Takeaway: Fighting the malware battle really hurts when you’re spending a good deal of your IT budget (if you even have an IT budget) on software to protect machines from attacks. Here’s how to do it for free.
Malicious software (be they viruses, rootkits, trojans, worms, or malware) are so prevalent it seems one of the primary jobs for IT is the protecting, cleaning, and removing of said software. It seems no matter how hard you try, or how much you pay for the software you use to protect your desktops, it always seems like a losing battle. Fighting that losing battle really hurts when you are spending a good deal of your IT budget (if you even have an IT budget) on software to protect machines from attacks.
It doesn’t have to be that way. I have found plenty of tools that can help in the quest to have a virus/malware-free environment. These tools can be either installed on your machines or used as a toolkit to carry with you to fight the good fight. You won’t find enterprise-grade tools here. What you will find are tools I have found to do the best job at keeping my systems clean.
Combofix
Combofix is my first line of defense tool when I suspect something has taken over a machine. But you shouldn’t just run this powerful tool without a few considerations. First, and foremost, what will Combofix fix? After a successful run of Combofix, you should have cleaned (if applicable): Malware, Rootkits, Trojans, Worms, and Viruses. What you need to know about Combofix, prior to running is quite important. The single most important issue with Combofix is that you can not run it with an antivirus tool enabled. With some antivirus solutions you can simple disable the tool (Symantec Endpoint Protection is a perfect example). One particular antivirus solution, AVG, I have found to require complete removal before running Combofix. And to be on the safe side, I prefer to run Combofix with the computer in safe mode. One other note: Never download Combofix from any other site than Bleeping Computer or ForoSpyware.
CCleaner
Antoher free tool, CCleaner does two things incredibly well: Cleans the Windows registry and removes cached web data. There are a lot of registry cleaners available, but CCleaner is the one I always trust. As with any tool, you want to make sure you understand the tool before using. And although cleaning cached browser data is fairly harmless, cleaning the registry is not. I highly recommend always doing a backup of the registry when using CCleaner to take care of this task. Fortunately CCleaner has a built-in tool for backing up said registry.
Microsoft Security Essentials
After using so many different anti-virus tools, the one tool that seems to work nearly as well as any other, without any attached cost, is Microsoft Security Essentials. Not only will this anti-virus tool work well to help prevent infection, it does so with as little drain on the system as nearly any anti-virus tool.
Malwarebytes
People are always surprised to find out they need anti-spyware as well as anti-virus protection. Of the anti-malware tools I have used, Malwarebytes seems to be the most effective. Now there are two different versions of Malwarebytes: Free and Paid. The biggest difference is the Paid version has a real-time scanner built in. The free version must be run manually. This is not a problem if you are in control of all the PC scanning, or you can trust your users to manually run the software nightly (as well as manually update the definitions often.) If you can not trust your users to run this piece of software, you might need to buckle down and drop the $24.95 for the licensed version.
Clonezilla
Clonezilla is a Free Open Source Software (FOSS) that allows you to do bare metal backups and recoveries. There are two different versions available: Clonezilla Live or Clonezilla SE (Server Edition). As the name implies, Clonezilla Live is a small, bootable live Linux distribution that allows you to clone to do a single clone at a time. The Server Edition requires a DRBL server and allows you to do massive cloning. With the Server Edition you can do large, simultaneous restores quickly (instead of a single clone at a time.) Regardless of which tool you use, Clonezilla is a very reliable tool for bare metal backups and restores.
Hamachi
Although not a tool that will help you clean up your systems, Hamachi will allow you to add machines to a VPN without having the associated costs of a typical VPN. I have already covered this tool in my OpenSource post “Use Hamachi VPN on your Linux clients,” so I will let you use that as a basis for installation and use. If you’re curious how this can be used as an admin tool - you can always house your toolkit on a machine connected to Hamachi VPN and then access those tools from anywhere (so long as you can add Hamachi to the machine in question.)