Anti-Malware Removal: On-Demand –  You need to run these manually to detect and remove malware

  • ADWCleaner from Bleepingcomputer – this free app finds and removes ton’s of junkware and adware.


  • Junkware Removal Tool from Bleepingcomputer – same as above…I run both.


  • Secunia PSI – updates all the exploitable 3rd party software on your PC.


  • Malwarebytes Anti-Malware – Download Malwarebytes® Protect, Detect & Remove Malware From Your PC 
  • Hitman Pro – Hitman Pro is an AWESOME on-demand malware removal tool that can run along side your current antivirus without any conflicts.  HMP comes with a FREE 30 day fully functional trial, scans your PC in about 5-10 minutes, detects and removes a wide range of malware and is only $19.95 if you’d like to purchase it.  

    HMP is currently one of my favorite tools due to the fact that you can hold down the left ctrl button and terminate those fake antivirus apps from running in real-time and then perform a scan/removal.

  • ComboFix – Amazing little app for removal.  Can detect lot’s of malware (including rootkits) and remove them.  OS corruption can happen, although it’s pretty rare and usually nothing that a system restore can’t resolve.

  • TDSS Killer – removes TDSS rootkits and attempts to restore uninfected drivers.  It’s not perfect.  Sometimes it’ll remove the rootkit and it’s not possible to restore the un-infected driver.  In that case you’ll want to use something like an UBCD4win to replace the deleted driver.
  • GMER Anti-Rootkit – It’s another rootkit scanner that I run as a second opinion after TDSS killer.
  • Rkill – Terminates malware processes (most rogue/fake applications) so that you can manually delete the malware or run an on-demand scanner.

Anti-Malware Prevention and Removal: Real-Time – These are allows updating, scanning and protecting your computer without you lifting a finger.  Some are free and some are not.

Anti-Malware Boot Disks – Malware is completely unprotected and at your mercy

  • Dr Web’s CureIT Live CD – Great for detection and disinfection
  • Kaspersky Rescue Disk – Great for detection and disinfection
  • UBCD4WIN – Fully customizable bootable environment.  You can load and scan with as many anti-malware applications as you want to.
  • Sardu Boot Disk – I haven’t used this yet, but I assume it’s another type of UBCD4WIN

72 Responses to Toolkit

  1. Michael.B (Queensland, Australia) March 13, 2010 at 7:53 am #

    Windows MiniPE (Boot from a CD or Flash Drive)

  2. C. C. March 14, 2010 at 8:08 am #

    Saw your YouTube Video on Comodo Firewall, To make your next installation a little easier if you will look in Program Data under Comodo Downloads you will find the app installation file. You want have to download it every time you want to install. Tip I don’t use Comodo AV but if you will run the firewall in proactive mode and you will get the best protection.

  3. Cantrell Computer Services March 14, 2010 at 6:58 pm #

    How do you guys feel about Threatfire as a second level of protection?

  4. C C March 14, 2010 at 8:00 pm #

    Have tried Threatfire as layered protection and didn’t really like the results. I prefer running Immunet or Immunet/Clam AV as second level. Both are Cloud AV’s and made by the same vendor. Very small application and light on resources.
    I use ESET NOD 32 as my primary AV and Immunet has caught everything that has slipped by NOD 32.

    • malwarekilla March 14, 2010 at 9:50 pm #

      Clam-Av…lol…open source was never so bad.

  5. C. C/ March 14, 2010 at 10:10 pm #

    Oh well! It works for me and has a fair detection rate and my computer hasn’t been infected. Check it with Malwarebytes and SAS daily. I would rather trust ESET and Clam/AV than AVG, Avast, Avira, Microsoft AV which is junk.or other freebies. .

  6. marsse March 15, 2010 at 7:44 pm #

    You should know that Avira and Microsoft Security Esentials are the best antiviruses. In addition to this, any supplimentary protection (like a firewall) will work with those two without any problems. I am waiting for the second part of the Comodo Internet Security review. Good luck, Matt!

  7. C C March 16, 2010 at 5:20 am #

    Hi Matt
    Have tried those products and don’t care for them. Hitman Pro 3.5 has even removed Avira from it’s application.
    I think you will be pleased with the results from the Comodo v4 review. Proactive mode is best way to run that firewall.
    You can see the results from the latests firewall comparative at.

