Cleaning Up Malware Contamination

By Joseph Moran | Posted July 20, 2006

In a way, a Windows PC can be a lot like a glass of tap water — everything may look normal on the surface, but a closer examination can reveal all sorts of hidden stuff inside. The water contaminants may be microbes or chemicals, but on a PC it's malicious software that you need to worry about.

These days there are countless unpleasant programs floating around the Internet looking for systems to infect, and it often seems as if there are almost as many programs that you can employ to help rid your computer of these infections.

The Cleaner Professional from MooSoft is one such program that tries to protect your system against a variety of threats, from spyware to keyloggers to trojans and worms. Like many similar utilities, The Cleaner Professional (TCP) aims not only to ferret out existing infections but to prevent new ones as well by monitoring the changes that are made to your system.

We found that TCP could be helpful in locating, removing, and thwarting infections, but it also suffers from a poor interface design that in many cases requires too much effort from the user.

TCP actually consists of three separate programs. There's the main application that scans your system for problems, and then there are two additional modules called TCActive and TCMonitor, which monitor processes in memory and the Windows Registry (respectively) in the hopes of blocking unauthorized changes and arresting damage before it occurs.

Each piece of TCP is a stand-alone application that is accessed independently (both TCActive and TCMonitor have their own Windows Tray icons), and while we certainly appreciate the software's thoroughness, a more integrated interface would be easier to work with than having to go to three different places to use or view the various aspects of the overall program.

System Scanning
We installed TCP on two Windows test systems that we knew to be infected and performed a complete scan. The scans identified multiple infections on each system and offered the option to quarantine or delete them, each of which it was able to do successfully. The time necessary to scan the entire system (including hidden files and inside compressed archives) didn't seem overly long, though the estimated time remaining counter is too inaccurate to be helpful. (In addition to complete system scans, you can also scan any individual file via a right-click context menu option.)

Unlike some spyware cleaning tools, The Cleaner Professional doesn't flag tracking cookies, which can be troubling but usually doesn't pose a serious risk to a system.

If you want to learn more about a malicious program you just uncovered, you can consult a trojan database accessible from within TCP. Alas, although the database contains what looks to be hundreds of entries, most of them offer very little information other than the specific category (i.e., adware, dialer, backdoor, etc.) the malware falls under.

Each entry also has a link to MooSoft's online database, which often contains a bit more information, but it's usually nothing more than a cursory description of what the malware does. Ultimately the database isn't as informative as it could be, and there are better resources on the Web for researching the nature of a suspicious program.

A more useful capability is TCP's Stealth Mode, which can randomly change the name of the program's executable files (and removes the program names from Window titles) so that they won't be recognized by malware programs that try to identify and deactivate any defensive programs you have running on your system.

System Monitoring
The first step a malevolent piece of software takes to get its hooks into your system is to modify the Registry (behind your back of course). To guard against this, TCMonitor runs in the background and keeps an eye on things, flagging you whenever it detects an attempt to change the Registry.

When it detects a change, TCMonitor pops up a warning accompanied by a rather jarring siren sound that plays over and over again until you dispense with the warning. (Only one alternative sound effect is offered, though you can substitute the .wav file of your choice or dispense with the audio altogether.) TCMonitor can also notify you via e-mail, which is nice.

With TCMonitor running in the background, we set out looking for some spyware. Before long we found some, and luckily, so did TCMonitor. We also ran some of the tests available at www.spycar.org, which, among other things, attempt to modify your Registry, change your browser settings, and execute programs the way a malicious program might. In this case, TC Monitor flagged every attempt at a Registry change, but it didn't prevent many of the browser changes or program executions.

But there's another catch: While adept at detecting Registry changes, TC Monitor makes responding to them more difficult than it should be. It's initial warning tells you which Registry key is being changed, but to examine the actual change you must click a button to open another window. Moreover, since TC Monitor displays two columns that list the key's entire contents before and after the change, the potentially damaging modification isn't always immediately obvious.

If you decide that the change is unauthorized your recourse is to click a button to launch the Windows Registry Editor, which you must then use to manually delete the modification yourself. We would much prefer a single dialog that warns of the modification, displays all the relevant information, and then offers the option to accept or reject the change.

The Cleaner Professional lets you schedule your scans and even the downloading of program updates, but here too the interface leaves something to be desired. You can create a new scheduled scan or update from within TCP, but the program then drops you into Windows Task Scheduler to configure the day/time along with any other options.

Conclusion
The Cleaner Professional works with most versions of Windows (98, Me, 2000, XP, Vista). There's no Mac or Linux version, but who attacks those operating systems anyway, right? You can download a fully functional version of The Cleaner Professional to use for a 30-days.

Registering the software after the trial period will set you back a $49.99 (plus an additional $4.99 and $10.95 if you want extended download rights or a CD, respectively). The welcome dialog box offers a link to purchase the software at a 10% discount, but no such discount was applied when we followed it.

It's hard to recommend a program that requires jumping through so many interface hoops as well as interacting with standard Windows tools like Registry Editor and Task Manager. When you add that with the software's uneven performance and relatively high price tag, the final verdict is clear: There are simply more effective, user-friendly and lower-cost options in the never-ending quest to keep malware at bay.

Pros: Offers stealth mode, e-mail notification for discovered malware

Cons: Incomplete protection, cumbersome interface, expensive

Adapted from winplanet.com.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date