Andrés Valencia

Antivirus Information

This section offers information and tools to keep your PC free of computer viruses and other malwares.

- General Virus Information
- Anti-Virus Online Scanners (including anti-Conficker)
- Anti-Virus Software

General Virus Information

Usually a virus has two distinct functions:

• Spreads itself from one file to another without your input or knowledge.
  Technically, this is known as self-replication and propagation.
• Implements the symptom or damage planned by the perpetrator.
  This could include erasing a disk, corrupting your programs or just creating havoc on your computer.
  Technically, this is known as the virus payload, which can be benign or malignant at the whim of the virus creator.

A benign virus is one that is designed to do no real damage to your computer.
For example, a virus that conceals itself until some predetermined date or time and then does nothing more than display some sort of message is considered benign.

A malignant virus is one that attempts to inflict malicious damage to your computer, although the damage may not be intentional. There are a significant number of viruses that cause damage due to poor programming and outright bugs in the viral code.
A malicious virus might alter one or more of your programs so that it does not work as it should. The infected program might terminate abnormally, writing incorrect information into your documents.
Or, the virus might alter the directory information on one of your system areas. This might prevent the partition from mounting, or you might not be able to launch one or more programs, or programs might not be able to locate the documents you want to open.

Some of the viruses identified are benign; however, a high percentage of them are very malignant. Some of the more malignant viruses will erase your entire hard disk, or delete files.

How Virus Infections Spread:

• Infected Floppy Diskettes
• 'Pirated' Software in Diskettes and CDs
• Computer Networks
• Corrupt e-mail Files
• Internet Downloads
• Demo and Free-Trial Disks

The High Cost of Viruses

Viruses can be equally devastating to the home user. If you notice any of the following symptoms on your home PC or portable computer, you may have a virus.

Common Symptoms of Computer Viruses:

• Longer Program Load Times
• Slower System Operation
• Reduced Memory or Disk Space
• Unusual Error Messages
• Unusual Screen Activity
• Failed Program Execution
• Frequent System Crashes

Viruses: The Threat is Real

The National Center for Computer Crime Data in Los Angeles estimates that American business have lost as much as $550 million from unauthorized access to computers yearly. The amount of lost time may be incalculable.

As an indication of the severity of the problem, the federal government has helped to form a virus SWAT team called the Computer Emergency Response Team. Its job is to investigate security threats in major computer networks across the country. The Software Publishers Association has also adopted certain measures to address the problem.

Furthermore, in the last year many Fortune-listed companies have begun to establish computer policies to deal with viruses. In many cases those new procedures will set practices for testing in all software before it is put on a network and restrict the downloading of software from electronic bulletin boards. Literally no one who uses computers--not the government nor the police nor even your local bank--is immune from computer viruses.

Suppose a space shuttle executed order from a virus-infected software program. Or an air traffic controller was given incorrect information from a fouled system. Or your company’s financial records were suddenly eradicated or permanently altered.

These are not necessarily fantasies of impending doom. Thus far, computer viruses have hit a variety of systems, including Fortune 500 companies, government agencies, major universities, newspapers, and large networks linking vast numbers of computers and huge volumes of information.

Symantec Security Response offers white papers on a range of issues relating to Internet security at http://securityresponse.symantec.com/avcenter/whitepapers.html

Security information is of a time-critical nature.
The Symantec Threat Explorer contains information about major security developments, including Symantec's response to the situation.

Types of Computer Viruses:

File Infectors:

These are viruses that attach themselves to (or replace) .COM and .EXE files, although in some cases they can infect files with extensions .SYS, .DRV, .DLL, .BIN, .OVL and .OVY. With this type of virus, uninfected programs usually become infected when they are executed with the virus in memory. In other cases they are infected when they are opened, or the virus simply infects all of the files in the directory it was run from.

Boot Sector Infectors:

Every logical drive, both hard disk and floppy, contains a boot sector. This is true even of disks that are not bootable. This boot sector contains specific information relating to the formatting of the disk, the data stored there, and also contains a small program called the boot program (which loads the DOS system files). The boot program displays the familiar "Non-system Disk or Disk Error" message if the DOS system files are not present. It is also the program that gets infected by these viruses.
You get a boot sector virus, by leaving an infected diskette in a drive and rebooting the machine. When the boot sector program is read and executed, the virus goes into memory and infects your hard drive.
Remember, because every disk has a boot sector, it is possible (and common) to infect a machine from a data disk.
NOTE: Both floppy diskettes and hard drives contain boot sectors.

