When your system becomes compromised due to a virus, worm or trojan, there are a lot tools out there to aid in the removal of malware. In this article, we will focus on the main four that are the most widely used, and what they're used for.
The first of these is TDSSKiller. A rootkit is a piece of malware that is specifically designed to avoid any kind of detection whatsoever, and allow someone else complete control of your system without you even knowing it. It's similar to a virus, however, it's much harder to detect, and sometimes equally difficult to remove. TDSSKiller is an anti-rootkit utility designed specifically to target malware that is part of the Rootkit.Win32.TDSS family. However, it also detects a much larger variety of rootkits with grim efficiency. The interface is also incredibly simple. All you have to do is click "Start Scan", and TDSSKiller will check nearly every aspect of your system to ensure that it's not compromised by any of the TDSS family variants, along with countless other rootkits.
The next rootkit detection application is GMER. Much like TDSSKiller, it is designed to detect rootkits, but in a generic fashion. GMER performs an extremely in-depth search to make sure that if a rootkit is present, that the user will know about, and will know exactly where it's located. GMER scans for the following indicators that suggest an active rootkit installation:
Hidden processes, threads, modules, services, files, disk sectors, registry keys
NTFS Alternate Data Stream
Driver hooks (SSDT, IDT, IRP)
GMER is compatible with Windows NT, 2000, XP, Vista, and 7.
The third freeware application is ComboFix, which is designed to remove common and multiple types of malware/spyware/adware infections on your system. It also creates a display, which can be used by expert users and computer professionals to aid in the removal of malware that may not always be detected. Some instances of malware will also hide itself in the recycle bin, along with the Temporary Internet Files and the Windows Temp folder. Combofix automatically deletes all of the contents of these folders, so if a malware infection is located in any of these locations, they'll already be taken care of after running ComboFix. Keep in mind that ComboFix will only run on Windows XP, Vista, and 7.
The last freeware application that we'll cover is HijackThis, which scans several critical areas of your system that are typically compromised by malware. These include startup locations, browser helper objects, active processes, and several other areas that HijackThis scans for. Users should also be aware that when inspecting key system areas, that HijackThis doesn't differentiate between legitimate applications and malware entries: It simply scans common system areas and returns the results that are present. Sometimes, removing entries without checking to see if they are indeed malware can stop some applications from functioning. After the scan is complete, a complete scan log is generated, which can help advanced or expert users determine what, if any, malware is present on a given system. HijackThis is provided by TrendMicro, and is compatible with Windows 98, ME, 2000, XP, Vista, and 7.
Below is a list of where to obtain the aforementioned tools to help you detect and remove malware: