Malware Cleanup: What Works, What Doesn’t

When a company advertises its applications as a malware-removal tool, you expect it to eliminate malware. When the German authorities sing a malware-removal tool’s praises, you actually expect it to work.

Bad news, then, for DE Cleaner Antibot, a free malware removal tool that has earned acclaim left and right, but came in dead last in a recent evaluation by independent German laboratory AV-Test. It’s definitely not among the best antivirus software applications.

It is not all doom and gloom, however. AV-Test put 17 distinct antivirus programs, rescue disks, and malware-removal tools to a book test: Seeing how well each could clean up an infected computer.


Kaspersky Internet Security along with the affiliated Kaspersky Viral Removal Tool both passed with flying colors, and many different other free and paid options captured almost every disease that AV-Test could throw their way.

AV-Test usually evaluates how antivirus programs prevent malware from getting onto your machine in the first place, but the sad reality is, if you have a computer long enough, something is very likely to slip through the cracks. This is true even for Macs and Android apparatus, and that’s why we provide roundups of the best Mac antivirus software and the best Android antivirus apps.

Therefore, AV-Test rounded up nine antivirus security suites and eight tools specifically designed to capture and destroy malware after it has already infected a machine.

The investigators subjected the antivirus programs to 19 pieces of malware twice each: first by installing each application on a system which was infected; secondly by disabling the application, infecting the device, and then re-enabling the antivirus program. The specialization malware-removal tools, which are designed to be used post-infection, were subjected to the exact same 19 pieces of malware on already-infected systems.

AV-Test assessed each piece of applications in four groups: “Malware not discovered,” Active malware parts not eliminated, “Only benign file residues left behind” and “Complete removal, clean system.”

All the categories are rather self-explanatory, although informed readers might wonder why AV-Test would concern itself with benign remnants. When these leftovers do not pose a threat, they’re pure crap data, and a perfect antivirus or malware-removal program should eliminate everything installed during a malware infection, not only the active components.

As stated earlier, Kaspersky Internet Security 17.0 and Kaspersky Virus Removal Tool 15.0 were both entirely effective in eliminating malware after-the-fact and were the only ones to do so. Bitdefender Internet Security 21.0, Avast Free Antivirus 17.5, G Data Internet Security 25.3, Avira Antivirus Pro 15.0, Symantec Norton Security, and Bitdefender Rescue Disk 2.1 all scored at least 90%, eliminating every active malware element.

At the opposite end of the spectrum, DE Cleaner Antibot 3.7 took the ignominious low, allowing five malicious programs fester on the infected system. (Enigma Software SpyHunter 4 allows three pieces of malware slide past.) Since AV-Test pointed out, DE Cleaner Antibot is among the most popular cleanup tools in Germany, even making a recommendation from the nation’s Federal Ministry of the Interior. Let’s hope that the German government does not really use DE Cleaner to clean up its own machines.

Somewhere in the middle were Malwarebytes Premium 3.1, Microsoft Security Essentials 4.10, Avast Rescue Disk, Microsoft SafetyScanner 1.0, Heise Disinfect 2016/17, and G Data BootMedium, which scored somewhere between 67 and 90% of total system restoration. Put simply: Better than nothing, but barely top-shelf protection.

One important point to notice is that in theory, none of the antivirus software analyzed should have allowed the malware slide past in the first location. Indeed, AV-Test needed to purposely deactivate them so as to install the malware in the first location. While lots of the cleanup programs AV-Test evaluated functioned well at eliminating malware, the best defense remains to have complete antivirus protection running constantly.