just delete the portable program after finished and its forever gone with zero trace! ive run it in safe mode and love it. malwarebytes is also my backup program because i love its effective detection rates and small size. its also faster and what one misses the other usually grabs. but im afraid super-antispyware is not my glass of milk and bag of cookies. good luck to everyone, sincerely cinnamon toast crunch.

by torres-no-tan-m... on 13. September 2012 - 13:57  (99208)

AJNorth, thanks for posting - I only noticed your post after having already updated the version details earlier this week.

All the best,


by torres-no-tan-m... on 13. September 2012 - 14:03  (99210)

cinnamon toast crunch, good to hear both the +ve and the -ve aspects of the 3 different softwares you mention. A layered approach to security issues is always a wise move IMHO.

Kind regards,


by AJNorth on 13. September 2012 - 15:33  (99214)

You are very welcome; thank you for maintaining this excellent page!



by AJNorth on 13. September 2012 - 15:44  (99215)

Please allow me to second your opinion. SAS and MBAM are two of my primary on-demand scanners (along with TDSSKiller and HitmanPro) and delousing utilities (with Emsisoft in reserve); they compliment each other quite well in the increasingly dangerous jungle the Internet has become.

by Stasou on 20. September 2012 - 13:46  (99506)

Emsisoft Anti-Malware is now on version

by Hellcat1988 (not verified) on 20. September 2012 - 16:19  (99511)

I have arovax anti-spyware, and it's detecting a trojan.deoplive. I have downloaded 6 different programs in hopes of removing it, including the ones listed here, but so far have had no luck in banishing it from my system. I don't know if it's just my computer, or if it's that well imbedded in my system, but it's driving me nuts. Arovax can find it, and it will try to remove it with a reboot, but it's always there when the system scans at start up. I'm waiting for something to be able to remove this so if anyone knows what will aside from a manual system hack and slash, I'd love to know.

by torres-no-tan-m... on 21. September 2012 - 12:17  (99548)

Thanks Stasou,
I have been very busy of late, but the EAM details have now been updated.

All the best,

by torres-no-tan-m... on 21. September 2012 - 12:21  (99549)

This link should do the trick:

Good luck,

by cinnamon toast crunch (not verified) on 26. September 2012 - 20:52  (99801)

there are some important changes made to emsisoft anti-malware recently. and i think they are critical to mention here on gizmos.the major aspect of change is to the anti-virus engine! instead of the old ikarus engine which many complained of false positives. there is now the bitdefender scan engine introduced and intergrated. i myself had zero problems with ikarus and in fact loved when it picked up false positives persay.. suspicious behavior and characteristics is the name of the game people. and i enjoy tracking down what exactly the piece of code is doing. but i can understand why the masses hate diveing thru investigative tools scrubbing for reasons why a engine picked it up as a possible. soooo here you go gizmo addicts. now bitdefender has took over just the anti-virus module and the spyware module still belongs to emsisoft. if you will notice when updateing signatures that the first line of report says emalware-1ogh, or simular to that affect.. that is the bitdefender part of your update to its engine. and then after that you will see the old style like this. 115678 spywares, 357 trojans, 8760 dialers and etc. that part is the old emsisoft kicking in its definitions. there has been a major update to the website as well so check it out if you wish. and feel free to see all the other goodies included in this major overhaul on there site. i am giveing it many personal tests myself because i tend to visit extremely dangerous places on a daily basis. shhhh, mums the word. but ive loved the software for ages, and im sure this update might even improve its effectiveness.. unsure of yet, but ill be burning it to the test like before. hope this helps in some small way. sincerely cinnamon toast crunch.

by torres-no-tan-m... on 28. September 2012 - 10:37  (99903)

cinnamon toast crunch,

The article on EAM will be shortly updated to reflect the changes within the software.

