Specialized Tools and Resources


This is a page dedicated to specialized tools and resources that are useful for various malware-fighting and security tasks. Most of these tools are not geared towards malware researches, but for users that need to remove specific difficult to remove parasites. The complete 2-viruses resource directory is available here.

Anti-Rootkit tools

Anti-Rootkit tools are specialized programs to detect and remove rootkits. Although “perfect” rootkit can not be detected (in theory) as they hide its processes and files, most of the rootkits can be detected and removed by one or another program. Some of the antiviruses offer rootkit detection as well.

Rootkit RevealerFreeRootkit revealer is an utility made by sysinternals, which was later acquired by Microsoft. It is classic rootkit detection utility, however it works on 32 bit windows systems only.
GmerFreeGmer is advanced rootkit detection and removal utility. Although you can download zip, it offers randomized name executable download which is harder to block for rootkit applications.
TDSS KillerFreeTDSS Killer, developed in Kaspersky Lab, targets specific rootkit, known as Tidserv, TDSServ or Alureon. This rootkit is quite popular as it causes browser redirection to infected websites. Note: Not all browser redirection is caused by rootkits, for other causes check our redirection guide here.
Sophos Anti-RootkitFreeanti-rootkit
Avira AntiRootkit ToolFreeanti-rootkit
Rootkit BusterFreeanti-rootkit
F-Secure BlackLightFreeanti-rootkit
McAfee Rootkit DetectiveBetaanti-rootkit
Panda Anti-RootkitFreeanti-rootkit
Vba32 AntiRootkitFreeanti-rootkit


ComodoComodo Firewall is one of the most widely used free firewalls around. It is efficient, reliable and hard to beat at costs.
Zone AlarmZonealarm by CheckPoint is another very popular free firewall
Online ArmorOnline Armor is another good firewall with free version available. Paid versions provide anti-phishing filters, web shield and virus/malware protection
PCTools Firewall PlusA powerful firewall solution by PCTools, free of charge.
Lavasoft Personal FirewallA powerful firewall solution
Outpost Firewall ProA powerful firewall solution
Norman Personal FirewallA powerful firewall solution
Ashampoo FireWallFree
Jetico Personal FirewallA powerful firewall solution

Junkware / Browser cleaners

These tools detect and clean unnecessary toolbars and other programs from your browser. They are useful in cases of browser hijack as long as no other malware is present.

Adwcleaner Adwcleaner is one of the most used stand-alone browser extension cleaners. It is free program developed by Xplode.
Junkware removal tool Junkware Removal Tool is a bloatware cleaner made by Thisisu. I faced some problems running it on Windows 8, though it should work perfectly on other versions.

Security Toolbars and browser extensions

Browser extensions try to make browser a bit more secure by automatically scanning the website or checking it against infected website databases. In many cases this functionality is similar to the one provided by Internet Security Suites, however browser extensions are usually free.

Online file scanners

Online file scanners provide a way to check if the file is infected or not. The scanners either check it against one or multiple antivirus engines or unpacks and analyses what the file does (behavioral analysis).

VirusTotal42 EnginesVirustotal provides one of the most in-depth file scanning services, as it scans each file with 42 detection engines including most popular antivirus and antimalware choices. Although the updates might be 1 day old sometimes, this is very useful website to check if download is infected or not. It allows file up to 20 mb in size.
Virscan.org36 EnginesVirscan scans up to 20 mb file against 36 antiviruses. The definition update process might be a bit slower than with virustotal, but that is my own impression.
Novirusthanks24 EnginesNoVirusThanks offers scanning with 24 antivirus engines. The upload is maximum 20 mb. Also it offers basic website scan for iframes.
Jotti19 EnginesJotti scans each file towards 19 Linux-based antivirus programs and submits the infected file to antivirus companies.
Filterbit10 EnginesFilterbit scans file with 10 antivirus engines. What makes this service different, it is a demo version of Metascan – a SDK for building on-demand multiple antivirus scanners yourself.
AnubisBehavioralAnubis performs behavioral windows executable analysis, that is provides information what submitted program does. This service is useful to determine if executable performs some strange, possibly malicious operations or something it should not do. The results show which registry and file keys the program tries to access, which files are created or accessed, what devices the application tries to use. The results are provided on-the-fly.
SunbeltBehavioralSunbelt Sandobox provides behavioral analysis for executable sample. You will have to provide a working email address for the results.
ThreatExpertBehavioralThreatExpert provides behavioral analysis for files up to 5 MB. The size limitation is the biggest drawback of this service, as many of the analyzers accept bigger files.
CamasBehavioralComodo Instant Malware Analyzer provides web-based results for submitted file samples. Although at first it shows only basic file tests like its MD5 sum, after a minute or so you will get a full report. The service is faster than Anubis.
XandoraBehavioralXandora is created by the Panda Labs. It provides scanning of binary files or archives, supports Zip archives with passwords so malware can pass antivirus engines on researchers PC.
JoeboxBehavioralJoebox allows choice on what OS and how the infected binary will be run. It also allows some additional control on how the binaries will be tested. Archives are supported.

Websites scanners and blacklists

IPVoid.comIpvoid scans multiple blacklists for IP address. It will find out if IP address was already detected for spamming or malware distribution
URLVoid An URL meta-scan engine. Scans several blacklist databases for url
Google SafebrowsingGoogle site check. Provides information about url and its ip address, together with info about malware detected on particular website
WepawetA tool for analyzing PDF, flash or Javascript samples for malicious actions

Update 06/21/2012. TDSS Remover link removed – no longer works.


24 August , 2010 15:35

3 thoughts on “Specialized Tools and Resources

  1. Pingback: ZeroAccess Rootkit - how to remove

  2. AntiVirus Support

    Norton Power Eraser deserves mention here as its been found helpful against many rootkits

  3. David

    Gmer and TDSS Remover links are dead


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>