Master Boot Record Infectors:

The first physical sector of every hard disk (Side 0, Track 0, Sector 1) contains the disk's Master Boot Record and Partition Table.
The Master Boot Record has a small program within it called the Master Boot Program which looks up the values in the partition table for the starting location of the bootable partition, and then tells the system to go there and execute any code it finds. Assuming your disk is set up properly, what it finds in that location (Side 1, Track 0, Sector 1) is a valid boot sector.
On floppy disks, these same viruses infect the boot sectors.

You get a Master Boot Record virus in exactly the same manner you get a boot sector virus -- by leaving an infected diskette in a drive and rebooting the machine. When the boot sector program is read and executed, the virus goes into memory and infects the MBR of your hard drive.
Again, because every disk has a boot sector, it is possible (and common) to infect a machine from a data disk.

Direct Infector:

A virus that is active only while an infected file is being executed.

Memory-Resident Infector:

A Memory-Resident Infector virus is much like a conventional terminate-and-stay-resident program (TSR). It takes over the system when activated. A Memory Resident Infector maintains control of the system and continues to spread as you use your computer, even if you close the infected program. It keeps control until the computer’s memory is cleared by rebooting from a "cold boot", that is, a power off or the reset button. (Some viruses can survive a Control/Alt/Delete).

Polymorphic Virus:

A virus that deliberately changes its own programming code to prevent detection. Every file that a Polymorphic Virus infects will contain a different set of instructions, even though they are all infected with the same virus.

Stealth Virus:

A virus that actively seeks to conceal itself from discovery or defends itself against attempts to analyze or remove it.
Stealth viruses have special engineering that enables them to elude detection by traditional anti-virus tools. The stealth virus adds itself to a file or boot sector but, when you examine, it appears normal and unchanged. The stealth virus performs this trickery by staying in memory after it's executed. From there, it monitors and intercepts your system's OS calls. When the system seeks to open an infected file, the stealth virus displays the uninfected version to the OS, thus hiding itself.
Some anti-virus scanners, using traditional techniques, can actually spread the virus. This is because they open and close files to scan them − and this gives the virus additional chances to propagate. These same scanners will also fail to detect stealth viruses, because the act of opening the file for the scan causes the virus to temporarily disinfect the file, making it appear normal.

Trojan Horse:

A stand-alone program that promises to be something useful or interesting (like a game or a program to investigate the communications accounts of your contacts), but may covertly damage or erase files on your computer while you are running it. Trojan Horses are not viruses. Trojan Horses are generally difficult to detect.

Trojan Horses contain communications routines that open a "backdoor" to your PC that lets a hacker use it for remotely attacking and infecting other computers while connected to the Internet.

Worm:

Programs that spread themselves from computer to computer over a network without user intervention.
Worms, unlike viruses, do not infect programs, diskettes, or files with macro capabilities. Instead, they make copies of themselves and send these copies over the network to other targeted machines by exploiting a vulnerability.
Like viruses, Worms come from anonymous or untraceable sources.
Worms are often equipped with dictionary-based password crackers and other cracker tools that enable them to penetrate more systems. Worms often steal or vandalize computer data.

Worms contain communications routines that open a "backdoor" to your PC that lets a hacker use it for remotely attacking and infecting other computers while connected to the Internet.

Worms that use security exploits can become widespread in a very short amount of time. Code Red, Nimda and Blaster are examples of worms that used security exploits to spread themselves quickly.

Notes:

E-mail viruses:
Just reading an e-mail message can not cause a viral infection in your computer. But attached to a message, there can be an executable file containing a virus. Never configure your e-mail program to automatically open attachments. Never open or execute attachments before they are examined by your (recently updated) antivirus program!
Consider all documents from an application controllable by a 'macro language', as executable files!

