Google is “in talks” to acquire Israeli mapping start up Waze to...
When a nasty malware infestation leaves Windows non-bootable or prevents antivirus installation, the USB-based bootable FixMeStick offers an easy-to-use solution. In testing it didn’t clean up everything, but then, it’s not intended as a standalone solution. This product’s aim is to get your PC into a state where your desktop antivirus can finish the cleanup.
(3 out of 5)
- Bootable, USB-based antivirus uses scanning engines from Sophos, Kaspersky, and GFI/VIPRE
- Extremely easy to use
- Full undo in case of problems
- Remote-control tech support available if needed.
- Can’t disinfect virus-infected files, can only quarantine them
- Quarantine of system files rendered two test systems unbootable, requiring full undo
- Can’t handle malware traces in Registry
- Alleged removal failed to prevent several detected rootkits from running.
When extra-devious malware defeats your antivirus, or when you can’t install protection because malware has pwned the system, you (being a tech genius) might try a bootable rescue CD. However, many users don’t have the tech skills to burn an ISO image or deal with the often-arcane interface of bootable solutions. For them, FixMeStick ($49.99 direct) will do the job. The design of this USB-based security tool centers on making malware cleanup as easy as possible, even for users with limited tech abilities.
To start using FixMeStick (check price) on an infected system that can still boot into Windows, just insert it and wait for Windows to launch the “Run FixMeStick” program. Users with more security knowledge may have chosen to disable USB autorun; in that case, launch the program manually.
This little program does no scanning. Rather, it configures your system so that at the next reboot the FixMeStick will show up as an operating system option on the boot menu. To help users who may not have seen a boot menu before, it displays a screenshot and explains what to do. From here you just click the button to reboot and run FixMeStick.
FixMeStick is the default option when the boot menu appears. Pressing Enter will launch it immediately, but if you don’t it will auto-launch in 30 seconds. After a few minutes of setup in the background, it’s ready to go.
If Windows won’t boot at all, running FixMeStick may still be simple. Turn off the PC, insert the USB key, and turn it on again. If you’re lucky, your PC is configured to boot from USB. If that doesn’t seem to work, tech support can explain how to tweak the BIOS so it will boot from the device.
The next thing you do to advance the process is…nothing! FixMeStick does everything for you. In fact, its main screen recommends that you just go take a break for anywhere from 30 minutes to a couple hours. Cleanup on my infested test systems took 30-40 minutes.
Unlike a bootable rescue CD, this USB device is fully writeable. That means it can check for program updates and download new malware definitions that will be stored right on the USB key. After initializing the three scanning engines it launches right into a full scan. A warning banner appears if the scan has discovered malicious files.
On completion of a scan, it offers two choices. Most users will just choose to fix the computer, without worrying about details. I live for details, so I chose to view the results before fixing problems. One, two, or all three antivirus engines may have detected a given threat. FixMeStick lists the engines that detected each threat, along with the threat name used by that engine’s company. There’s an option to keep a given file rather than send it to quarantine, but you should only use that under instruction from tech support.
Once FixMeStick has finished cleaning up, you exit the program, unplug the device, and reboot into Windows. Your browser opens to a debriefing page online. Here you can share your FixMeStick experience on social networking sites, offer feedback, or contact the help team.
Why would you need to contact the help team after a successful cleanup? Because FixMeStick can be a bit heavy-handed, wiping out files that it shouldn’t. When its engines detect a valid file infested by malware, it can’t disinfect the file back to its original status. All it can do is toss that file into quarantine. If this happens to an essential Windows file, you may be hosed.
One of my malware-infested test systems seemed to boot Windows but never displayed the desktop. That’s a problem usually solved by bringing up Task Manager and manually launching Windows Explorer. However, Task Manager reported explorer.exe missing, apparently wiped out by FixMeStick. Another test system went into a noisy, never-ending cycle of login and logout, each with its own musical accompaniment.
I solved the first problem myself by booting back into the FixMeStick and using its Undo Quarantine feature. As the product warned, this completely undoes the most recent cleanup, restoring all files including the nasty ones. I rescanned, but this time chose to keep explorer.exe. That did leave me with an infected explorer.exe, but at least the system booted.
For the second problem, I supplied FixMeStick’s log file to tech support. They identified the problem and supplied me with instructions for getting connected to their remote control chat-based help system. In a coming update, which existing FixMeSticks will pick up automatically, this process will just require clicking a button. At present, it’s a bit more complex.
A special key combination opened a Linux command window for me. By carefully typing in a list of commands supplied by tech support, I installed Firefox, downloaded and installed their support software, and launched it.
At this point tech support took over. The support agent identified the missing file and put a clean copy in its place. After that the system booted properly.
Malware Cleanup Limitations
When I went to log and analyze the results of FixMeStick’s cleanup, I noticed that only a fraction of the detected samples received a thorough cleanup. For 70 percent of the samples, FixMeStick left behind almost all of the malware traces.
Looking at the raw data, I discovered that it never once removed any malware traces in the Registry. My FixMeStick contacts confirmed that Registry cleanup isn’t a feature of FixMeStick. That does make sense, because Registry modification from a non-Windows operating system is difficult. Still, it’s a bit disappointing.
Lack of Registry cleanup doesn’t explain the fact that FixMeStick left behind executable files for over 20 percent of the threats. After reboot, some of those were even running. In quite a few cases, FixMeStick removed the malware installer but completely failed to detect the installed malware; I had to count those as misses.
Overall, FixMeStick’s three-engine scan detected 71 percent of the threats, the same as ZoneAlarm Free Antivirus + Firewall (free, 3.5 stars). With 5.1 points for cleanup, it beat ZoneAlarm’s 4.9. That’s not so far behind the top malware cleaner tested with my current set of samples. Kaspersky PURE 2.0 Total Security ($89.95 direct for three licenses, 4 stars) detected 76 percent of the threats and scored 5.3.
FixMeStick is most closely comparable to cleanup-only tools like Comodo Cleaning Essentials (free, 4.5 stars). Tested with my previous malware collection, Comodo detected 91 percent and scored 6.8 points, making it our Editors’ Choice for cleanup-only tools.
Like ZoneAlarm, FixMeStick detected 100 percent of the samples that use rootkit technology. Rootkit threats subvert Windows to hide their activities, so a bootable non-Windows antivirus should have no trouble wiping them out. I was surprised, then, to find that over half the rootkit samples retained enough integrity to launch and activate their rootkit technology when I booted back into Windows. FixMeStick earned 5.4 points for rootkit removal, compared to 8.2 for ZoneAlarm.
More than half the products tested using my previous malware collection detected 100 percent of the rootkits. The top score of 8.9 points for rootkit cleanup went to Norton AntiVirus 2012 ($39.99 direct, 4.5 stars); Comodo came in second with 8.7. For a full explanation of the testing process that generates these scores, see How We Test Malware Removal.
FixMeStick malware removal chart
Reasonable Limits on Use
The FixMeStick keeps a record of each computer you run it on. It won’t let you fix more than three different computers in the same month, though you can use it all you want on those lucky three. In a pinch, you can ask tech support to clear the PC records remotely, rather than wait for the end of the month.
Why this limitation? Without it, a business could buy one FixMeStick and use it on thousands of company PCs. It’s a reasonable limit.
Not a Standalone Solution
My FixMeStick contacts confirmed that they recommend using FixMeStick to clean up a virus mess sufficiently that the desktop antivirus can finish the job. It’s not a standalone solution, and it doesn’t include the ongoing protection against new attacks that you’d get from a full-blown antivirus.
On the other hand, I haven’t seen any bootable solution that’s as simple and straightforward as FixMeStick. Most of the major antivirus companies offer rescue CDs, many of them free, but I wouldn’t advise non-techie friends to try those. Instead, I’d suggest the clean up with FixMeStick and then install a powerful antivirus like Norton Antivirus 2012 or AVG Anti-Virus Free 2012 (free, 4 stars) to clear out any remaining malware traces and provide ongoing protection against new attacks.
By Neil J. Rubenking, PCMag