    C C

  8. Mario March 17, 2010 at 6:37 am #

    Hi Matt
    I was wondering if you could help me understand why I’m not able to install Kaspersky Internet Security 2010. I was able to download it from the website. When it comes to the point where the ‘ File Progress’ windows opens, the installation is interrupted 5 times and ends with a message that says ‘ rolling back action’ . When that finishes I get a window that says ‘ Installation interrupted ended prematurely because of an error’.
    I have uninstalled Mcaffee which was the previous anti-virus and also used CCleanner and Power Tools Lite. My computer has got a lot faster but it is still unable to install Kaspersky. I have 6 GB of free memory.

    Do you know how this can be fixed ?
    Appreciate your help.

  9. C C March 17, 2010 at 1:46 pm #

    You can send an email at
    Hope that is the correct address.

    C C

  10. Mario March 18, 2010 at 3:11 am #

    Thanks for the tip. I have sent the email today.

  11. Jerry Diecidue March 18, 2010 at 4:02 pm #

    From your comments, it does ntot sound like you downloaded and ran the Mcafee uninstall tool which is needed in orfder to install a different AV program, especially KIS 2010 (is VERY sensitive to other AV programs.

    The easiest thing to do is google “mcafee uninstall (or removal) tool and go into the result that brings you to the mcafee support site.

    Download the tool and run the uninstall tool which will remove some hidden files that regular windows based uninstall programs always leave behind.

    Let me know how that works.. By they way, I run KIS 2010 and am pretty happy with it..

  12. Bryan March 19, 2010 at 2:16 am #

    I found a good combination for me to be Microsoft Security Essentials, Threatfire, and Immumet. All seem together see to run pretty good. I have done some antivirus tests myself and nothing has slipped past all three. I also run malwarebytes a couple of times a week. bryan

  13. C C March 19, 2010 at 2:40 am #

    Sounds like a good setup Bryan. I’ve had to change things here on my PC also. ESET NOD 32 was not detecting Malware (URL Testing) and was having to many false positives. I changed to Panda Cloud AV (Free) after running a 15 URL (Malware Domain List) test on it,.
    10 Trojans detected
    4 Adware detected
    1 Trojan (Load.exe) missed and was very easily removed will Malwarebytes.
    Changed firewalls also. I have run Comodo for the last three years but since the new release v4, it is still to buggy and I switched to Online Armor 4.0 Premium.

    C C

  14. Mario March 19, 2010 at 6:18 am #

    I ran the mcafee uninstall but it didn’t help. The problem does persist. I have written to I hope they respond.
    Thanks for trying to help.

  15. C C March 19, 2010 at 6:48 am #

    You might try going to Computer/Local Disk C/Program Files/ and look and delete the files that your previous Kaspersky installations.Don’t know what OS your running but if it Vista otr Windows & you can check in Program Data file and delete those Kaspersky installation files also.. To get to Program data folder you will have do this first if your running Vista or Win 7. Control Panel/Appearance & Personalization/Folder Options/Show Hidden Files/under hidden files and folders select the option to show hidden files.and folders. Then go back to where you found the Programs Folder and the Program Data folder will be next one under Programs Folder. Open it and delete the Kaspersky Folder and files and try your installation again. If this doesn’t work go to the Kaspersky website at go to the support page and fill out the online support form.

    C C.

  16. Morgan March 19, 2010 at 8:04 am #

    i use to clean computer are Malwarebytes anti-malware, Superantispyware, combofix on xp and vista, Gmer for 32bit and Avira antivir Personal Free version and for live Cd Kaspersky Rescue CD and windows installation disc if the malware corrupt windows and use the product key on the computer of the person i using and reply back any that i should not use OK

  17. Henk March 21, 2010 at 8:23 am #

    Hi Matt,
    Can you please tell me which remote software you’re using in helping out your customers. I found TeamViewer but I’m not sure about it.

    From Greece, Crete…thanks


  18. Gary S March 25, 2010 at 11:37 am #

    I use Teamviewer. It works great. I just wish there was a Linux version also.

  19. C C March 28, 2010 at 11:32 am #

    Does anyone know anything about Mamutu Behavioural Blocker?

  20. Mario March 29, 2010 at 4:39 am #

    Hey guys:

    Just to let you know that while running the Kaspersky antivirus tool kit just in case that was the cause of the ‘rolling back action’ I found a Symantec file that had not been deleted previously with the respective tool. After this, my son was able to finally install the Kaspersky Internet Security 2010. What a relief!

    Thanks for all the help. Case closed.


  21. Christos March 30, 2010 at 12:59 pm #

    I have KIS2010 and thats all.

