The neglect of spyware and adware detection by AntiVirus Companies, eventually led to the rise of the AntiSpyware Industry. Following the lead of the first ever antispyware/adware tool - Steve Gibson's Optout, many Antispyware companies have chosen to provide a free on demand scanner and removal tool. However, there are relatively few antispyware tools with real time protection. This is less critical these days, because part of the antispyware real time protection can be covered (even improved on) by freeware HIPS including Behavior blockers and Sandboxes. Moreover Antiviruses have improved their detections abilities since the early days and the real time scanner of the antivirus can provide real time signature protection.
That said, since the earliest days of Antispyware testing , it was noticed that unlike for antiviruses detecting viruses and worms where scores in the 90% range were the norm, even the best Antispyware had less than satisfactory detection rates. Morever adware unlike many other malware (which tries to conceal itself from the user), depended on being noticed. Most users quickly figure out they have adware, and naturally try to remove it. As such for ad-ware to be effective they have to be designed in mind to resist being removed easily.
This is where top notch adware and spyware removers come in, hence it probably pays to keep some on demand scanners around. Moreover there are many one off tools created to help remove specific tough strains, but they should be used only in specialized cases.
Includes Resident protection antispyware Edit
- Spybot - Search & Destroy (via BHO and teatimer)- http://www.safer-networking.org/en/index.html
- SpyCatcher Express - http://www.tenebril.com/consumer/spyware/spycatcher-express.php
- Spyware Doctor Starter Edition (Special version from googlepack that includes File Guard) that cleans - http://pack.google.com/intl/en/product_info.html?sd
- Spyware Terminator - http://www.spywareterminator.com/ Bundled with optional crawler toolbar
- SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html
- SpywareGuard - http://www.javacoolsoftware.com/spywareguard.html
- Windows Defender - http://www.microsoft.com/athome/security/spyware/software/default.mspx
- Comodo Anti-Viruspyware (CAVS) (untick the firewall on install if you don't want it) - http://personalfirewall.comodo.com/
- Transaction Guard - http://www.trendsecure.com/portal/en-US/free_security_tools/transaction_guard.php
- See also List of browser guards and Lists of freeware behavior blockers
- See also Lists of freeware blocklists
Many antiviruses provide antispyware scanning abilities (although the free version of AntiVir does not), but many users still prefer to include AntiSpyware. Unfortunately most of the free antispyware products lack good real time protection. There are basically two types of antispyware real time protection, one is the classic resident shield that scans by signatures and detects malware as files are written on the hard-disk or executed etc (just like in Antiviruses) and the other is behavior monitoring that informs you of changes to your system (autostart-ups, browser home pages etc.). The later is not as important if you intend to supplement your protection with HIPS. The former is rare in freeware products, however it is provided by Spyware Terminator (Note Spyware Terminator also has very good protection of the second kind) and Microsoft's own Windows Defender. Recently (June 2007), you can also get the Spyware Doctor™ Starter Edition - from Google which has a file guard. Spybot - Search & Destroy's Tea-timer and SpywareGuard also provide very limited protection in this area (their protection is more of the second kind with the classic signature database being outdated).
Because in the past exploiting or using ActiveX controls was a very popular manner of installing Spyware and Adware, a very popular anti-spyware device of blacklisting specific ActiveX controls was built into many popular antispyware programs like Spybot - Search & Destroy and SpywareBlaster. Also often associated with Anti-Spyware protection is blacklisting of cookies and lists of sites to be imported into Internet Explorer's restricted zones or placed into hosts file.
Note : SpywareBlaster only provides blacklisting of ActiveX controls and cookies, plus importing of sites into Internet Explorer's restricted zone. Technically this is just using the builtin features of Windows and the browser and hence does not really count as typical real-time protection. It is included here only because it is popular. See Lists_of_freeware_blocklists for more applications and lists that do similar functions.
Note : Spyware Terminator was formerly listed on the Spyware Warrior's rogue list but is now delisted.
On demand antispyware scanners Edit
- Ad-Aware 2007 Free - http://www.lavasoftusa.com/products/ad_aware_free.php
- Ad-Aware SE Personal- http://www.lavasoftusa.com/software/adaware/
- SUPERAntiSpyware - http://www.superantispyware.com/
- Yahoo! Toolbar with Anti-Spy - http://toolbar.yahoo.com/
Together with Spybot - Search & Destroy (see above), Ad-Aware is the most well known (and one of the pioneers) Antispyware product out there. SUPERAntiSpyware a newer product is well known for its ability to remove hard to remove malware. It is the latest to be listed on Spyware Warrior's trustworthy list. Yahoo! Toolbar with Anti-Spy provides light scan based on PestPatrol.
- Bazooka Adware and Spyware Scanner - http://www.kephyr.com/spywarescanner/ - Does not disinfect.
