The Difference Between Antivirus and Anti-Malware (and Which to Use)

Let’s start with the differences between “viruses” and “malware.” Viruses are a specific type of malware (designed to replicate and spread), while malware is a broad term used to describe all sorts of unwanted or malicious code.

Malware can include viruses, spyware, adware, nagware, trojans, worms, and more. However, because viruses (and to a lesser extent, trojans and worms) made headlines a few years ago, most security companies focused their marketing on them, which is why they’re called “antivirus.”

What can you use to remove Viruses and Malware?

RKill:

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.

As RKill only terminates a program’s running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.

When to use?: Recommended to use RKill before running any of the tools below.

MalwareBytes:

Malwarebytes Anti-Malware hunts down most often zero-day or zero-hour malware, a term our community uses to explain malware that has been newly created and released on the web. Zero-hour malware can be any type of malware out there that traditional antivirus products have a hard time detecting.

Most zero-hour malware is distributed in drive-by exploits or even via hacked accounts such as Facebook, Twitter or Skype. Some of the most commonly detected malware by our products include the Zeus banker Trojan, as well as other Trojan malware with the same purpose, such as Reveton ransomware and other types of ransomware that attempt to extort users into paying ridiculous fee, and an array of fake antivirus software (we call them rogue antivirus) that usually allow additional malware to be installed.

When to use?: Recommended to use first. Please make sure it’s the latest version, with the latest DAT, and do not activate the free pro trial. Make sure to uninstall after use.

SuperAntiSpyware:

SuperAntiSpyware is very similar to MalwareBytes, however, it is geared more towards Spyware rather than Malware.

When to use?: Recommended to use if MalwareBytes does not pick up the problems you are encountering.

TDSSKiller:

TDSSKiller is a utility created by Kaspersky Labs that is designed to remove the TDSS rootkit. This rootkit is know under other names such as Rootkit.Win32.TDSS, Tidserv, TDSServ, and Alureon. TDSSKiller will also attempt to remove other rootkits such as the ZeroAccess or ZeroAccess rootkit if it is detected.

A rootkit is a malware program that is designed to hide itself or other computer infections on your computer. These types of programs are typically harder to remove than generic malware, which is the reason that stand-alone utilities such as TDSSKiller have been developed.

When to use?: TDSSKiller is a good tool to use before resorting to ComboFix for rootkit infestations.

ComboFix:

ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program.

When to use?: ComboFix is one of the best pieces of software out there for RootKit scanning and removal. However, if not used properly, can damage the system. Not recommended to use remotely.

AdwCleaner:

AdwCleaner is a program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer.  By using AdwCleaner you can easily remove many of these types of programs for a better user experience on your computer and while browsing the web.

The types of programs that AdwCleaner targets are typically bundled with free programs that you download from the web.  In many cases when you download and install a program, the install will state that these programs will be installed along with the program you downloaded.  Unless you perform a Custom install, these unwanted programs will automatically be installed on your computer leaving you with extra browser toolbars, adware, and other unwanted programs.  AdwCleaner is designed to search for and remove these types of programs.

When to use?: AdwCleaner is a good tool to use after you run a malware scan, it will make sure that the last traces of those toolbars are removed from the user’s system.

ServicesRepair:

ServicesRepair does what it says on the tin. It will re-register and reload all necessary Windows services.

When to use?: Use ServicesRepair after a Rootkit or virus that has modified/destroyed certain Windows services (such as the TCP stack or Firewall).

For more information, please visit: BleepingComputer and Lifehacker

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s