Kind regards,


by Riwalk (not verified) on 28. October 2012 - 11:54  (101504)

Okay guys. After reading all the positive comments about Emsisioft I tried the free version ( I used the "portable" one before) and its download size first gave me some minor reservations. I have 750 gb with 702 gb free but 223 mb download is a lot and once installed Emsisoft hogged 344 mb of hard drive. Ran a scan in safe mode and it did not find any infections but since I use Firefox and many add-ons I almost never get any infections anyway. I am trying to see if I should keep it or delete it. Also Avast sometimes updates itself before I even log this normal behavior?

by torres-no-tan-m... on 28. October 2012 - 18:10  (101521)


A download size of 223 MB is, relatively speaking, a tiny amount compared to a HDD size of 750 GB. All software that is installed on a HDD needs more space than its actual size in order to function correctly.
With regards to Avast, I have never used this software and therefore, cannot comment on its updating behaviour.

by AJNorth on 3. November 2012 - 14:50  (101797)

SUPERAntiSpyware has been updated to v5.6.0.1014 (2012.11.02) -; the complete (and cumulative) release history can be found at

by freestuffrocks on 2. December 2012 - 10:13  (103201)

How about Comodo Cleaning Essentials?

by torres-no-tan-m... on 2. December 2012 - 22:36  (103232)

Hi freestuffrocks,

When I get the chance I hope to give CCE a try and I might consider including it in my category: that depends of course on what I think of the software.

Many thanks for posting.

All the best,


by jimcarter1959 on 5. February 2013 - 2:14  (105103)

Excellent ratings! I'll add that CCE and Emsisoft are notorious for false positives, so use them conservatively. I own a PC repair/sales business and I'm removing malware as I compose this.

by torres-no-tan-m... on 5. February 2013 - 10:27  (105110)

Thanks for the +ve feedback!
Emsisioft have taken steps to reduce false +ves by replacing Ikarus with Bitdefender. However, all scanning software is prone to produce some incorrect results and I would always advise to scan any suspicious files with VirusTotal before deleting them.

All the best,


by Rudyx on 28. March 2013 - 14:10  (106609)

I installed and used the free version of Malwarebytes' Anti-Malware on 27/03/2013. It took about 2 hrs to scan and found 200+ issues 2 of which were trojans, (other AV software hasn't found these so that leaves me suspicious)what is really disappointing is after waiting 2 hours you cannot fix the issues unless you buy the full package. Wish I would have known this before commencing. My recommendation is don't waste your time with this product try other free anti malware instead.

by Stasou on 28. March 2013 - 16:48  (106613)

Are you sure you didn't download a rogue one? From which site did you download it? In my case, it performs a full system scan on a 160GB HDD in about 40 minutes which is faster than avira, SAS and Emsisoft full scans. I've been using this software for years and while it found malware infections only twice (the last one, a few months ago), it cleaned the infections without asking me to buy the full package. Just my two cents.

by Stasou on 10. April 2013 - 14:05  (106962)

MBAM was updated to version with added ability to scan within archives.

by torres-no-tan-m... on 10. April 2013 - 22:11  (106976)

Thanks Stasou,

MBAM has now been updated.

by Stasou on 19. May 2013 - 12:10  (107864)

SAS was updated to version 5.6.1020.

by RaySachsen on 14. November 2013 - 14:52  (112216)

How do I open my virus locked laptop to run the Emsisoft from a USB? I have AVG on my computer but it didn't stop this one.

by torres-no-tan-m... on 15. November 2013 - 11:22  (112243)

EAM is not portable and therefore, will not run from a USB stick. However, Emsisoft Emergency Kit is portable:
Please read the following article for more info:

by MysticHaze on 9. February 2014 - 2:31  (114335)

*NOTICE- I will only be notified when posting on my comment* ...

NB Post has been edited because it was too long.

Gizmos Needs You

Gizmo's Freeware is Recruiting

 We are looking for people with skills or interest in the following areas:
 -  Mobile Platform App Reviews for Android and iOS
 -  Windows, Mac and Linux software reviews       Interested? Click here