Malware Removal Test 2012
|Test Period||October 2012|
|Number of Testcases||14|
|Online with cloud connectivity|
|False Alarm Test included|
The test was performed in October 2012 under Microsoft Windows 7 Professional SP1 64 Bit. Only products available in English language whose vendors subscribed for the full 2012 public test-series are included in the malware removal test.
- GFI Vipre Antivirus 2013
- PC Tools Spyware Doctor with AV 9.0
This test focuses only on the malware removal/cleaning capabilities, therefore all selected/used samples were samples that the tested Anti-Virus products were able to detect. It has nothing to do with detection rates or protection capabilities. Of course, if an Anti-Virus is not able to detect the malware, it is also not able to remove it. The main question was if the products are able to successfully remove malware from an already infected/compromised system. The test report is aimed to normal/typical home users and not Administrators or advanced users that may have the knowledge for advanced/manual malware removal/repair procedures. Most often users come with infected PC’s with no (or outdated AV-software) to computer repair stores. The used methodology considers this situation: an already infected system that needs to be cleaned.
- Thorough malware analysis to know what to look for
- Infect native machine with one threat, reboot and make sure that threat is fully running
- Install and update the Anti-Virus product
- If not possible, reboot in safe mode; if safe mode is not possible and in case a rescue disk of the corresponding AV-Product is available, use it for a full system scan before installing
- Run thorough/full system scan and follow instructions of the Anti-Virus product to remove the malware like a typical home user would do
- Reboot machine
- Manual inspection/analysis of the PC for malware removal and leftovers
The samples have been selected by following criteria:
- All Anti-Virus products must be able to detect the used malware dropper on-demand/on-access
- The sample must have been prevalent (according to metadata on exact hashes) and/or seen in the field on at least two PC’s of our local customers.
- The malware must be non-destructive (in other words, it should be possible for an Anti-Virus product to “repair/clean” the system without the need of replacing windows system files etc.) and show common malware behaviors (in order to represent also behaviors observed by many other malware samples). Due to that, the selected malware is representative of a very large amount of other samples that show similar behavior and system changes.
- We randomly took 11 malware samples from the pool of samples matching the above criteria. Additionally, we took three samples that have been used already last year, to see if there was an improvement and/or if the removal capabilities under Windows 7 are different.
Award levels reached in this Malware Removal Test
Copyright and Disclaimer
This publication is Copyright © 2012 by AV-Comparatives ®. Any use of the results, etc. in whole or in part, is ONLY permitted after the explicit written agreement of the management board of AV-Comparatives prior to any publication. AV-Comparatives and its testers cannot be held liable for any damage or loss, which might occur as result of, or in connection with, the use of the information provided in this paper. We take every possible care to ensure the correctness of the basic data, but a liability for the correctness of the test results cannot be taken by any representative of AV-Comparatives. We do not give any guarantee of the correctness, completeness, or suitability for a specific purpose of any of the information/content provided at any given time. No one else involved in creating, producing or delivering test results shall be liable for any indirect, special or consequential damage, or loss of profits, arising out of, or related to, the use or inability to use, the services provided by the website, test documents or any related data.
For more information about AV-Comparatives and the testing methodologies, please visit our website.