Keep your operating system and e-mail software updated, to eliminate vulnerabilities discovered in older versions that permit attachments to open automatically.
Configure your antivirus program to examine the contents of your e-mail.
Configure e-mail program for high security (Restricted Zone, in Outlook Express).

Consider that some virus fake the sending address to gain your confidence and get you to execute an attached program, believing it to come from a known address.
A good example is the W32.Klez@mm worm.

Java and ActiveX:
Internet agents, such as Java or ActiveX, contain executable code that is a potential virus risk, though the problem is minimal at this moment if you keep them updated.

Do not use ActiveX applications from untrusted sources.

Visit Java Download to download and install the latest available version of the Java Runtime Environment (JRE). Then uninstall any older, vulnerable versions. JRE version 7 is now available.

"The nightmare scenario for Mac owners is here. At least 600,000 Macs worldwide have been infected, silently, by the Flashback Trojan, with no user interaction required. Here's why this is just the beginning of a long-term problem."

"The current exploit is triggered by a known flaw in Java, which was installed on every copy of OS X until the release of Lion (OS X 10.7) last summer. The flaw was reported in January and patched by Oracle in February, but the Apple version of Java didn't get a patch until early April. So for several months, every Mac owner was vulnerable unless they took specific steps to remove or disable Java."

"If you use any version of OS X before Snow Leopard (10.6) and you have Java installed (all versions of OS X before 10.7 include Java by default), you are vulnerable to this exploit and there is no patch available." [Disabling Java, or updating to OS X 10.7, is recommended]

See New Mac malware epidemic exploits weaknesses in Apple ecosystem (ZDNet, Ed Bott. April 6, 2012)

See Trojan-Downloader: OSX/Flashback.k (Test and Manual Removal, F-Secure)

Apple today released an update to its Java component [in OS X 10.5 and 10.6] that removes known versions of the Flashback malware. In a separate study, Symantec reported that it counted only 270,000 infected Macs, down from a high of 600,000 last week.

See Apple releases Flashback removal tool, infections drop to 270,000 (ZDNet, Ed Bott. April 12, 2012)

Last week's reports of a sharp decline in infections by the Flashback malware may have been premature. A new report by Dr. Web says 566,000 Macs are still infected, with new infections appearing daily.

See Russian security firm says Flashback infection rates still high (ZDNet, Ed Bott. April 20, 2012)

A pair of high-profile malware attacks have given Apple a crash course in security response. Based on recent actions, 70 million current Mac owners have a right to expect much more from Apple than they're getting today.

See Flashback malware exposes big gaps in Apple security response (ZDNet, Ed Bott. April 29, 2012)

Fake Antivirus:
Social engineering has become the dominant method of distribution for fake antivirus software. And most modern browsers, with the exception of Microsoft Internet Explorer 9, do a terrible job of dealing with this type of threat.

The technique is simple social engineering, and it works by scaring the target into thinking their system has been infected with a virus (or a whole bunch of them) and then offering to fix the problem-for a fee. The fake AV software often downloads additional Trojans and can actually cause the sort of problems it claims to be solving.

Internet Explorer 9 uses some new technology to flag the some sites and files as suspicious, providing unmistakable warnings that have been shown to stop 95% of these attacks.
Every download request gets passed through Microsoft's SmartScreen filters that include a new set of algorithms designed to test the reputation of an executable file. Has it been seen before? Is there anything about the file name or the domain that looks suspicious? Is the executable file digitally signed?
Microsoft's researchers found that roughly 96% of all those red warnings are attached to unsigned, previously unseen files.

The SmartScreen filter algorithm assumes that a file, signed or unsigned, is untrustworthy until it establishes a reputation. No domain or file gets a free pass-not even a new signed release from Microsoft or Google. Every file has to build a reputation.

Never accept to install an antivirus or security program that offers itself unexpectedly.
Never accept to install a program that promises to investigate the communications accounts of your contacts.

Macro Viruses (Historic Information):

MS Word Macro Virus Family

MS Excel Macro Virus Family

Virus Hoaxes:

This are viruses that DO NOT EXIST, despite rumors of their creation and distribution.

Please ignore any messages regarding supposed "viruses" and do not pass on any messages regarding them.
Passing on messages about these hoaxes on serves only to further propagate them. And some of them recommend you erase files that are part of the Windows operating system: the virus is the message!

