A test of the effectiveness of removing malware from Windows 8.1

The independent AV-Comparatives laboratory published the results of the study in which the tested antivirus products were designed to remove the threat from the already infected Windows 8.1 x64.

First of all, this research was aimed at checking whether popular antivirus solutions can remove an infection and remnants of an already infected system. AV-Comparatives also mentions that this report is intended mainly for ordinary home users who can not remove malware themselves and most often look for help on the forums.

Tested products

  • Avast Free Antivirus
  • AVG Internet Security
  • AVIRA Antivirus Pro
  • Bitdefender Internet Security
  • BullGuard Internet Security
  • Emsisoft Anti-Malware
  • eScan Internet Security
  • ESET NOD32 Smart Security
  • F-Secure Internet Security
  • FortinClient Fortinet
  • Kaspersky Internet Security
  • Lavasoft Ad-Aware Free Antivirus +
  • Microsoft Windows Defender
  • Panda Free Antivirus
  • Sophos Endpoint Protection
  • ThreatTrack Vipre Internet Security

The test procedure assumed the launch of each of 35 samples (including Zbot.A, Vawtrak, Darkbot, FakeAV, Tinba, Betabot, etc.) (full list on page 5 of the report) and observation of what system areas have been modified (including files, register). Then, the antivirus product was installed and the virus signature database was updated. If this operation could not be completed, the system was started in safe mode and the installation attempt was repeated. When it failed, a rescue disk was used - a tool for scanning the system developed by the antivirus provider.
After these activities, a full system scan was performed, the system was restarted and the extent to which the infection was removed was checked.

The tested program could get A, B, C or D scores on each sample.

  • If A: the product has removed all harmful changes or left only a small part of them. However, the files responsible for the infection were transferred to quarantine.
  • If B: the product removed the infection, but some entries in the MBR, the system registry still remained.
  • If C: the product removed only the dropper - a malicious program that moves the target virus.
  • If D: the product did not cope with either the dropper or the virus.

The page on the seventh report has a full table with results.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.