These procedures should be used to remove an infection from your computer. They are not a replacement for realtime antivirus protection but they are an effective tool to remove malware (viruses etc.) from an infected machine where antivirus software is disabled, out-of-date or even if it is not installed at all. Full descriptions are available to the right of each tool by clicking the link. The tools and procedures listed here are constantly updated! I would also like to direct you to Claymania.com an excellent anti-malware resource.
Removing Infections from your PC using a malware removal utility
| Download Link | Brief Description (These include links to pages with more detailed information) |
 |
This is a utility which automates the download and execution of TrendMicro's SYSCLEAN utility. |
 |
Malware removal utility incorporating multiple command line scanners inclucing McAfee, Sophos, Kaspersky and Trend engines. Please read this first before using this utility. |
 |
Clean tool is a front end for the McAfee Command Line Scanner
which automates it's functionality.
|
 |
The WinFixerFix is a tool geared towards the detection and removal of the Vundo Trojan and the Virtuomunde Adware. It is HIGHLY recommended that you view this information before using this tool. |
 |
The SmitFraud fix utility is geared toward the SmitFraud family of malware. It is HIGHLY recommended that you view this information before using this tool. |
| eMail Databases | Please go to this page for specific instructions on how to remove a virus from an infected eMail database without damaging important eMail |
Detecting and removing Rootkits
Anti-Rootkit tools
(wiki) A rootkit is a set of software tools frequently used by a third party (usually an intruder) after gaining access to a computer system. These tools are intended to conceal running processes, files or system data, which helps an intruder maintain access to a system without the user's knowledge. Rootkits are known to exist for a variety of operating systems such as Linux, Solaris and versions of Microsoft Windows. A computer with a rootkit on it is called a rooted computer.The word "rootkit" came to public awareness in the 2005 Sony CD copy protection controversy, in which Sony BMG music CDs surreptitiously placed a rootkit on Microsoft Windows PCs when the CD was played on the computer. Sony provided no mention of this in the CD or its packaging, referring only to security rights management measures.
F-Secure Blacklight - http://www.f-secure.com/blacklight/Rootkit Revealer - http://www.sysinternals.com/Utilities/RootkitRevealer.html
GMER - http://www.gmer.net/Investigative Tools
| License | Name | Type | Vendor website |
| freeware | DiskMon | Monitors Disk R/W activity | www.sysinternals.com |
| freeware | FileMon | Monitors File System activity | www.sysinternals.com |
| freeware | GetSysInfo | Dumps system info including startup and running processes and includes hardware information. | www.kaspersky.com |
| freeware | Troyfind | Use to inspect the windows registry to look for trojan entries. [KLAB] | www.kaspersky.com * |
| freeware | Regmon | Monitors registry activity in real-time | www.sysinternals.com |
| freeware | TCPView | It will show the fully qualified name and path of a file that opens a port and what site it connects to | www.sysinternals.com |
| freeware | ProcessExplorer | Like Windows Task manager with a lot more detail | www.sysinternals.com |
| freeware | WinsockxpFix | Communications (Winsock) fix for Windows XP | no site for this program |
| freeware | LSP Fix | Allows you to remove malicious LSP's (note not all lsp's are malicious) | http://www.cexx.org |