Symantec maintains a page with information on these Virus Hoaxes.

Rob Rosenberger maintains a site on Computer Virus Myths, hoaxes and urban legends at: Vmyths.com

Test your Anti-Virus Protection:

The EICAR Standard Anti-Virus Test File

This free test file is known as the "EICAR (European Institute for Computer Anti-virus Research) Standard Anti-Virus Test File".

It is safe to pass around, because it is not a virus, and does not include any fragments of viral code. Most products react to it as if it were a virus (though they typically report it with an obvious name: Sophos SWEEP, for example, calls it "EICAR-AV-Test").

The file is a legitimate DOS program, and produces sensible results when run (it prints the message "EICAR-STANDARD-ANTIVIRUS-TEST-FILE"). It is also short and simple -- in fact, it consists entirely of printable ASCII characters, so that it can easily be created with a regular text editor. Any anti-virus product which supports the EICAR test file should "detect" it in any executable file which starts with the following 68 characters:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Copyright © 1997 Sophos Plc.
All rights reserved.

Reprinted here by permission of Sophos Plc.

Original information from Paul Ducklin, 15th October 1997, Sophos (Updated on January 14 '03).

You can try creating your own copy of EICAR.txt (68 bytes) by selecting and copying to a new document in your text editor the 68 characters above and saving the result as as EICAR.txt.

Also, you can download and save a version of the file (from www.eicar.org).

Then, you should try to create a copy of EICAR.txt as EICAR.com; your Anti-Virus program should not let you create the new file. You should have to temporarily deactivate it.

After creating EICAR.com, re-activate your Anti-Virus program.

Then, you should try to run EICAR.com; your Anti-Virus program should not let you run EICAR.com. You should have to again temporarily deactivate it.

After running EICAR.com, again re-activate your Anti-Virus program.

Then you should scan the folder (directory) where you put EICAR.com; your Anti-Virus program should "detect" it as a virus.

Anti-Virus Online Scanners

[Running an Online Scanner under Windows Vista in general requires accessing it with Microsoft Internet Explorer in Administrator mode: Select a start icon for Microsoft Internet Explorer with a right click, select Run as Administrator]

Analyze your PC with the BitDefender QuickScan:   (Free)

Downadup (or Conficker) is a self-updatable network worm that takes advantage of a Windows vulnerability to spread. Its removal is complicated by the fact that it blocks many known antivirus software and associated websites. Conficker disables the Microsoft Windows Firewall service.

See An Analysis of Conficker (SRI Malware Threat Center, March 19, 2009)

See Microsoft Security Bulletin MS08-067 - Critical: Vulnerability in Server Service Could Allow Remote Code Execution (October 23, 2008)

BitDefender is the first to offer a free online tool which disinfects all versions of Downadup. This domain is the first to serve a removal tool without being blocked by the e-threat.
Determine if it is infected with the Downadup worm (known also as Conficker or Kido):
Remove Downadup (Bitdefender Removal Tool for Downadup)

Analyze your PC with the Emsisoft Anti-Malware:

Comprehensive PC protection against viruses, trojans, spyware, adware, worms, bots, keyloggers and rootkits. (Previously a-squared Anti-Malware)

2 cleaning programs in 1: Anti-Virus + Anti-Malware

When downloading, you'll get the full version including all protection features for 30 days for free. Afterwards the unpaid software switches to a limited freeware scanner mode that allows you to scan and clean your PC whenever you want, but does not include the protection features against new infections.

The Conficker Worm shocked PC security experts. Millions of computers were supposed to have been infected. The free program Emsisoft Emergency Kit checks whether Conficker (or other worms) are present in a computer. In the worst case, the free program can immediately remove the security risk.

Install the Emsisoft Anti-Malware EMSI Software - virus and malware prevention and remover software

Or use the Free Emsisoft Emergency Kit malware scanner and remover software that requires no installation or changes to your PC.

The Emsisoft Emergency Kit scanner includes the powerful Emsisoft Scanner complete with graphical user interface. Scan the infected PC for viruses, trojans, spyware, adware, worms, bots, keyloggers, ransomware and other malicious programs.