  22. jjbula March 31, 2010 at 2:57 am #

    I use MSE with Threatfire and PrevX.

    I’d like to use Panda Cloud instead of PrevX but I don’t think it’s compatible with MSE. I’m a still uncomfortable going with a cloud based AV as the core AV on my system.

    I like AVs that scan all downloaded files and help keep you away from known bad websites. I don’t think Avira does that. Avira seems to have trouble with infected computers but is known to defend a clean system fairly well.

  23. C. C. March 31, 2010 at 2:37 pm #

    Avira using dirty redirection tactics to redirect people looking for Avast to the Avira website.

    Malware removal tools downloads at
    Malwarebytes, Combofix, Vundofix, SUPERAntiSpyware and more.

  24. C. C. April 4, 2010 at 4:10 am #

    Comodo Internet Security v4 not Bullet Proof according to Moderator at Comodo Forums

    Allows possible malicious files to drop through sandbox and install on PC.

    C. C.

  25. T. Teller April 10, 2010 at 2:47 pm #

    Hi Matt
    You said Returnil was made by Comodo during your recent Shadow Defender Review. Think you better look again,
    Contact Information
    Finland – Sales and Online Operations
    Fredrikinkatu 45 A
    00100, Helsinki, Finland
    Phone: +358 442056919
    USA – Administration
    China – Sales and Engineering
    1306 Room
    Huijie Plaza
    Xuanwu District, Nanjing city, China
    Phone: +86-25-83196308
    Fax: +86-25-83196309
    Russia – Engineering
    Office 328C, Building 3
    15 Kondratyevskiy Prospekt
    St.Petersburg, 195197, Russia
    Phone/Fax: +7 812 4585601

    • malwarekilla April 12, 2010 at 1:32 pm #

      @Teller – yeah, I mis-spoke. I had comodo time machine on the brain at that time.

  26. C. C. April 10, 2010 at 8:46 pm #

    Outpost 7 Public Beta Testing Is Underway

  27. C. C. April 13, 2010 at 8:04 am #

    ZoneAlarm Pro Promotion – One day only-April 13th
    License valid for 1 year (4/13/10 to 4/14/11).
    License valid for 3 PCs, new customers only, 1 per customer

    IDENTITY GUARD® Basic ProtectionSM in also available for free for one year but must enter personal info and give credit card info..$4.95 charge per month after first 12 months if you decide to keep IDENTITY GUARD®.

  28. BOB MONTGOMERY April 13, 2010 at 11:01 pm #



  29. C. C. April 14, 2010 at 12:44 am #

    I would add Malwarebytes Free or Purchased .and SuperAntiSpyware. If you purchased Eset Smart Security it already has the firewall and Online Armor and other firewalls want be needed. NOD32 is the Stand alone AV and you will need a firewall with that app unless you are happy with Windows Firewall There is another program called Prevx that you can run with Eset as a secondary line of defense. I would get the free version it will scan and let you know if malware is on your PC. The paid version will also block and remove. .

  30. C C April 23, 2010 at 10:45 pm #

    Hi Matt
    Found a Japanese AV in Beta online and it uses 4 scanning engines. 3 anti virus F-Prot, Bit-defender and Norman. Has a very large signature update after installation. It’s been checked and everyone says it’s not malware.
    Free Download

  31. C C April 30, 2010 at 2:06 am #

    Malwarebytes Anti-Malware Version 1,46 Released Today.(4/29/10)

  32. C C May 2, 2010 at 2:59 am #

    If your a Comodo user you need to read this post by one of Comodo’s very own Malware Researcher or as of now, former Malware Researcher. The truth about these products is finally coming out..

  33. John V May 27, 2010 at 10:33 am #


    Avira using dirty redirection tactics to redirect people looking for Avast to the Avira website.
    C. C. March 31, 2010 at 2:37 pm might not be set up by Avira. See:
    Warning! This site has a poor reputation.
    – “Phishing or other scams”
    – “Ethical issues”

  34. NormanSecuritySuite!! June 5, 2010 at 6:30 pm #

    Are you actually going to update this part Matt? xx

  35. spj18 July 3, 2010 at 7:58 am #

    hey matt i watched the panda av test vid the av kinda sucked ermm idk a good av tbh if u need help search malwareup.selfip in google and join teh site my mate owns it he tests dos viruses and stuff might help u out 😀 hope to see you then

  36. Ben July 7, 2010 at 8:38 pm #

    My computer got infected on July 2, 2010. I followed ur videos on youtube and swep my computer of the viruses. But now, i don’t have any internect connection and it wont connect cause it can’t find the IP Address? Does anyone know how to fix this problem??

