McMcbrad

Level 8
You might all be familiar with the services (almost) every antivirus company offers.
They most frequently include Tune-Up, issues resolution and virus removal. Some companies use "100% virus protection" guarantee, or pledge, promising that an agent will remove all viruses, or you'll get your money back.
How effective are virus removal services really?


I've personally tested Norton, McAfee and Bitdefender virus removal services.

The setup:
To conduct the test, I infected a machine with malware that only exists as a scheduled task.
The scheduled task would invoke command prompt, run PowerShell with execution policy bypass in place and will then run malicious code within the PowerShell console.
No files or registry keys are created by this specific malware type.
Upon every restart, as well as after specified period of the time, the scheduled task will be run.

Result:
I then contacted 3 companies one by one to remove the malware and feel sorry I did not save the ridiculous chats.

Norton Virus Removal Service:
I was quickly connected to an agent ready to do the job.
I explained that on each restart I can see weird black and blue windows and the Norton product blocks intrusion attempt. Also, SONAR blocks the same piece of malware every time, which might indicate persistent infection.
The agent initially tried to convince me that there is nothing wrong, but eventually, after 10-20 minutes of explanations, connected remotely to my PC.
He ran a Norton Power Eraser scan, which did not find anything (I specifically selected malware that won't be discovered by their tool. He then restarted my PC, but the issue obviously wasn't fixed. After good 30-45 minutes of going through services, registry keys, folders and reinstalling their Norton Product, it was obvious he won't be able to remove the virus.
At that point I gave him a joker - it might be a file-less threat... He responded that there is no file-less malware, each piece of malware actually includes a file.
At that point I disconnected the session, as it was clear that whole night won't be enough for the agent to figure out what's wrong. I could've asked for a refund, but that was not the point of the test.

Final Verdict: Fail

McAfee Virus Removal Service:

McAfee's virus removal service was even worse.
The agent started well with a small talk, ensuring me that they will take care of the situation, as I am a paid McAfee customer. After 5 minutes of useless conversation, he connected to my PC.
The scenario afterwards was similar to the one with Norton.
Once again, aggressive scanning GetSusp utility was ran, which didn't bring any luck.
After an hour, the agent transferred me to a level 2 technician who took "logs". After 2 days, I was contacted with a conclusion that my PC is "clean".

Final Verdict: Fail

Bitdefender Virus Removal Service:

The Bitdefender Virus removal service costs £79.99 in the UK and $99.95 in the US.
It promises to
  • Perform manual security scans to eliminate malware from your system
  • Configure basic safety
  • Activate and configure your Bitdefender subscription
After (unhappily just for the sake of a test) I paid the price I instantly got connected to an agent.
He downloaded an array of Bitdefender tools that are not publicly available, he went through common folders, task manager, startup sections of the registry and more.
After approximately 45 minutes, the agent figured out something was wrong (as pointed out by one of the tools) in the scheduled tasks. He did manage to delete the scheduled task, however the time it took shows that he wasn't really trained or experienced in what he did - it was simply a guesswork.

Final Verdict: Success

Conclusion:
Whilst some of these services may really leave your computer free of malware, it takes ages for an agent to remove just one piece of malware - I can't imagine how long it will take to clean a heavily-infected machine.
 
Last edited:

upnorth

Moderator
Verified
Staff member
Malware Hunter
This type of services can and will be hugely different not only in what country it's located, but extra so what company and their staff do the actual cleaning/removal. It's also a difference on Online Service and local/On site service. Automatic shown also in the price tag as @McMcbrad posted. For brand new users or users that never had to deal with this type of issues, it can be extra challenging as they normally lack the knowledge who to turn to or get their advise from. In that way this thread is good as it hopefully can help when it comes to some of the Online services. (y)
 

FireHammer

Level 6
Hi, I have never used one of these online services, never had to, my infections has never been that bad, I always have to my disposal or purchased removal programs that in my case solved the problem.
But it is a lot of money people throw at these services, so you should be able to count on that they take care of the problem.
 

McMcbrad

Level 8
I just do not understand why people let just these total strangers get remote access to your computer, no matter if it is a scam or not.
For people in real need of support, it's a way to get help 24/7 without ever leaving home, so I can totally see why they do it. It's always available and convenient. Whether it's a good value or not for the money, that's another question.
 

Local Host

Level 23
Verified
I just do not understand why people let just these total strangers get remote access to your computer, no matter if it is a scam or not.
Honestly if you worked support you would know how frustrating it is to help 99% of the clients, remote access is a blessing.

Is however flawed when the people using remote access are performing tasks from a checklist, with zero to no advanced knowledge, like it happened in this case.
 

McMcbrad

Level 8
Honestly if you worked support you would know how frustrating it is to help 99% of the clients, remote access is a blessing.

Is however flawed when the people using remote access are performing tasks from a checklist, with zero to no advanced knowledge, like it happened in this case.
Someone who's supposed to help people like my mum or some of my friends (if I am not around) to get rid of infections is telling me there is no such thing as fileless malware... Symantec had a 100 pages whitepaper (before the Broadcom disaster) on this topic... I was thinking to open it so he can read it.
 

fabiobr

Level 9
Verified
That kind of service is focused on basic home users, not experienced users like us here on MT. We all here know how to remove viruses.

That's why they promise to refund you when they can't remove a virus because, for home basic users, it's almost impossible face with a brand new sample which even NPE can't detect it.

I think it's kind of useless to test these services as you did.
 

McMcbrad

Level 8
That kind of service is focused on basic home users, not experienced users like us here on MT. We all here know how to remove viruses.

That's why they promise to refund you when they can't remove a virus because, for home basic users, it's almost impossible face with a brand new sample which even NPE can't detect it.

I think it's kind of useless to test these services as you did.
Home user might face anything. This is a business. If you say you are removing viruses then you should be removing viruses without falling into details of who might be faced with what. I tested them with something simple, didn't throw a rootkit or APT at them. For someone who's really experienced in virus removal it should take no more than 10 minutes to figure it out. I can figure it out just by using Eset SysInspector. As for Power Eraser, Norton products are something I do not wish to comment on.
 
Last edited:
Top