Emsisoft Emergency Kit (Free Scanner)

The Emsisoft Emergency Kit contains a collection of programs that can be used without a software installation to scan and clean infected computers for malware.

With the Emsisoft Emergency Kit Scanner you have got the powerful Emsisoft Scanner including graphical user interface. Search the infected PC for Viruses, Trojans, Spyware, Adware, Worms, Dialers, Keyloggers and other malign programs.

After downloading and decompressing the file EmsisoftEmergencyKit.zip (~90 MBytes), run the Emsisoft Emergency Kit Scanner with a double click on a2emergencykit.exe. Found malware can be moved to quarantine or finally deleted.

Get the latest version at Emsisoft Emergency Kit (EMSI Software)

Analyze your PC with the Trend Micro HouseCall AntiVirus - Scan Online:   (Free)

HouseCall AntiVirus - Scan Online can quickly identify and fix a wide range of threats including viruses, worms, Trojans, and spyware.

Includes:
Full scan and custom scan options, in addition to Quick Scan.
Support for 64-bit, Windows 7, Windows 7 SP1, Windows 8, and Windows 8.1.
Support for Mac OS 10.7 or later.

System Requirements:

• At least 300 MHz Intel PentiumTM processor or equivalent
• At least 256 MB memory
• At least 200 MB available disk space

Analyze your PC with the F-Secure Online Scanner:   (Free)

The Web-based F-Secure Online Virus Scanner will help ensure a safe and productive Internet experience for you and your family. The Online Virus Scanner uses F-Secure's virus detection technology to check for and eliminate virus infections and spyware.

System Requirements:

• Microsoft Windows XP/2000/Vista/7/8/8.1
• Microsoft Internet Explorer 6.0 or newer
• ActiveX and Java Script must be enabled in your browser's security settings

Analyze your PC with the ESET-NOD32 AntiVirus - Online Scanner:   (Free)

The ESET Online Scanner is a good free virus scan in the Web. A user-friendly, powerful tool, the ESET online antivirus utility can remove malware - viruses, spyware, adware, worms, trojans, and more - from any PC utilizing only a web browser. The AntiVirus - Online Scanner uses the same ThreatSense technology and signatures as ESET NOD32 Antivirus, which means it is always up-to-date.

Operating Systems: Microsoft Windows 7/Vista/XP/2000/NT (32/64-bit)
Internet Browsers: Firefox, Opera, Chrome, Safari and others;
Internet Explorer 6 or later (with ActiveX turned on).
Memory: 32MB
Disk Space: 15MB, Optimal 30MB
User Permissions: Administrator rights are required to run ESET Online Scanner

McAfee Stinger:   (Free Scanner)

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

The supported versions of Windows are XP SP2, 2003 SP2, Vista SP1, 2008, 7 and 8.

Get the latest version at McAfee Stinger

Do you think your PC has a virus?

Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection, like Microsoft Security Essentials.

Microsoft Windows Malicious Software Removal Tool:

Microsoft released on January '05 the Microsoft Windows Malicious Software Removal Tool to help remove specific, prevalent malicious software from computers that are running Microsoft Windows 8, Windows 7, Windows Vista, Windows XP, Windows 2000, Windows Server 2012, Windows Server 2008, and Windows Server 2003. You can download the Malicious Software Removal Tool from the Microsoft Download Center. You can also run an online version of the tool from the Microsoft Malicious Software Removal Tool. Web site.
To run the Malicious Software Removal Tool for the first time, you must log on to your computer with an account that is a member of the Administrators group. If you are running Windows XP, you can also run the Malicious Software Removal Tool from the Microsoft Windows Update Web site or by using Automatic Updates (this option suppresses the user interface of the tool, which runs in the background and then deletes itself).

The Malicious Software Removal Tool is released on the second Tuesday of every month. Each release of the tool helps detect and remove current, prevalent malicious software. This malicious software includes Viruses, Worms, and Trojan Horses. The tool can also remove any known variants at the time of release.

Each release of the tool is cumulative. That is, each release not only helps detect and remove new malicious software families, it also helps detect and remove all the malicious software covered in earlier versions. New variants of malicious software that is detected and removed in previous releases are also covered in each monthly release.