- BugHunter - http://bughunter.it-mate.co.uk/
- etrust PestPatrol - http://www.pestpatrol.com/ (no removal)
- Spyberus - http://www.robotgenius.net/index.jsp (more of Sandbox)
- System Spyware Interrogator (SSI) - http://www.spywaredata.com/spyware/download.php (detect only)
Xcleaner - http://www.xblock.com/freeware.phpNo free version anymore
- ZeroSpyware Free Edition - http://www.fbmsoftware.com/spyware-net/blog/?p=11
- Nemesis Anti-Spyware - http://www.usec.at/nemesis.html
- Others not verified
Note : ZeroSpyware was formerly listed on the Spyware Warrior's rogue list but is now delisted.
Specific cleaners/detection Edit
- AIMfix - http://jayloden.com/aimfix.htm
- Aboutbuster - http://www.malwarebytes.org/aboutbuster.php
- Aproposfix - http://forums.majorgeeks.com/showthread.php?t=77765
- Aries Remover - http://www.lavasoft.de/support/securitycenter/aries_rootkit_remover.php
- CWShredder - http://www.intermute.com/spysubtract/cwshredder_download.html
- E2TakeOut - http://www.malwarebytes.org/e2takeout.php
- Fix Wareout - http://subratam.org/main/index.php?option=com_content&task=view&id=19&Itemid=41
- Gromozon Rootkit Removal Tool - http://www.prevx.com/gromozon.asp
- Kazzabegone - http://www.merijn.org/files/kazaabegone.zip
- Kill2Me - http://www.spywareinfo.com/~merijn/programs.php#kill2me
- Look2Me-Destroyer.exe - http://www.atribune.org/content/view/28/
- Look2me fixes - http://subratam.org/main/index.php?option=com_content&task=view&id=19&Itemid=41
- Qoofix 1.04 - http://www.malwarebytes.org/qoofix.php
- Peper Fix - http://subratam.org/main/index.php?option=com_content&task=view&id=19&Itemid=41
- RapidBlaster Killer - http://www.castlecops.com/downloads-cats-14-20-10.html
- Remove Rustock rootkit-http://greatis.com/security/Rustock(lzx32.sys)_free_removal_tool.htm
- rdrivrem.zip - http://www.atribune.org/content/view/26/2/
- RogueRemover - http://www.malwarebytes.org/rogueremover.php
- SmitRem - http://noahdfear.geekstogo.com/
- Smitfraudfix - http://siri.urz.free.fr/Fix/SmitfraudFix.php
- SP.HTML Fix Tool - http://www.majorgeeks.com/Sp.html-Se.dll_Hijack_Fix_2000XP_d4617.html
- ViewpointKiller - http://bellsouthpwp.net/p/r/prprogramsstudios/
- VundoFix - http://www.atribune.org/content/view/24/2/
- See also List of freeware antivirus specific cleaners
Many malware particularly adware are very resistant to removal and require a complicated series of manual steps to completely remove all traces of it. To save time, experts have created specific fixes and tools to automate removal of specific widespread family of nasties that are hard to remove. Many of these fixes are constantly updated, as the nasties are themselves constantly upgraded. Some of the more famous ones include Gromozon Rootkit Removal Tool , SmitFraudFix , CWShredder (one of the first). RogueRemover is particularly notable for targeting rogue security products like SpyAxe, VirusBurst, and as such has a broader scope than most entries in this section.
General cleaning and diagnosis toolsEdit
- Brute Force Uninstaller - http://www.spywareinfo.com/~merijn/programs.php
- Deckard's System Scanner (formerly Comboscan) - http://www.geekstogo.com/forum/index.php?automodule=downloads&showfile=19
- FileASSASSIN - http://www.malwarebytes.org/fileassassin.php
- Hijackthis! http://www.spywareinfo.com/~merijn/programs.php#hijackthis
- Killbox - http://www.downloads.subratam.org/KillBox.exe
- LSP fix - http://www.cexx.org/lspfix.htm
- The Avenger - http://swandog46.geekstogo.com/avenger.zip
- WinPFind - http://download.bleepingcomputer.com/oldtimer/winpfind.exe
- Winsock fix - http://www.snapfiles.com/get/winsockxpfix.html
- X-raypc - http://www.x-raypc.com/
- Quicklook - http://www.freeremover.org/quicklook.zip
- See also Auto-Start location listers
These are generic cleaning tools often used to aid removal of malware in helper forums. Unlike other tools that are designed for removal of specific malware, the tools here are more generic and require human expertise to use properly. Hijackthis! is the most popular diagnosis tool of choice of online spyware fighters. Others tools include Deckard's System Scanner (formerly Comboscan), WinPFind. Many tools like AutoRuns and other autostart listers can also be used to detect malware.
