Your everyday antivirus utility scans for malware any time you ask it to, and also chugs along in the background, fending off any new attacks. Most of the time that's exactly what you need, but occasionally you may find that something nasty slips past your protection. Enigma Software's SpyHunter 4 is designed to track down and eliminate such problems. In testing, SpyHunter successfully eliminated active malware, and the included hands-on remote-control remediation proved useful. But it definitely won't replace your existing antivirus, and other cleanup-only tools, even free ones, have proved to be more effective at thoroughly cleaning up malware infestations.

In the problem scenario I just described, you could also get help from Malwarebytes Anti-Malware 2.0 or any of several free cleanup-only tools. So why would you pay $39.99 for a six-month SpyHunter license? My contact at Enigma software said, "We are more like an online service than just a downloadable utility," and went on to explain that the company's active service through the built-in HelpDesk generates serious customer loyalty, and that the free cleanup tools don't affect their bottom line. I set out to see whether this service would win my loyalty.

Free Scan
You don't have to pay in order to scan with SpyHunter. You can get its full report on any found malware without paying a cent. If you're amazingly adept, you might even be able to use that report to manually clean your system. However, most users will just pay the fee to get rid of the found malware.

Before you do pony up for a subscription, look carefully at what was found. On my test system, before I installed any malware samples, SpyHunter found almost two dozen items to remove. However, all of them were characterized as "adware helpers," and all were simply Registry items, with no files associated. SpyHunter correctly categorized them at the lowest risk level. You really don't need to worry about these.

Scant Lab Results
Many of the evaluations performed by the antivirus testing labs around the world just aren't relevant to cleanup-only tools like this one. For example, AV-Comparatives runs a test that checks a product's ability to block malware installation using all available technology, from denying access to the malware-hosting website to detecting and corralling malware based on real-time analysis of its behavior. SpyHunter is a weapon, not a shield, so this test wouldn't make sense.

In fact, of the six labs that I follow, only West Coast Labs has published results for this product. SpyHunter successfully passed this lab's testing regimen and received checkmark certification. That's vastly better than having no certifications at all, of course. But the best full-range antivirus products, Kaspersky Anti-Virus (2016)£19.99 at Kaspersky UK and Bitdefender Antivirus Plus 2016£19.99 at Bitdefender UK in particular, earn excellent scores in widely varied tests from all the labs.

Testing SpyHunter
For full-range antivirus products that aim to fend off malware attack, I run two simple hands-on tests. I carefully note what happens when I try to install a collection of several dozen malware samples. And I launch 100 newly discovered malware-hosting URLs to see whether (and how) the antivirus blocks malware from downloading. Neither of those tests measures anything that SpyHunter does, so I had to make some changes to my methodology.

To test SpyHunter, I first installed several samples from my malware collection on a clean test system. I used my hand-coded tools to verify that the samples were successfully installed. Then I installed and ran SpyHunter. It wanted to immediately run a quick scan; I quashed that scan, verified that malware definitions were up-to-date, and ran a full scan, so as to give it the maximum potential for success.

When each scan finished, it reported a goodly number of bad items, and also asked if I recognized certain unknown items. One VMware process turned up in the unknown items each time; I rescued that one. In some cases, SpyHunter rebooted the system and ran a boot-time cleanup process, then rebooted back to Windows and scanned again. In other cases, it finished its cleanup without requiring a reboot. I didn't encounter any situations that required SpyHunter to install or run in Safe Mode, but I verified that it's capable of that if needed.

Once the cleanup finished, I noted which of the samples were detected, and I used the hand-coded tool I mentioned to check how thorough the cleanup was. When I finished taking notes, I reverted the test system back to its pristine state and started again with several more samples.

Help Me, HelpDesk!
One of my samples is a kind of ransomware. It's not the kind that encrypts all your data files; removing that kind can be impossible. Rather, it's one that completely takes over the desktop and displays a large message instructing you to call a certain phone number for recovery help from "Microsoft." Rebooting doesn't help. Safe Mode isn't available. There was no way for me to install SpyHunter.

