This website uses cookies to ensure you get the best experience on our website.
Please note that by continuing to use this site you consent to the terms of our Privacy and Data Protection Policy .
Some of our partner services are located in the United States. According to the case law of the European Court of Justice, there is currently no adequate data protection in the USA. There is a risk that your data will be controlled and monitored by US authorities. You cannot bring any effective legal remedies against this.

Malware Removal Test 2014

Date October 2014
Language English
Last Revision December 1st 2014

Release date 2014-12-01
Revision date 2014-12-01
Test Period March - October 2014
Number of Testcases 30
Online with cloud connectivity checkbox-checked
Update allowed checkbox-checked
False Alarm Test included checkbox-unchecked
Platform/OS Microsoft Windows
Methodology Click here


The test was performed from March to October 2014 under Microsoft Windows 8.1 64-Bit (English). Only products whose vendors subscribed to the 2014 public main test-series, and did not opt-out of this test, are included in this report.

Tested Products

Test Procedure

This test focuses only on the malware removal/cleaning capabilities, therefore all samples used were samples that the tested anti-virus products were able to detect. It has nothing to do with detection rates or protection capabilities. Of course, if an anti-virus is not able to detect the malware, it is also not able to remove it. The main question is if the products are able to successfully remove malware from an already infected system. The test report is aimed to typical home users and not administrators or advanced users who may have the knowledge for advanced/manual malware removal/repair procedures. Most often users come with infected PC’s with no (or outdated) AV-software to computer repair stores. The methodology used considers this situation: an already infected system that needs to be cleaned.

  • Thorough malware analysis for each sample, to see exactly what changes are made
  • Infect physical machine with one threat, reboot and make sure that threat is fully running
  • Install and update the anti-virus product
  • If not possible, reboot in safe mode; if safe mode is not possible and in case a rescue disk of the corresponding AV-Product is available, use it for a full system scan before installing
  • Run thorough/full system scan and follow instructions of the anti-virus product to remove the malware, as a typical home-user would do
  • Reboot machine
  • Manual inspection/analysis of the system for malware removal and remnants

Malware Selection

The samples have been selected according to the following criteria:

  • All (full) security products must be able to detect the malware dropper used when inactive
  • The sample must have been prevalent (according to metadata) and/or seen in the field on at least two PC’s of our local customers in 2014.
  • The malware must be non-destructive (in other words, it should be possible for an anti-virus product to repair/clean the system without the need for replacing Windows system files etc.).

We randomly took 30 malware samples from the pool of samples matching the above criteria. Additionally, we took one old sample that was used last year, to see if there was an improvement and/or if the removal capabilities changed.

Test Results

Award levels reached in this Malware Removal Test

Microsoft Windows Defender was tested out-of-competition and is therefore not included in the awards page.

Copyright and Disclaimer

This publication is Copyright © 2014 by AV-Comparatives ®. Any use of the results, etc. in whole or in part, is ONLY permitted after the explicit written agreement of the management board of AV-Comparatives prior to any publication. AV-Comparatives and its testers cannot be held liable for any damage or loss, which might occur as result of, or in connection with, the use of the information provided in this paper. We take every possible care to ensure the correctness of the basic data, but a liability for the correctness of the test results cannot be taken by any representative of AV-Comparatives. We do not give any guarantee of the correctness, completeness, or suitability for a specific purpose of any of the information/content provided at any given time. No one else involved in creating, producing or delivering test results shall be liable for any indirect, special or consequential damage, or loss of profits, arising out of, or related to, the use or inability to use, the services provided by the website, test documents or any related data.

For more information about AV-Comparatives and the testing methodologies, please visit our website.

(December 2014)