Rogue applications are a very common threat – they’re fraudulent programs that try to trick you into paying for ‘removal’ of malware or ‘fixing’ of hard disk errors etc.
Often called scareware, fake antivirus programs claim to help when they themselves are the problem – and they usually install even more malware on your computer.
Antivirus company ESET (of NOD32 fame) have released the ESET Rogue Application Remover (ERAR) that aims to remove such rogue applications from your computer.
It could be helpful if your antivirus software does not recognize, or has been disabled by, the rogue app.
ESET Rogue Application Remover (ERAR) is a portable (no need to install) program which is compatible with XP, Vista and Windows 7. It is available in 32bit or 64bit versions and is a small download (about 2MB).
Once downloaded, ESET recommend that you should start up in ‘Safe Mode With Networking’ (via F8 advanced options) before running the tool. [You can run the tool in normal Windows mode but early reports suggest that could potentially cause serious problems]
Once ERAR is started you need to accept the license agreement – it then looks for an internet connection to enhance its detection rate by using ESET’s online databases as shown below:
Note: in my tests, the tool displayed the same message “Internet connection is active!” regardless of whether my test PC actually had internet access or not…
ERAR does some preliminary cleanup followed by a 9 phase scan of ‘sub entities’ – ESET don’t explain what these are. The tool then tries to retrieve data from ESET’s labs, presumably to get the latest rogue app definitions but, again, there is no further info and the retrieval is so quick it can’t be downloading much data.
Finally ERAR performs the main scan of your system – this is a multi part scan with many separate entities as shown below:
On a system with no infections the whole process only takes a minute. It would take much longer if infections are found as it tries to stop the malware processes and delete the files and/or registry entries. Finally, the tool offers to open ESET’s homepage – presumably in the hope that you will buy their full Smart Security software (see how it performed in my latest review of antivirus software test results).
Although ERAR is essentially a DOS tool (no fancy user interface) it is possible to restore all changes or restore a specific change from quarantine – detailed instructions are given on the download page.
Download ERAR from ESET here.
ESET Rogue Application Remover may be a useful tool to remove rogue apps but it provides little information about what it does. The ‘active internet connection’ message can be misleading and I didn’t appreciate the fact that in my tests on a totally clean system ERAR ‘repaired’ the registry due to ‘critical modifications’ that it detected.
ERAR is a new tool and has promise as a quick fix for common rogue apps but it could benefit from further development.
I still prefer programs like Malwarebytes or SuperAntiSpyware which detail what they find before you quarantine any files although, to be fair, many users probably would not know (or look up) which are good or bad files anyway…