Learn something new every day More Info... by email
A malware cleaner is a computer program designed to detect and remove malicious software from a computer or network. Malware includes viruses, Trojans, worms, harmful scripts, spybots, adware, spyware, rootkits, and keyloggers. To cover all the various types of infections, two or more malware cleaners might be necessary.
The most longstanding, commercially available malware cleaner is an anti-virus (A/V) program. These programs not only detect and remove viruses, but also typically scan for worms and Trojans, harmful scripts and malicious macros. Antivirus software uses an internal database that lists the signatures of known threats, searching the computer for a match. Anti-virus databases are updated continually as new threats come to light, and many top A/V programs check for and download updates to the database several times a day.
In addition to guarding against known threats, an A/V program also monitors system processes looking for malware-like behavior from as-yet undiscovered threats. This process is based on heuristic algorithms, or the prediction that a certain behavior is dangerous. Heuristic implementation guards against “zero-day threats” or new threats that have just been released into the wild and have not yet been sampled and added to the database of known threats.
Spyware and adware compose another type of malware. These infections might profile Web usage to run popups or redirect the browser to undesired sites. Keyloggers, on the other hand, steal sensitive information that can lead to identity theft. Many A/V programs now add protection against spyware, adware and keyloggers, but people commonly augment the A/V program with a separate malware cleaner to detect, remove and prevent these threats.
Rootkits are a type of malware that fall into their own category. These insidious infections can hook themselves into legitimate routines of the operating system, making them difficult to detect. Once present on a system, a rootkit can install keyloggers and exploit vulnerabilities to open back doors for spybots that take remote control of a computer’s resources without the user’s knowledge. Rootkits can also cause various degrees of system instability from annoying hangs to spontaneous reboots.
Though a malware cleaner designed to detect rootkits might find and remove one, there is no guarantee that the rootkit is actually gone. Programs and routines left by the rootkit might continue to do harm, even replacing the deleted routine. The only real way to be absolutely certain a computer is clean after finding a rootkit is to wipe the drive, reformat it, and rebuild. The real benefit in using a rootkit finder, then, is to rule out an overwhelming likelihood of a rootkit, or to discover one and take appropriate action.
Unfortunately, many authors of malicious software are exploiting the popularity of cleaners by packaging infections as anti-virus programs. Often these programs are hosted on sites that offer a “free scan” of the computer, returning false results that claim threats have been detected that should be cleaned immediately to avoid serious system problems or worse. When the unsuspecting surfer installs the recommended “malware cleaner” (often for a price), he or she is really installing the infection itself. This type of malicious software is called scareware because it scares the user into installing it.
To avoid installing malware posing as a malware cleaner, only select well-known, top-rated software recommended by reputable websites such as PC World, Major Geeks, ZD Net and Tu Cows. Independent review sites can give you a comparison of top programs and how they compete against one another for features, effectiveness, and ease of use. Pay close attention to the names of legitimate software, as malware often adopts a very similar name. Finally, download directly from the manufacturer's website, or from a legitimate site like the aforementioned.