The Microsoft Knowledge Base article, KB 890830, will be updated with information for each monthly release so that the number of the relevant article remains the same.

This tool reports anonymous information back to Microsoft in the event that an infection is found or an error is encountered.

The Microsoft Malicious Software Removal Tool (MSRT) is an anti-malware utility that checks computers running Windows 10 Technical Preview, Windows 8 and Windows 8.1, Windows 7, Windows Vista, Windows XP*, Windows Server 2012 R2 and Windows Server 2012, Windows Server 2008, and Windows Server 2003 for infections by specific, prevalent malicious software - including Blaster, Sasser, and Mydoom - and helps remove malware and any other infections found.

When the detection and malware removal process is complete, the tool displays a report describing the outcome, including which, if any, malware was detected and removed.

* The Malicious Software Removal Tool continued to be provided for Windows XP through July 14, 2015; it also continued to be delivered automatically via Windows Update and for download via the Download Center.

You can download the MSRT from either of the following Microsoft Web sites:
update.microsoft.com and/or Microsoft Malicious Software Removal Tool.

See Virus alert about the Win32-Conficker.B worm (Microsoft Help and Support)

Analyze your PC Security with the Symantec Norton Security Scan:   (Free)

The Web-based Norton Security Scan and Virus Detection determines whether your PC is protected from hackers, viruses, and privacy threats. Virus Detection uses Symantec's virus detection technology to check for virus infections.

Use Norton Security Scan to determine if your system has been infected with viruses, malware, spyware, or other threats. Newly added - the Cookie Manager that you can use to check for suspicious or dangerous cookies and remove those that raise a concern.

Norton Security Scan is a free scanner which can identify threats but does not resolve them.

Anti-Virus Software

Avast Free Antivirus:   (Free)

Free virus protection for your home PC

New viruses are being found "in the wild" all the time. Further, the speed at which these new viruses spread is increasing all the time. A key problem is not that antivirus programs do not detect such viruses, but the fact that most users do not use any antivirus program at all or, perhaps worse, the antivirus software and/or virus definitions database is out of date.
ALWIL Software, the producer of Avast, decided in June 2001 to help to solve this situation by offering the Avast Free Antivirus free of charge for home users who do not use their computer for profit. To get industry leading antivirus protection for your home PC, download the software, and then register it.

Get the latest version at Avast (Free) [In various languages]

Avira Free Antivirus:   (Free)

Avira Free Antivirus is a reliable free antivirus solution, that constantly and rapidly scans your computer for malicious programs such as viruses, trojans, backdoor programs, hoaxes, worms, dialers etc. Monitors every action executed by the user or the operating system and reacts promptly when a malicious program is detected.

Basic protection: Protects your computer against dangerous viruses, worms, trojans and costly dialers. New: Basic Anti-Spyware.
Avira Free AntiVirus is a comprehensive, easy to use antivirus program, designed to offer reliable free of charge virus protection to home-users, for personal use only, and is not for business or commercial use. Available for Windows, Mac/iOS, and Android.

Get the latest version at Avira Free Antivirus [In various languages]

AVG Anti-Virus:   (Free)

You can get your free copy of the AVG Anti-Virus System - AVG Anti-Virus Free Edition, and you will be able to use it for an unlimited period of time. With AVG, you will get a high-end software solution for reliable protection against the threat of computer viruses from opening files, running programs and e-mail.
AVG Free is basic antivirus and antispyware protection for Windows 8, 7, Vista and XP.
Additionally, scans web, Twitter, & Facebook links, securely deletes files to prevent snooping, protects you from harmful downloads, helps ensure a fast running PC. [In various languages]

Get the latest version at AVG Anti-Virus Free Edition

Comodo Internet Security:   (Free)

If you use Windows 7, Vista or Windows XP SP2, install a complete security program, like the Comodo Internet Security (Free), offering complete protection from Hackers, Virus, Spyware, Trojans and Identity theft, and a Host Intrusion Prevention System that stops malware from being installed. An extensive white list database of trusted applications helps reducing the number of initial alerts after installation. The Firewall and Antivirus components can be installed separately.
[Best results in the Matousec Proactive Security Challenge 64]

For additional protection, also install the Comodo BOClean Anti Malware software (Free).
Internet trojan horse programs, spyware, keyloggers, rootkits, pseudorootkits, hijackers, adware, annoyware, email relays, spam proxies, spam relays, scam downloads and email/spam robots ("bots") are perhaps the greatest security threat to individuals and institutional networks in existence.