Tech support ran through various scenarios with me, ending up by supplying a bootable security environment in the form of an ISO file. This Windows-based bootable CD runs completely separately from what's installed on your hard drive. It's not as fiercely independent as the Linux-based iCloak Stik, but that's actually good. Malware infesting the main Windows installation doesn't get a chance to run, but the SpyHunter bootable environment can access and eliminate that malware.

Perhaps the best thing about this HelpDesk environment is that it immediately launches a chat and remote-control remediation tool. You just contact tech support, give them the credentials displayed in the built-in tool, and let them do the cleanup work. Note that HelpDesk is also available as needed in the normal SpyHunter environment. It's similar in many ways to the GeekBuddy service that goes with Comodo Antivirus 8See it at Comodo Antivirus. As with SpyHunter, GeekBuddy isn't free; you only get that level of support with Comodo's paid edition.

In my particular situation, the technicians pored over the system, determined the source of the problem, and fixed it. After a reboot back to normal Windows, a full scan by SpyHunter took care of the few remaining traces. It was a good experience overall.

System Guards
SpyHunter is clearly sold as a cleanup tool, not as the kind of antivirus that provides real-time protection. Even so, its System Guards component offers a degree of real-time protection.

To start, it watches the programs you launch and flags any unknowns, asking you whether to permit execution. If you're deliberately launching a game or installing a utility, naturally you'll allow it. But if the request comes out of the blue, with an unfamiliar program name, you should consider letting SpyHunter suppress it.

When I experimented by launching my malware samples with System Guards active, it flagged almost every one of them as unknown. That's no big surprise; when I launched 20-odd old PCMag utilities it flagged three quarters of them as unknown, and it offered to block all of my hand-coded test programs. However, it did flag a handful of malware-related processes as malware, showing that SpyHunter has at least a rudimentary form of real-time protection.

It also kicked in to warn about suspicious actions, like changes to my DNS settings, or changes to my browser's home page and search options. Those are definitely things you should block unless you initiated a change yourself.

No Active Malware
So, how did SpyHunter do in my test? I can report that after its scan, no active malware remained running, and no malware executables were set to launch at startup. However, a goodly portion of the sample set never got detected at all, and malware executable files remained on the system for many of those that SpyHunter did detect.

Specifically, SpyHunter detected 71 percent of the samples, some by flagging components as unknown and some by actively identifying the threat during the full malware scan. Its cleanup left behind executable files for 30 percent of those it did detect. If this were my standard malware-blocking test, it would have scored 6.0 of 10 possible points.

Again, this is a product with a different aim than the typical antivirus. But it's still worth noting that, for example, Avast Free Antivirus 2016See it at AVAST UK detected 100 percent of the samples using a combination of on-access detection and detection after launch. Because Avast didn't fend off all malware traces, it earned 9.3 points, still the best among products tested using this current sample set. Bitdefender detected 93 percent and completely prevented installation of even non-executable traces, also earning 9.3 points.

I haven't put the current version of Malwarebytes through the same test regimen I applied to SpyHunter. I will definitely do so when version 3 comes out later this year. It's worth noting that earlier versions of Malwarebytes proved extremely effective at complete removal of found malware.

Does What It Promises, but...
SpyHunter 4 promises to eliminate active malware and malware that launches at every startup, even if doing so requires the services of Enigma Software's crack tech team for remote remediation. It does deliver on that promise, but others promise and deliver quite a bit more. For the price of a six-month SpyHunter subscription, you can get a full year of Bitdefender Antivirus Plus 2016 or Kaspersky Anti-Virus (2016), full-featured antivirus tools that both remove existing malware and prevent new infestation. These two are our Editors' Choice antivirus products.

Yes, SpyHunter does have a tech team standing by to remotely repair any problems the product itself can't handle, but the paid edition of the full-featured Comodo Antivirus offers the same thing. And if you do wind up needing emergency cleanup, there are quite a few free options you can try before diving in to a SpyHunter subscription. Malwarebytes Anti-Malware is our current Editors' Choice for cleanup-only antivirus.

This article originally appeared on PCMag.com.