  37. Jerry Diecidue July 8, 2010 at 6:53 pm #

    Some malware will change or add a proxy to your internet settings which will block internet access… Matt has instructions on how to fix this. I will copy and paste here…
    Once you remove the rogue the proxy settings stay in place and that means you can’t get to the internet. Fixing this is really easy.

    Open Internet Explorer
    Click Tools
    Internet Options
    Click Lan Settings
    Uncheck the first proxy server setting
    Click OK twice.
    You should be able to get on the internet with any browser now.

    This was taken from here…

    Hope this helps

  38. James July 9, 2010 at 4:51 pm #

    I personally like MBAM Paid instead of the free version, just for it’s IP blocking. Norton 360 does the dirty work with SONAR and the firewall on agressive, including heuristics.

    I am not really a believer in cloud AV, as despite it’s light load on the box, the constant internet connection means you’re helpless if you’re infected badly.

  39. Ben July 11, 2010 at 11:48 pm #

    Jerry, bro, your awesome!! Thanks alot bro!

  40. A48GOBLEN July 30, 2010 at 8:34 pm #

    what do you think about drive sentry an also what is you opinion on sd-fix

  41. faq August 10, 2010 at 10:31 am #

    how to download viruses for testing some antiviruses

  42. Bobby V. November 18, 2010 at 6:39 am #

    Chello, Matt. Saw yya post about Panda cloud on youtube, problem is audio is low, so I had to turn vol. up! Like what what you say about Avira version 9 which is what i use, and have for more than 5 yrs. Took look at Avira ver. 10. Not too please on some of the changes that was made. For instead, an extra window to close at the end of a scan. Unless that can be configure to where it will be as it is in ver. 9, not mention ver. 8. It remind me of older version, when I start using Avira personal free. I as of yet to find out if it can be reconfigure or not. Otherwish, it is one of the best freeware antivirus, I have use since the day’s a dos, when I was using Norton.


  43. Matt December 12, 2010 at 2:32 pm #

    Panda cloud full version is incorporated into the panda antivirus pro which protects you even if the license expires because it still uses cloud and has all the other gismos. Full protection with no updates but clouod support and free-best combo.

  44. kev January 13, 2011 at 8:53 am #

    once they implement DACS into Comodo’s antivirus it will be the best av bar none because will be able to scan unknow files with all av engines eventually and i’m sure they’ll make it to where it will scans both unknown files running both in and out of memory and theres nothing the other av’s can do about it that i know of

  45. kev January 13, 2011 at 9:07 am #

    once comodo gets DACS and they make it scan all unknown files in and out of memory with DACS then comodo will have the best av engine because it will use all av engines. it’s like having virus total scan your whole computer. you can read about DACS and killswitch based on processhacker on comodo forums. those 2 things are in comodo’s new project called comodo cleaning essentials (cce). it will be bootable. so you can say bye bye to having to make a ubcd4win all the time and having to have a xp disc to make it. this will be ubcd4win on steroids because you download it once (no install required) run it, update it, scane it and done. you just killed all malware. and i think it’s coming with repairs built in kinda like SAS so you fix setting malware changed while it was on the system. comod will save the world.

  46. athithan March 29, 2011 at 9:28 pm #

    after avira’s license expires is it just going to stop working or like avast can i get a another license? thanks

  47. Alan B. August 2, 2011 at 5:03 pm #

    Sardu is more like a combination of different, bootable Anti-Malware boot discs. However, you can put different things such as different linux distros, and different utilites such as Ophcrack.

  48. Bry August 11, 2011 at 6:07 pm #

    @malwarekilla That’s a simple well-rounded list so far.
    UnHackMe ( should definately get added to the list. It’s perfect for removing those nasty driver rootkits on boot.
    NOTE: if you don’t know your drivers be very careful!

  49. Trying2singopera April 13, 2012 at 11:16 pm #

    do you recommend Comodo Internet Security 2012?…..I have heard too many bad things about it……please comment

    • ampeg187 June 24, 2012 at 4:52 pm #

      I use it and it’s great. D+ and Firewall alerts can be annoying sometimes and if you don’t know how to answer just click on block or sandbox depends on alert. And don’t listen to those “ladies” that complains about Comodo. It’s amazing program to use. That’s my opinion.

