avast! Virus Cleaner - free virus removal tool

avast! Virus Cleaner is available free for every user. This tool will help you remove selected worm infections from your computer.

Free virus & worm removal tool

If, despite all the security measures you take, your computer gets infected by a virus or worm, it is necessary to disinfect your system somehow. While for some viruses the only 100% reliable method of disinfection is restoring your system from backups, for many common infections this is not really necessary and the virus/worm can be removed quite easily.

Removing the infection
The worms often schedule themselves to be run automatically when you start your operating system; some of them even register themselves to be run when any other application is started. Removing such a worm is not as simple as deleting it - when you just delete the worm file, your operating system might not be able to start your applications (such as Explorer) any more.

So, in order to properly remove the worm from your computer, it is often necessary to make additional fixes in your system registry, delete the links from your Startup Folder etc. Here the avast! Virus Cleaner comes - it will find and remove selected worms from your computer, as well as fix the registry and startup items to make sure your system will work correctly after the disinfection.

Many worms - when activated - create additional working files on your hard disk. Even though these files alone are harmless, they are useless and they should not be there. When avast! Virus Cleaner detects and removes a known worm from your computer, its working/temporary files are removed as well. The same applies for worm-specific registry entries etc.

List of known worms
avast! Virus Cleaner is currently (in version 1.0.211) able to identify and remove the following worm families:

• Win32:Badtrans [Wrm]
• Win32:Beagle [Wrm] (aka Bagle), variants A-Z, AA-AH
• Win32:Blaster [Wrm] (aka Lovsan), variants A-I
• Win32:BugBear [Wrm], including B-I variants
• Win32:Ganda [Wrm]
• Win32:Klez [Wrm], all variants (including variants of Win32:Elkern)
• Win32:MiMail [Wrm], variants A, C, E, I-N, Q, S-V
• Win32:Mydoom [Wrm] (variants A, B, D, F-N - including the trojan horse)
• Win32:Nachi [Wrm] (aka Welchia, variants A-L)
• Win32:NetSky [Wrm] (aka Moodown, variants A-Z, AA-AD)
• Win32:Nimda [Wrm]
• Win32:Opas [Wrm] (aka Opasoft, Opaserv)
• Win32:Parite (aka Pinfi), variants A-C
• Win32:Sasser [Wrm] (variants A-G)
• Win32:Scold [Wrm]
• Win32:Sinowal [Trj] - variants AA, AB
• Win32:Sircam [Wrm]
• Win32:Sober [Wrm], variants A-I, J-K
• Win32:Sobig [Wrm], including variants B-F
• Win32:Swen [Wrm], including UPX-packed variants
• Win32:Tenga
• Win32:Yaha [Wrm] (aka Lentin), all variants
• Win32:Zafi [Wrm] (variants A-D)

Disinfection process in detail
By default, avast! Virus Cleaner does all the work automatically. When you start it and press the "Start scanning" button, the following will be done:

1. The operating system memory will be scanned, and if any known worm is found, the worm process is terminated - thus avoiding further spreading. If it is not possible to terminate the worm process (it could happen e.g. with Nimda worm that uses a fake library to run inside other processes), the worm will be deactivated in memory to stop its spreading.
2. Your local hard disks will be scanned.
3. The "startup items" (such as the system registry, Startup Folder(s), etc.) will be scanned. References to worms found in memory or on disk will be removed or fixed.
4. Infected files, identified in point 2, will be removed or fixed (as needed).
5. Additional working/temporary files created by the identified worms will be removed.
6. If restarting the computer is needed to finish the disinfection process (e.g. when a file could not be removed because it was currently in use, or if the deactivated worm process is still present), the user is notified and asked whether the restart should be done immediately.

For experienced users, various command-line arguments can be used to customize the program behavior. The list of command-line arguments will be displayed when started with /? parameter. Note: the command-line arguments are intended for experienced users only! Changing the default parameters may result in incomplete disinfection that may render your operating system nonfunctional, as noted above.

Important notes

1. During the scanning process, it is highly recommended not to start any applications. As already pointed out, some worms will start automatically when any other application is started. Running worm processes are terminated/deactivated only during the first phase of the avast! Virus Cleaner scanning; if you activate the worm again in the middle of the scanning process (by starting another application, such as Notepad, Explorer, ...), the worm will probably not be removed from your computer!
2. Turn off any resident (on-access) antivirus protection before running avast! Virus Cleaner. avast! Virus Cleaner has to access the infected files to be able to identify and remove them. The resident protection, however, might not permit it - and the worm could not be removed from your computer! Do not forget to activate the resident protection again after avast! Virus Cleaner has finished the disinfection.
3. avast! Virus Cleaner should be used in case you know or suspect that your computer is infected. It is not meant as an antivirus solution for everyday use! Use e.g. avast! 4 Home/Professional to protect your computer.
4. To work correctly, the Cleaner requires administrator privileges when running on Windows NT/2000/XP/2003 operating systems. On an infected computer, however, it might not be wise to log in as a privileged user (administrator) - it may help the worm to spread even further. Therefore, you can start avast! Cleaner as a restricted user and enter the administrator login name and password directly into an avast! Virus Cleaner dialog; in such a case, the Cleaner will be run with the privileged user access rights - however, the privileged user will not be actually logged on, and none of his/her startup files will be processed.

Solving other problems
If you have deleted a virus or worm file associated to a vital file type - and now you cannot run your applications anymore, avast! Virus Cleaner may help you as well. All you have to do is run avast! Virus Cleaner "somehow". If, for example, only the association for .EXE files has been corrupted, you may run the avast! Virus Cleaner by renaming it to a .COM file. The other extensions you may try are .SCR, .BAT, .PIF (on Windows NT/2000/XP/2003, you may try .CMD as well). If none of these extensions works (Windows is still reporting "Cannot find 'xyz.exe'" when you try to start the tool), you can use avast! Virus Cleaner itself as a replacement for the missing file. However, you have to know the name of the missing file to do that; if you know it, just rename the avast! Virus Cleaner file to the missing name (and move it to the corresponding folder, if necessary). Now, starting any application should bring up avast! Virus Cleaner instead. As soon as it starts, it detects that some of the vital file associations are corrupted, reports the problem and allows you to fix it immediately.

Please download the free avast! Virus Cleaner tool from this page.
The latest version is 1.0.211, built on 11.5.2007.