A PC protected by a quality antivirus tool should be pretty darn safe. Even if a brand-new threat isn't recognized, your security tool should keep it from actually doing harm. If the malware has already settled in, though, you have a problem. Active threats may well smack down any attempt to install or run security protection. That's where Comodo Cleaning Essentials (free) comes in. It focuses on cleanup, not ongoing protection, and it does a very good job of clearing out active malware. Not only that, it's free for personal or business use.

Portable Protection
You don't have to worry about malware interfering with installation of Comodo Cleaning Essentials, because it doesn't require installation. Just unzip its folder to the desktop and launch. Better yet, copy it to a USB drive and keep it in your pocket, in case a friend or colleague needs help with malware cleanup. That's what I've done.

Norman Malware Cleaner 2.1 (Free, 3.5 stars) and Malwarebytes' Anti-Malware Free 1.51 (Free, 4 stars) also focus strictly on cleanup. Norman doesn't require installation. Malwarebytes does, but none of my malware samples balked its installer.

At the end of a scan by any of the Norton products there's a link to click if you think some problems remain. This link leads to the Norton Power Eraser (Free, 4 stars) download page. You can also download the tool at will to clean up a persistent threat.

avast! Rescue Disc ($10/once direct, 3.5 stars) takes a different approach. To clean up a badly infested system you boot from the disc, without even launching the installed version of Windows. However, it's a little harder to carry around a CD in your pocket.

The Cleanup Process
After you launch Comodo Cleaning Essentials, it displays a simple main window with three main options: smart scan, full scan, and custom scan. If you're in a situation that needs this product's help, I'd strongly advise the full scan. That's what I did for testing.

There are just a handful of configuration settings, most of which you shouldn't change. If you suspect the possibility of a now-uncommon Master Boot Record (MBR) virus, or if you just want a really thorough scan, you might consider turning on the MBR scanner.

At the beginning of a full scan, the product needs to reboot your system. That lets it launch ahead of any rootkit threats, making it tough for them to hide. Next it runs a full antivirus signature update. Remember, this product isn't installed, so it hasn't had a chance to sit around downloading updates in the background. After updating it performs a thorough scan.

When the scan finishes, it simply reports the number of threats found. You can click for details, if you wish, and even change the action for any or all found threats. By default, it cleans each threat, disinfecting infected files and deleting wholly malicious ones. You can set it to ignore specific files, or to report them to experts at Comodo.

Once the antivirus has finished its cleanup actions, it requests another reboot to confirm that everything's now hunky-dory. Upon reboot it displays a list of all the threats and their Status, either OK or Failed.

On my standard clean test system, the whole process took just under an hour, about twice as long as the current average. You'll normally whip out this tool to solve a serious problem, so the time spent fixing it isn't as important as its success at killing off the active malware.

Just Essential Cleanup
Comodo's detection rate of 91 percent was second-highest in the current group, tied with GFI VIPRE Antivirus 2012 ($39.95 direct, 3 stars) and Panda Cloud Anti-Virus 1.5 Free Edition (Free, 3.5 stars). Only Webroot SecureAnywhere Antivirus ($39.95 direct, 4.5 stars), with 94 percent, detected more.

The point of scanning with Comodo is to wipe out active malware, not to clean up every little trace, and this came through very clearly in my testing. Two malware-related processes remained running after Comodo's cleanup, but as far as I could tell they were powerless without the components Comodo did remove. Comodo left behind executable traces for a handful of other threats, and it left behind tons of non-executable traces for most of the remaining ones.

Leaving behind non-executable junk doesn't count strongly against a product's overall score. Comodo managed to score 6.8 points for overall malware cleanup, beaten only by Webroot with 6.9 and Norton AntiVirus 2012 ($39.99 direct, 4.5 stars) with 7.1.

