Antivirus protection is absolutely necessary if your device is connected to the outside world, such as the Internet, e-mail system, or even external media such as CDs and USB drives. You have already seen that there are many Anti-Malware Solutions available. Some are free and others follow a monthly or annual subscription payment model.
If you are using a modern version of Microsoft Windows, such as 7, 8.1, 10, or 11 you are better protected from malware than with previous versions of Windows. This protection comes with some caveats, which include using the default Windows Defender and user account control settings and being vigilant when using e-mail and the Web, especially if any Torrent, VPN or Dark Web downloads are on your machine.
To ultimately protect your personal files from malware, you should consider storing a backup of your files, separate from your computer. We recommend a physically separate backup. The cloud is a great convenience to us, but it offers little protection against a ransomware attack, which can spread within minutes to every file you have access to.
Sometimes malware-killer applications and virus cleaners won’t work. Maybe your system is too badly infected or has multiple instances of malware. Thankfully, with Windows 10 and Windows 11, the process of resetting your PC is very simple and efficient and can be a very quick and simple way to rid a device of malware.
Also Read: List of World’s Worst Virus and Worm Attacks
The final piece of the jigsaw following eradication of malware is to learn from the experience. Review how the attack occurred, where the vulnerably existed, and how you can reduce the likelihood of a repeat attack.
If malware does strike, and you cannot clean your machine using the tools highlighted in this article, you may have to resort to manually cleaning the infection.
Which should you choose? We recommend the built-in Microsoft anti-malware solutions, but there are others that you should consider.
This tool is free but includes an optional professional version available for a fee. AVG has long been considered one of the best free anti-malware packages for Windows 7 and later operating systems. Among its key features, it stops viruses, spyware, and other malware; warns against unsafe web links; blocks dangerous e-mail attachments; and scans quickly and quietly.
Norton was an early pioneer in providing malware scanning for Windows, and it now offers a comprehensive suite of tools. Choose the most appropriate suite from an easy-to-view feature table. The entry-level product, Norton Antivirus Basic, includes the following features: defense against viruses, spyware, malware, phishing, software vulnerabilities, and other online threats and safeguards to protect your identity and online transactions
A highly effective antivirus package. No free layer, but it contains many features, including protection against ransomware, the ability to block 250 million+ daily threats, and safeguards against e-mail scams.
Kaspersky is highly regarded among loyal users, who post positive reviews and cover the standard features to protect your PC, including protection against viruses, spyware, and more, without performance degradation, and easy, simple online controls.
In addition to these third-party tools available, there are also some additional tools that Microsoft maintains to help you recover from a malware attack, such as a virus, rootkit, or ransomware.
Malicious Software Removal Tool
This tool is an essential first action when you believe your device is infected, and your current anti-malware solution has been ineffective. You can download the standalone Malicious Software Removal Tool (MSRT) from the Malware Protection Center or directly, using the following URL: https://www.microsoft.com/en-us/download/details.aspx?id=9905.
After downloading the MSRT file (approx. 38MB), you install the application and allow the tool to scan your device. The tool is able to detect and remove the most prevalent malware and allows 3 levels of scans.
- Quick Scan
- Full Scan
- Customized Scan
Once started, the tool will scan your PC and search and attempt to remove any infected files it can find. The tool is fast, taking only a couple of minutes to complete, and provides you with a detailed report detailing the scan results.
The MSRT is updated monthly, on the second Tuesday of each month, and you should use the latest version available. The current version includes detection and removal support for well-known and prevalent malware, including Blaster, Sasser, and Mydoom.
Windows Defender Offline
This tool is a powerful offline scanning tool you boot to from Windows 10, or via CD, DVD, or USB flash drive for other versions of Windows. It runs before your operating system boots and, therefore, provides a clean trusted environment in which to scan your system for malware, including rootkits.
As Windows Defender Offline is built into Windows 10, it requires no additional media in order to perform and is extremely useful if your device has a rootkit or your PC is already infected and malware prevents you from scanning or removing the virus by using your installed anti-malware software or the MSRT.
If you suspect your PC has malware, you can start a Windows Defender Offline scan from Windows Defender Settings, by following these steps:
- Log on to Windows 10 using administrative credentials
- Open Settings
- Select Update & security
- Select Windows Defender
- Click Scan Offline
Once you click Scan Offline, the Windows Defender Offline tool will log you out from Windows and then restart the PC and boot to the Windows Defender Offline console and automatically perform a quick scan of your PC.
Once complete, the tool will exit and reboot Windows. To view the Windows Defender Offline scan results, you should follow these steps:
- Log on to Windows 10 using administrative credentials
- Open Windows Defender
- Click the History tab
- Select the All detected items
- Click View Details
Any items detected by Windows Defender Offline will be listed as Offline in the Detection method column.
If you are using Windows 7, you will have to download Windows Defender Offline and create a bootable CD, DVD, or USB flash drive and then manually restart your PC, using the Windows Defender Offline media.
It is recommended that you only download the tool at the point you need it, because the tool is regularly maintained by Microsoft to contain the most up-to-date signature definitions.
Microsoft Safety Scanner
Microsoft Safety Scanner is another antivirus tool that is a standalone virus and malware scanner that runs inside Windows. It was built for Windows 7 and later versions and has been replaced by the Malicious Software Removal Tool, although both tools are still available to download the from the Malware Protection Center.
A direct download is available via https://docs.microsoft.com/en-us/microsoft-365/security/intelligence/safety-scanner-download?view=o365-worldwide. The downloaded file (MSERT.exe) is quite large, being 116MB, and is an on-demand scanner that may be useful if your current antivirus solution has been disabled. Because of the volatile nature of malware, the Microsoft Safety Scanner is designed to run inside Windows and expires ten days following the download. Each time you download the tool, the most up-to-date anti-malware definitions are included.
When you run the downloaded anti-malware signature package, Microsoft Safety Scanner behaves in a near-identical manner to the Malicious Software Removal Tool that we saw earlier, in that the scan is performed while Windows is running, and it will scan and remove viruses, spyware, and other potentially unwanted programs (PuPs).
Diagnostics and Recovery Toolset (DaRT)
The Microsoft Diagnostics and Recovery Toolset provides a rich set of tools to help you troubleshoot and repair system failures, including malware hunting, and is available in 11 different languages.
You can download the DaRT from the Malware Protection Center or directly via the following URL: https://www.microsoft.com/security/blog/microsoft-detection-and-response-team-dart-blog-series/.
The DaRT tools are available to enterprises for diagnosing an offline copy of Microsoft Windows, since Microsoft acquired the ERD Commander tools from Winternals in 2006. The bootable recovery tools that are contained on the CD, DVD, or USB flash drive you create with DaRT have been extended over the years and now include many tools.
- Registry editor – Edits Windows Registry
- Locksmith – Resets user account password
- Crash Analyzer – Analyzes crash dumps
- File Restore – Restores deleted files
- Disk Commander – Repairs volumes, master boot records, and partitions
- Disk Wipe – Irrecoverably erases data from hard disk
- Computer Management – Provides computer management
- Explorer – File manager
- Solution Wizard – A guidance tool that helps user choose the proper repair tool
- TCP/IP Config – Displays and modifies TCP/IP configuration
- Hotfix Uninstall – Uninstalls Windows hotfixes
- SFC Scan – System File Checker—replaces corrupted or deleted system files by copying them from the Windows installation source
- Search – Searches a disk for files
- Windows Defender – An antivirus that scans a system for malware, rootkits, and potentially unwanted software
One of the main uses for DaRT is the Defender tool with its other tools, which allows you to hunt for malware while Windows is offline. This tool is now included directly in Windows 10 and is not available in DaRT 10.
The DaRT 10 toolset is the current version and should be used for Windows 10, whereas earlier versions of DaRT (DaRT 7, DaRT 8, and DaRT 8.1, together with their service packs) should be used for prior versions of Windows.
It is now recommended that for older devices, the Microsoft Diagnostics and Recovery Toolset (DaRT) Defender tool should not now be used, because the DaRT tools are infrequently updated.
Users are advised to use the Windows Defender Offline (WDO) protection image for malware detection and removal. DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP), and the MDOP is only available to enterprises that own a current Microsoft Software Assurance license.
Windows Defender Advanced Threat Protection
A new entrant to the established lineup of anti-malware solutions is the Windows Defender Advanced Threat Protection (ATP) detection service, which was released in March 2016. While this product ships natively with Windows 10, it requires an enterprise license in order for its benefits to be derived.
Aimed specifically at enterprise customers that need to be protected against targeted and advanced malware attacks, ATP uses the latest security machine-learning analytics, which are powered by the scale-out cloud abilities offered by Microsoft Azure. Windows Defender ATP can capture, analyze, and detect suspicious attack-related activities on your networks. These activities are analyzed from captured behavioral signals emitted at the endpoint.
Microsoft has shared the scale at which Windows Defender ATP can leverage the intelligent security graph that is aggregated from multiple sources. This graph is informed by anonymous information connecting 1 billion Windows devices, 2.5 trillion indexed Internet pages, 600 million web page reputation lookups online, and more than 1 million suspicious files that are infected every day.
A sample NEODYMIUM attack, from May 2016, delivered via spear-phishing e-mails carrying malicious documents, contained zero-day exploit code that could cause a Microsoft Office file to generate and open an executable file.
Windows Defender ATP is still a very new development, but it is clear to see that Microsoft has decided to move the detection and analysis of malware to the cloud, in order to reduce the time that any new potentially harmful malware is left undetected and, therefore, able to infect Windows 10 devices. Windows Defender ATP works in conjunction with the built-in Windows Defender agent to perform capabilities such as device local file scanning.
You can currently download a trial of Windows Defender ATP to be used on any of the following editions of Windows 10: Windows 10 Enterprise, Windows 10 Education, Windows 10 Pro, and Windows 10 Pro Education.