Microsoft Security Essentials:   (Free)

Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It's easy to tell if your PC is secure - when you're green, you're good. It's that simple.

Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want-without interruptions or long computer wait times.

* Your PC must run genuine Windows 7 or Windows Vista to install Microsoft Security Essentials.

Windows Defender for Windows 8, Windows RT, Windows 8.1, and Windows RT 8.1 provides built-in protection against malware. You can't use Microsoft Security Essentials with Windows 8.1, but you don't need to - Windows Defender is already included and ready to go.

See What is Windows Defender Offline? Removes malicious and potentially unwanted programs (Free)

RKill - What it Does and What it Doesn't:   (Free Software)

RKill is a program developed at BleepingComputer.com by Lawrence Abrams (Grinler) that was originally designed for the use in our malware removal guides. It was created so that we could have an easy to use tool that kills known processes that stop the use of normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.

So in summary, RKill just kills processes, imports a Registry file that removes incorrect file associations and fixes policies that stop us from using certain tools. Then it kills Explorer.exe so it will restart and enable the Registry changes. When done, RKill will then create a log listing all processes that were terminated while the program was running. Please note that this will include processes that were terminated manually by the user as well as RKill. Other than what is listed above, it does nothing else.

Since RKill only terminates processes, after running it you should not reboot your computer as any malware processes that are set to start automatically, would just start up again. Instead, after running RKill you should scan and clean your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program.

The latest version of RKill can be downloaded from the following locations (in BleepingComputer.com):

rkill.com
rkill.exe
rkill.scr
eXplorer.exe
iExplore.exe

(Please note that the other filenames are RKill as well, just renamed in order to allow it to run by certain malware)

Depending on the malware that is installed on the computer, when you run RKill you may see a message from the malware stating that the program could not be run because it is a virus or is infected.

These warnings are just fake alerts by the malware that has hijacked your computer trying to protect itself. Two methods that you can try to get past this and allow RKill to run are:

1. When you receive the warning message, leave the message on the screen and try running RKill again.
2. If that does not work, just keep launching RKill until it catches and stays up long enough to kill the malware.

On a final note, when you download and run RKill, certain anti-virus programs may state that the program is a security risk. This is because some of the tools used by RKill can be used for good or bad, though the programs themselves are perfectly harmless, and most anti-virus programs just lump them into the bad category. I assure you we are using them only for good purposes.

From RKill - What it does and What it Doesn't - A brief introduction to the program (BleepingComputer.com - Forums)

Other Free Antivirus Software:

BitDefender (Antivirus and security software, with Free Scan)
ClamWin (Free Open Source Antivirus Scanner for Windows)
Comodo Antivirus for Mac (Protection against viruses, worms and Trojan horses for OS X computers)
ESET (NOD32 Antivirus and Smart Security, Free Online Antivirus Scanner)
Exploit Prevention Labs (xpl) (AVG LinkScanner - Keep Your Surfing Safe, with Free version)
Kaspersky Lab Online Scanner (Free)
Malwarebytes Anti-Malware (Identify and remove malicious software from your computer, with Free version)
McAfee SiteAdvisor (Protection from adware, spam, viruses, online scams, with Free version)
Norton Power Eraser (Free virus removal tool that targets and destroys threats to your computer)
Panda Software ActiveScan (Free Virus and intrusion prevention)
Sophos Virus Removal Tool (Free)
Sophos Anti-Rootkit (Free)
Sophos Anti-Virus for Mac Home Edition (Free)
VirusTotal (Free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware)

Use only one antivirus program at a time in your PC; two antivirus programs could interfere with each other and block your PC.

Symantec Security Response:

Virus Removal Tools Page (Free)

Original information from Symantec Security Response

Updated: July 31 '15

PC Security Section

PC Updating Section

Castellano: Sección de Información Anti Virus

Back: Home Page (PC Security and Updating Service)