- JPEGScan - http://www.diamondcs.com.au/jpegscan/
- MICE detection utility - http://www.grc.com/wmf/wmf.htm
- IE Restrictions - http://camtech2000.net/Pages/Restrictions.htm
Online scanner (full disk) Edit
No longer updated, see Online Malware Scanners.
- Aluria - Free Spyware Scanner - http://www.aluriasoftware.com/index.php?menu=litescan
- Aumha check (limited to Activex controls) - http://www.aumha.org/a/noads.php
- CounterSpy Spyware Scan - http://www.sunbelt-software.com/dell/scan.cfm
- Doxdesk.com - Parasite Check (limited to Activex controls)- http://www.doxdesk.com/parasite/
- Earthlink Scanner - http://www.earthlink.net/software/nmfree/spyscan/
- Ewido Online scanner -http://www.ewido.net/en/onlinescan/
- Pest Patrol online scanner - http://store.ca.com/v2.0-img/operations/safer/site/ab/promo53025scan.htm
- Panda Xposer - http://www.pandasoftware.com/products/spyxposer/com/
- RegFreeze - http://www.actualresearch.com/rf_onlinescan.php
- Tenebril - http://www.tenebril.com/scanner/main_start.php
- Trend Antispy for web - http://www.trendmicro.com/spyware-scan/
- Webroot spy audit- http://www.webroot.com/services/spyaudit_03.htm
- Xcleaner - http://www.spywareguide.com/onlinescan.php also http://www.spywareinfo.com/xscan.php
- ZoneAlarm Spyware Scanner - http://www.zonelabs.com/store/content/promotions/spywarescanner/index.jsp?dc=12bms&ctry=US&lang=en
- For more online scanners see also List of freeware online antivirus scans and Lists of freeware online antitrojans scans
HJT autoanalyzers Edit
- exeLib - http://exelib.com/hijack
- Iamnotageek.com - http://hjt.iamnotageek.com/
- Hijackthis.de - http://www.hijackthis.de/
- HiJackFree.com - http://www.hijackfree.com/en/upload/ Supports HiJackfree logs as well.
- Help2go dectective - http://www.help2go.com/component/detective/
- Prevx1 HJT analyser - http://www.prevx.com/hijackthis.asp
- Spyandseek - http://www.spyandseek.com/
- Spywareguide.com - http://www.spywareguide.com/contribute/parser.php
Typically, you run Hijiackthis! , a diagnosis tool, and send the log to a human expert who will advise you on what (if anything) is wrong. The services above, allow you to upload the load to an automated service that will try to identify malicious or dangerous entries in the log. Because of omissions, false positives, and entries that may be reported as "not recognized" it is not recommended that auto analyzers be used.
Protection against Dialers Edit
- A-squared Anti-Dialer 2.1 - http://www.emsisoft.com/en/software/download/
- DialerSpy - http://www.tucows.com/preview/329276
- Ushields - http://www.usec.at/ushields.htm
Not so useful if you are not on dialup. Dialers that work on broadband are not common.
- Browser Hijack Retaliator - http://www.zamaansoft.com/products/bhr/index.php
- StartPage Guard - http://pjwalczak.com/spguard/index.php
- SpywareGuard - http://www.javacoolsoftware.com/spywareguard.html
- Spybot Search and Destroy (via BHO and teatimer)- http://www.safer-networking.org/en/index.html
- Ushields (Systemshield) - http://www.usec.at/ushields.html
- See also above "Includes resident protection" and Lists_of_freeware_behavior_blockers
- Online Spyware Removal Tool
Utilities that watch and warn about changes to your browser configuration (in almost all cases Internet Explorer only). Outdated. Most modern anti-malware programs such as antispyware and registry monitors have this function built in. One of the functions of the popular SpywareGuard.
- Spywarrior's List of Rogue products
- PCWorld (Aug 2007) comparison of 6 Anti-Spyware products - Test carried out by Avtest.org on 110,000 inactive adware, spyware, and rootkit samples. An inactive sample is like an application you've downloaded and haven't yet installed. To learn how the tools would react in such a case, AV-Test also measured each product's ability to recognize the behavior of and subsequently clean up 20 active pieces of adware and spyware
- Malwarebytes’ RogueNET™ Suspicious Applications Database (SAD)
Freeware Anti-Viruses | Freeware Anti-Spyware | Freeware Anti-Trojans | Freeware Anti-Keyloggers | Freeware Anti-Rootkits | Freeware Firewalls | Freeware Behavior blockers | Freeware Sandboxes | Freeware Virtualization | Freeware Security analysis tools | Freeware Hardening tools | Freeware Blocklists | Freeware security services (excluding virus scanners) | Freeware Anti-Phishing | List of portable tools | List of unclassified tools
Related : Lists of online scanners