  50. Mark H June 22, 2012 at 9:53 am #

    Hi Matt,
    Why don’t you have Hitman Pro in your toolkit?

  51. Mark H July 1, 2012 at 7:09 am #

    Matt, where is Hitman Pro? Can you please answer!

  52. Mark H July 3, 2012 at 10:04 am #

    Does anyone know why Matt hasn’t included Hitman Pro?

    • mrizos July 3, 2012 at 1:26 pm #

      I had a few bad experiences with it early on. It claimed it could remove bootkits/rootkits without the need of a bootable removal disc. BS. It left a couple of the boxes I was using it on unbootable.

      If they wanna send me a full license to eval it then I’m willing to retest it.

  53. Justin Nicholls October 6, 2012 at 5:52 pm #


  54. Sagar Sehwag October 13, 2012 at 2:30 am #

    You Should Also Add Emsisoft Emergency Kit & Comodo Cleaning Essential & Eset Online Scanner.

  55. Mark H October 21, 2012 at 3:46 am #

    Hi Matt,

    What are your thought’s about Roguekiller by Tigzy? I find it better than Rkill, because it’s more thorough.

  56. Mark H November 19, 2012 at 5:50 am #

    Hi Matt,
    I was wondering if you still use Superantispyware!

    • malwarekilla November 19, 2012 at 7:58 pm #

      Yes. I use it to find the adware that malwarebytes seems to skip for some reason. It’s still a great scanner imo.

      • Mark H November 20, 2012 at 5:51 am #

        What about Roguekiller, do you rate it?

        • malwarekilla November 20, 2012 at 4:48 pm #

          I don’t. Never used it. I’m using Hitman Pro for rogue (hold down left control and then double click hitman pro…takes a few times). I will take a look at RogueKiller though.

          • Mark H November 21, 2012 at 7:55 am #

            Thanks for the feedback Matt!

  57. Ken Fann December 19, 2012 at 8:43 pm #

    Hi Matt,

    Nice list of tools.

    Have you seen Lunarsoft’s similarly named Anti-Malware Toolkit. It can be found at
    This free “Anti-Malware Toolkit” has an interface that lets you select and download multiple anti-malware programs at once.

    It does not install any of these programs. It just lets you download multiple installers at once, and save them to a common location. I don’t have any affiliation with them. Just wanted to share this tool.

    Currently at v1.13.326, it can download the following :


    Avira AntiVir

    Other Programs
    MS Security Essentials
    Avira AntiVir
    Outpost Security Suite Free
    Auslogics Disk Defrag
    Page Defrag

    Process Explorer

    Anti-Virus Uninstallers
    Avast uninstall utility
    AVG remover
    Avira RegistryCleaner
    Bitdefender Uninstall
    Kaspersky 9 Removal
    Windows OneCare Removal


  58. Deshawn August 3, 2013 at 4:26 pm #

    Hi Matt, you’re an awesome guy.

  59. Mark H November 8, 2013 at 11:36 pm #

    Hi Matt, have you done a test on Roguekiller yet?

  60. TonyRKS April 9, 2014 at 10:25 pm #

    Hey Matt, love you videos, it really helped me, keep up the great work. And please make if you can 1 or 2 videos a week. THX! 😀

  61. Bill Martin May 14, 2014 at 2:39 am #

    im loving the sardu boot cd im making my usb version im going to use the usb for fixing my moms laptop when she lets me work on it

  62. TonyRKS May 18, 2014 at 10:10 pm #

    Love your Antimalware videos and forums. Been a subscriber since you had 10,000 subs. Stay cool Bro. 🙂

  63. Bill October 31, 2014 at 10:10 pm #

    sardu is very epic lol i got lol what do you guys think me making a sardu boot usb with all these isos
    avg rescue cd,avira rescue system,bitdefender rescue disc, drweb live cd.f-secure,panda safe disk, vba 32 rescue,acronis antimalware,comodo rescue cd,ubuntu mrt,eset sys rescue ,trinity rescue kit, ultimate boot cd,hirens boot cd ,system rescue cd and kali linux is over kill lol im making it on a 32gb flash drive all that one a flash drive very effective


  1. Remove Malware News for the Week of 8/20/2012 - - August 21, 2012

    […] solid #e6e6e6} Antivirus Reviews For 2011 / 2012, Tools and How To'sToolkitHow To…How To Build A Bootable Anti-Malware Disc – VideosHow To Use A Bootable […]

Leave a Reply