Many Americans might not be aware of the feisty Russian-based computer security company Kaspersky, but it is the fourth largest security vendor in the world, the third largest vendor of consumer security software, and the fifth largest vendor of enterprise endpoint protection, according to Wikipedia. Headquartered in Moscow since its inception in 1987, Kaspersky currently has 29 regional offices around the globe, including U.S. offices in Boston and Miami. Kaspersky services more than 300 million individual clients, and over 200,000 corporate clients, and provides its Kaspersky Anti-Virus engine and related software security services under license to more than 120 other security vendors. Kaspersky publishes a complete stable of security software for home, commercial, and mobile markets, and is typically among the highest rated security products in published reviews.
In addition to commercial products, Kaspersky also offers a comprehensive collection of free utilities to detect and remove viruses and other malware, including ransomware and rogue software, from infected computers. These free utilities are only intended to clean infected computers and not intended as full time protective software; Kaspersky (and others) happily sell security software for that purpose.
A summary of Kaspersky’s free detection and cleaning services is online at support.kaspersky.com/viruses, and includes information and links for its many detection and removal utilities. Kaspersky offers a broad selection of these utilities, including a large (130 mb) and comprehensive virus detection utility Kaspersky Virus Removal Tool 2011 (support.kaspersky.com/viruses/avptool2011). According to the Web site, “Kaspersky Virus Removal Tool is a utility designed to remove all types of infections from your computer.” The “2011” date may be misleading, as this product is continuously updated and ready to run when downloaded. Kaspersky explains this as, “Kaspersky Virus Removal Tool 2011 provides no update function. The up-to-date version of the application with the latest version of anti-virus databases is always available on the Web site.” While Virus Removal Tool 2011 is complete and up to date when downloaded, additional functionality is available during the scan process if there is current Internet access, allowing for “ ... non-signature search of malware based on ‘cloud’ technologies.” The detection and removal process is automated, and little or no user intervention is required while the scanner is running. This utility is one that I download fresh to a flash drive (along with several other utilities) if I know that I am going to clean an infected computer.
Some computers have been so severely infected that they cannot be booted, or have viruses and other malware that prevents traditional detection and removal utilities from executing. Kaspersky offers a free solution to this predicament with its Kaspersky Rescue Disk 10 (support.kaspersky.com/viruses/rescuedisk). The Web site explains why it is necessary to use the bootable Rescue Disk 10 when system based utilities are unable to clean the infected computer: “Kaspersky Rescue Disk is designed to scan, disinfect and restore infected operating systems. It should be used when it is impossible to boot the operating system. In this case, disinfection is more efficient because malware programs do not gain control when the operating system is being loaded. In the emergency repair mode, you can only start objects, scan tasks, update databases roll back updates and view statistics.” The RescueDisk 10 file is a 236 mb ISO file that must be burned to a CD using any one of the many available ISO burners, which will make the CD bootable; simply copying or burning the downloaded ISO file to a CD will not create a bootable CD. Instructions on how to create a bootable CD using the ISO file are available on the Web site, and are also included with almost all ISO burning utilities. Most major CD burning utilities support the creation of bootable CDs using an ISO file; just be sure to check the ISO selection from the CD utility software menu. Once booted with the created Rescue Disk, the computer can be scanned using the included Kaspersky scanning engine, which will effectively detect and kill most malware in circulation. After the computer is cleaned with Rescue Disk 10, the CD is removed, and the newly disinfected computer rebooted as normal. As is common after most contemporary infections, it may be necessary to reinstall any security software that was on the computer prior to the infection (maybe not a good idea, because it had already been proven to be vulnerable), or install a new security suite.
In a recent column, I wrote about the nasty form of malware referred to as “ransomware,” where an infected computer is locked by the malware and supposedly not released until ransom is paid via a third-party payment service to a cyber crook. This ransomware is often accompanied by a screen falsely announcing that child pornography or pirated software was found on the computer, threatening jail time and hefty fines if the ransom or fine is not promptly paid. The screen of the locked computer gives explicit instructions on how to pay the fine (ransom) to unlock the computer. Even if the fine/ransom is promptly paid, the computer will likely not be unlocked by the scammer. In addition to the ransom requested, the cyber crook also often loads other malware to the infected computer, including varieties of spyware and key loggers to steal valuable personal information, banking, shopping and credit card information in order to perpetrate identity theft and other financial crimes.
Kaspersky offers an interactive free utility to explicitly unlock the purloined computer, and allow the removal of the ransomware. Kaspersky WindowsUnlocker is a large (236 mb) ISO file that can be burned to a CD or installed to a bootable USB flash drive. The bootable media also includes an updated copy of Kaspersky’s Rescue Disk utility, which will be used in conjunction with the WindowsUnlocker. Once the bootable media is created, the computer is booted with it, following the instructions provided by Kaspersky mentioned previously. The WindowsUnlocker utility will scan the registry and remove any traces of the ransomware from the registry (these hidden registry entries are often referred to as a form of “rootkit”), and then run the malware detection and removal software to complete the cleaning process. This process will likely remove the ransomware as well as any additional malware that it may have installed or any malware that had previously infected the computer. The bootable media is removed from the computer and then the computer is rebooted normally; if successful, the ransomware should be gone. It will then be necessary to install (or reinstall) a comprehensive security suite, and any previously installed security software might have been compromised by the ransomware (malware).
In addition to the broad-spectrum scanners already mentioned, Kaspersky offers an extensive collection of small, free scanners for specific scanning tasks and removal of difficult infections. Several of these specific removal utilities are intended to detect and neutralize individual ransomware, illicit file encryption malware, rootkits and other threats. The comprehensive list of free security scanners available for download is located at kaspersky.com/downloads/free-antivirus-tools.
Hopefully, you will never need to utilize these excellent, free malware detection and removal utilities from Kaspersky, but a familiarity with them may provide some degree of “peace of mind” in this dangerous and threatening cyber world. It is nice to know that they are available if (when) you ever need them.