Best virus clean-up tools revealed

By on
Best virus clean-up tools revealed

In-depth tests on 17 antivirus and recovery tools reveal which are the best at cleaning infected systems.

Security software is most often judged on how effective it is at keeping malware out. But what about situations where it is asked to deal with existing infections?

Perhaps someone misguidedly disabled their security software, or maybe forgot to renew the subscription and so the stream of updates ceased flowing. Whatever the train of events, the result was that a Windows system has become infected. What do they do next?

Security suites typically include features to clean up existing infections, and there are also recovery tools designed specifically for this task.

Germany-based testing organisation compared a total of 17 products to find out which could scrub away the unwanted files and restore normal operation.

About the tests

The security suites were tested in two ways: firstly by installing them on an already infected system, and secondly by installing them on a clean system and temporarily switching off the antivirus protection to allow infection. The latter was intended to simulate the situation where the suite does not immediately recognise the malware, for example because the update that would have provided protection wasn't installed until after the infection had occurred.

The clean-up tools were used on already infected systems.

In each case, the quality of the repairs was determined by a bit-by-bit comparison of the cleaned system with a reference system.

AV-Test noted that these programs can't simply be left to clean up infections on their own – many questions must be answered during the process, “but the time and effort always paid off”, the testers noted.

Products tested

The security packages tested were:

The recovery tools tested were:

Next: the best and worst performers

The best and worst performers

One brand stood out in both categories: Kaspersky Internet Security and Kaspersky Virus Removal Tool both completely removed all traces of the 19 infections used as the test set.

They were followed by Bitdefender Internet Security, Avast Free Antivirus, G Data Internet Security, Avira Antivirus Pro and Symantec's Norton Security, which repaired the system and removed the malware, leaving between four and nine harmless file remnants.

Among the free tools, Bitdefender Rescue Disk, Heise Disinfect and G Data BootMedium detected all 19 threats and deleted the dangerous components, leaving some harmless file remnants.

Microsoft Windows Defender (offline) and Avast Rescue Disk detected all of the malware, but were each unable to remove the active components of two examples.

Microsoft Safety Scanner did not detect two of the 19 pieces of malware in the test set. And it failed to remove the active components of one that it did spot.

AV-Test was particularly concerned about the performance of DE Cleaner Antibot. It failed to detect five of the 19 infections, making it the worst of the 17 products, even though it is backed by several German ISPs and the German Federal Ministry of the Interior, and - perhaps as a consequence - is widely distributed in Europe.


While it is impressive that Kaspersky's products managed such thorough clean-ups, failing to remove every last trace isn't really a shortcoming as long as the active components are deleted. So users have a choice of software that will get them out of a hole when malware strikes.

But we would add one caution: you can't expect these products to recover a system that's run foul of ransomware. While there have been a small number of examples where researchers have been able to determine the required decryption keys, the only real fallback is a thorough backup strategy.

Multi page
Copyright © BIT (Business IT). All rights reserved.

Most Read Articles


What would you like to see more of on BiT?
How To's
Photo Galleries
View poll archive

Log In

  |  Forgot your password?