Comodo's rootkit handling was especially impressive. In several cases, it detected and eliminated rootkits strictly based on their sneaky behavior, without help from antivirus signatures. Like Webroot, Norton, and quite a few others, Comodo detected 100 percent of the rootkits. Not a single rootkit remained active after Comodo's scan, and its rootkit score of 8.7 points beats all the rest except for Norton, which scored 8.9.

This is quite a contrast to some of the other cleanup power-tools. Avast! Rescue Disc managed 5.3 points, and using my previous malware collection Norton Power Eraser scored 6.0 points. Those scores aren't bad. But Malwarebytes only got 3.6, and Norman brought up the rear with 2.4 points. I consider this a significant failing. Rootkits are among the toughest kind of malware to remove, and hence should be a primary target for a standalone cleanup tool.

Like the vast majority of current products, Comodo detected 100 percent of the scareware (fake antivirus) samples. Quite a few competitors matched its 9.5 point score; Norton and Malwarebytes aced this one with a perfect 10 points. For a full run-down on where all these numbers come from see How We Test Malware Removal.

Comodo Cleaning Essentials malware removal chart

No Blocking, No Lab Results
Comodo Security Essentials doesn't get tested by the big independent labs. That's too bad; I'd like to see how it does. But many of the labs focus on static testing, and this product doesn't attempt to identify inactive threats. Those that do test Comodo's suite generally give it low marks.

As noted, Comodo Cleaning Essentials is strictly a cleanup tool, with no real-time protection component. The average user will run it to clear out active malware, install another antivirus that offers both cleanup and blocking, and put Comodo aside until the next emergency. A user with more technical expertise should definitely take a look at two useful bonus tools.

Autorun Analyzer
In order to survive reboot, malware has to get launched automatically during the boot process. The Autorun Analyzer tool scans for sixteen different ways a program can launch during boot. It's quite similar to the Autoruns 9 (Free, 3.5 stars) tool from Microsoft's SysInternals division. Even on my small, low-powered test system the analyzer found 721 startup items.

Autorun Analyzer reports the description and publisher of the automatically-launched process, when available. More importantly, it flags dangerous items launched at startup. You can disable or delete a malicious entry, or click to view the file or Registry location from which it's launched. And if those hundreds of items seem overwhelming, there's an option to hide the safe entries, showing only the problems.

KillSwitch
The KillSwitch tool resembles another SysInternals tool, Process Explorer 11 (Free, 3.5 stars), but it does even more than Process Explorer. Its initial display on launch is much like that of Task Manager, except that a tree-style structure shows which process launched which.

Like the Autorun Analyzer, KillSwitch highlights dangerous processes. From the main menu you can suspend or terminate all unsafe processes. Line graphs along the right-hand side track use of system resources, with an option to display a full window of larger graphs and system information.

Not sure what process in the list corresponds to a particular window? Just drag the Find Window icon and drop it on that window. KillSwitch will highlight the corresponding process. You can also use it to launch any program or restart the system, just like Task Manager.

But wait! There's more! Many malicious programs manipulate system security in order to do their dirty deeds. KillSwitch's Quick Repair tool checks over 20 often-abused system locations, identifies any that have been compromised, and quickly fixes them.

There's even an option to have it replace Task Manager, so Ctrl+Alt+Del brings up the full power of KillSwitch. Clearly this is a tool to delight us geeks, not something designed for the average user.

Does Exactly What It Says
Webroot SecureAnywhere Antivirus ($39.95 direct, 4.5 stars) and Norton AntiVirus 2012 ($39.99 direct, 4.5 stars) remain our Editors' Choice products for standalone antivirus. Comodo Cleaning Essentials isn't going to replace them on your desktop.

On the other hand, if malware keeps you from installing Norton, Webroot, or another security tool, then Comodo is exactly what you need. It does exactly what it promises, and it does so much better than equivalent products. System experts will love the two bonus analysis tools. And it's free! We're naming Comodo Editors' Choice for cleanup-only antivirus.

More Antivirus reviews: