Malware Cleanup: What Works, What Doesn't

When a company advertises its software as a malware-removal tool, you expect it to remove malware. When the German government sings a malware-removal tool’s praises, you really expect it to work. 

Bad news, then, for DE Cleaner Antibot, a free malware-removal tool that’s earned acclaim left and right, but came in dead last in a recent evaluation by independent German lab AV-Test. It's definitely not one of the best antivirus software programs.

Credit: AV-Test

(Image credit: AV-Test)

It’s not all doom and gloom, though. AV-Test put 17 different antivirus programs, rescue disks and malware-removal tools to a novel test: Seeing how well each could clean up an infected computer. 

Kaspersky Internet Security and the associated Kaspersky Viral Removal Tool both passed with flying colors, and a variety of other free and paid options caught almost every infection that AV-Test could throw their way.

MORE: Best Antivirus Software and Apps

AV-Test usually evaluates how well antivirus programs prevent malware from getting onto your machine in the first place, but the sad fact is, if you own a computer long enough, something is likely to slip through the cracks. This is true even for Macs and Android devices, which is why we offer roundups of the best Mac antivirus software and the best Android antivirus apps.

As such, AV-Test rounded up nine antivirus security suites and eight tools specifically designed to catch and destroy malware after it’s already infected a machine.

The researchers exposed the antivirus programs to 19 pieces of malware apiece, twice each: first by installing each program on a system that was already infected; second by disabling the program, infecting the machine and then re-enabling the antivirus program. The specialty malware-removal tools, which are designed to be used post-infection, were each exposed to the same 19 pieces of malware on already-infected systems.

Credit: AV-Test

(Image credit: AV-Test)

AV-Test evaluated each piece of software in four categories: “Malware not detected,” “Active malware components not removed,” “Only harmless file remnants left behind” and “Complete removal, clean system.”

All of the categories are fairly self-explanatory, although savvy readers may wonder why AV-Test would concern itself with harmless remnants. While these leftovers don’t pose a threat, they are pure junk data, and an ideal antivirus or malware-removal program should get rid of everything installed during a malware infection, not just the active components.

As mentioned above, Kaspersky Internet Security 17.0 and Kaspersky Virus Removal Tool 15.0 were both completely successful in removing malware after-the-fact, and were the only ones to do so. Bitdefender Internet Security 21.0, Avast Free Antivirus 17.5, G Data Internet Security 25.3, Avira Antivirus Pro 15.0, Symantec Norton Security and Bitdefender Rescue Disk 2.1 all scored at least 90 percent, getting rid of every active malware component.

(While Microsoft Windows Defender Offline also scored more than 90 percent, it could not remove two active malware components, making it a fairly dangerous choice.)

Credit: AV-Test

(Image credit: AV-Test)

At the other end of the spectrum, DE Cleaner Antibot 3.7 took the ignominious low, letting five malicious programs fester on the infected system. (Enigma Software SpyHunter 4 let three pieces of malware slip past.) As AV-Test pointed out, DE Cleaner Antibot is one of the most popular cleanup tools in Germany, even earning a recommendation from the country’s Federal Ministry of the Interior. Let us hope that the German government doesn’t actually use DE Cleaner to clean up its own machines.

Somewhere in the middle were Malwarebytes Premium 3.1, Microsoft Security Essentials 4.10, Avast Rescue Disk, Microsoft SafetyScanner 1.0, Heise Disinfect 2016/17 and G Data BootMedium, which all scored somewhere between 67 and 90 percent of total system repair. In other words: Better than nothing, but hardly top-shelf protection.

One important thing to note is that, in theory, none of the antivirus software tested should have let the malware slip past in the first place. Indeed, AV-Test had to purposely deactivate them in order to install malware in the first place. While many of the cleanup programs AV-Test evaluated worked well at eliminating malware, the best defense is still to have complete antivirus protection running at all times.

Best Antivirus Software

Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi.