There are many free tools such as RogueKiller that are created by individuals to help detect and clean malware. They are very useful because a computer expert or technician is able to use them to quickly spot and remove computer viruses without using a fully fledged antivirus software which can be time consuming (install, update, scan) and may not necessarily be able to detect or clean the malicious software. Independent testing agencies have proven time after time that no antivirus can achieve a perfect 100% detection.
A tool that we highly recommend to help detect and clean malicious software such as keyloggers, rootkits and trojans is AVZ Antiviral Toolkit which is free, small at only over 700KB in file size and portable. The ability for this tool to disinfect is so impressive and powerful that Kaspersky built it in to their software which you can find it in their antivirus, internet security and the standalone Kaspersky Virus Removal Tool. You can find a lot of functionality packed into this small program but an easy scan can be started by clicking the Start button which will scan running processes, run a heuristic system check and search for system vulnerabilities. Optionally, you can also enable automated cleaning mode from the main graphical user interface.
AVZ has the ability to restore system settings that are commonly corrupted by malware. This feature can be found in File > System Restore and you’ll be presented with 21 options such as restoring disabled task manager, regedit, clearing the HOSTS file, fixing DNS by replacing it with Google Public DNS and etc.
Disk Inspector which can also be found in the File menu is an interesting addition to an antiviral software. It is able to create a snapshot of your hard drive for comparison to see what files and folders have been created, modified or deleted since the database was created. Depending on your purpose, you may need to select “All files” for file types so that you can track every changed/added file. Do note that Disk Inspector compares your current hard drive with the database that you’ve created earlier. It is not possible to compare between two different snapshots.
The AVZGuard is a very powerful feature to fight against persistent malware that either cannot be removed using normal methods or it keeps on coming back after removal. Basically when the AVZGuard mode is enabled, Windows is put on a freeze mode where untrusted applications cannot run and registry entry modifications are blocked. You can then make use of AVZ to quarantine or delete an identified malicious file using the scripting engine.
The AVZGuard can be enabled from the menubar by selecting AVZGuard and clicking on Enable AVZGuard. Do take note that this feature only works in 32-bit of Windows and requires admin permission (Run as administrator). To run any application when AVZGuard is enabled, you’ll need to run it as a trusted process.
Unfortunately as useful as AVZGuard is, we couldn’t get it enabled under Windows 8.1 32-bit as we kept on receiving the message “Error enabling AVZGuard !” with the error code C0000001 or C0000061. Do note that AVZGuard is also not compatible with any x64 version of Windows.
There are many more useful tools found in the Service menu bar. There is a process manager to view active running processes, registry/file/cookie search, autoruns manager to view applications that are loaded at system startup, port viewer to see open ports and active connections, a powerful control panel applet manager where you can delete an item from Control Panel and many more. It even has an MD5 calculator to generate a hash for a selected file.
The scripting support in AVZ is probably the most valuable feature for advanced users to clean up malware. Once you’ve determined the path of the malicious file and you’ll like to quarantine and remove the file from that location to prevent it from auto starting when Windows is booted up. Below is a sample of a standard custom script which you can paste into File > Custom scripts. First it tries to enable the AVZGuard, search for rootkits, quarantine and delete the file.exe from C:\some\location\, imports the list of deleted files to Boot Cleaner settings, performs heuristic system cleanup, enabling the driver and restart Windows.
Other than to quarantine and delete files, you can also use AVZ scripting to manage files, folders, registry, autorun, winlogon, services, drivers, CLSID, BHOs, INI files, HOSTS file, processes, and etc. For more scripting examples and functions, please refer to the official Help file. The official website of AVZ is in Russian but fortunately an English help file (avz_en.chm) that is attached to the program can be launched from the Help menu bar > Help contents. The AVZ help file is very complete with information on all the features, commands and control scripts.