Avira Rescue System review

The bootable Avira Rescue System will scan and clean malware even when you can't boot Windows, though I expected a more thorough cleanup than I got. Beware; if its cleanup disables your computer, as it did one of my test computers, you'll have to fix the problem yourself.
Photo of Avira Rescue System

When malware has taken over your computer and barred you from its resources, it’s a little late to start thinking about installing an antivirus utility. Even in less extreme cases, entrenched malware may interfere with antivirus installation or scanning. The free, cleanup-only Avira Rescue System has no problem with Windows-centric malware, because it boots into a custom Ubuntu distro in order to perform its scan. The product does have some limitations, though, and its “repair” rendered one system unusable.

To get started, you download the ISO image and burn it to CD on a clean computer. Then simply boot the problem computer from the CD. The Rescue System loads quickly and its Welcome page immediately offers to scan for problems. Just pick which partitions to scan (typically you’ll choose all of them) and set the scan running.

Success, or Not
The antivirus scan takes care of problems as it finds them, so, once it’s finished, it’s finished. I did note that on almost half of my test systems it reported “The wizard was not finished successfully,” and advised checking the scan report. From the report I gathered that the scanner doesn’t meddle with malware-infected Windows files, or with files in certain sensitive areas. That does makes some sense, as too-aggressive “fixing” can disable Windows altogether.

For testing purposes, I saved a copy of the scan report to the actual C: drive. I did need to do a little Linux research to figure out where I’d find access to the computer’s actual file system. After noting which malware samples were found and saving the report, I rebooted each system back to normal Windows.

Permanent Collateral Damage
Despite the product’s attempts to avoid damaging important files, the scan rendered one test system unbootable. Similar to what happened with Panda Cloud Cleaner, the test system went into an loop, logging on and logging off again endlessly.

I booted back into Avira Rescue System and checked my tech support options. There’s a very nice built-in support system that includes a variety of access choices; I opted for live chat.

The support agent was very polite, but made it clear that only licensed users of Avira products are entitled to tech support. The agent suggested I install a trial of one of the products; that would get me into the system. Of course, with no ability to boot into Windows I couldn’t install anything.

In the end the agent confirmed that even though Avira Rescue System trashed my test PC, the company wouldn’t take responsibility for solving the problem. Perhaps I should have read the very first screen more closely; it did say “repairing a system might lead to data loss or damage.”

Scanning and cleaning a computer with the Rescue System was wonderfully quick and easy. Under other circumstances, that would have been a five-star installation experience. However, when a product kills your PC in order to cure it, that’s a really poor experience. Like Panda Cloud Cleaner, Avira Rescue System earns no stars at all in this category.

Not Directly Lab-Tested
My own tests offer real-world hands on experience, but the big independent testing labs perform a broader range of tests than I can manage. Note, though, that while most of the labs test Avira’s technology, they’re not testing the Rescue System product itself, so the results aren’t directly applicable.

ICSA Labs certifies Avira’s technology for virus detection and cleaning; Avira doesn’t participate with West Coast Labs. In all of the recent tests by Virus Bulletin, Avira has received VB100 certification.

AV-Comparatives awarded Avira its highest rating, ADVANCED+, in both a simple on-demand scanning test and a retrospective test that attempts to measure detection of zero-day malware. In the company’s real-world dynamic test, Avira rated ADVANCED. As for the threefold evaluation performed by AV-Test, Avira scored 12.5 of a possible 18 in the last two tests. That’s a bit low. Bitdefender got 17 points both times, and Kaspersky averaged 15.8.

For a more in-depth description of the labs and the tests they perform, see How We Interpret Antivirus Lab Tests.

Avira Rescue System lab tests chart

So-So Cleanup
In truth, tech support could have resuscitated the dead test system without much trouble. I managed to do it myself using the built-in File Manager. Doing so allowed me to boot into Windows and collect information about the success of the cleanup process.

The results weren’t so great. Rescue System detected 78 percent of the samples, the same as Panda Cloud Cleaner, but it only earned 5.3 points for cleanup, where Panda scored 6.2 points. The biggest problem seemed to involve those sensitive files that it refrained from cleaning.

Of cleanup-only products tested using my current malware collection, the oddball Jumpshot scored best, with 86 percent detection and 6.5 points. Beneath it’s oddball interface, Jumpshot also boots into a Linux variant. Only Bitdefender Antivirus Plus (2014) scored higher, with 6.6 points.

Looking at products tested with my previous malware collection, the free, cleanup-only Malwarebytes Anti-Malware 1.70 rules the roost. Its 7.1 point score beat out all the competition, both free and paid. It installed and scanned smoothly, with no incidents, earning five stars for installation experience.

Other high-scorers in the previous group include the commercial products Webroot SecureAnywhere Antivirus 2013 and Norton AntiVirus (2013) (6.6 points each) along with AVG Anti-Virus FREE 2013 (6.5 points).

To learn more about how I conduct this hands-on malware cleanup test, see How We Test Malware Removal.

Avira Rescue System malware removal chart

Bonus Features
This bootable rescue environment is more than just an antivirus scanner. It includes a full Firefox implementation, in case you need to download a file or look up a reference. The built-in support system offers live chat via this browser. If you’re an expert user (or getting advice from an expert) you can use its built-in Registry editor.

Using the file manager you can view and save logs, among other things. Those not familiar with Linux may have to do a little searching to find the access point for the underlying Windows file system. Those very familiar with Linux can just open the Terminal window and enter all manner of arcane Linux commands.

Handle With Care
I was disappointed at the malware removal stats for Avira Rescue Disk. Despite being a bootable non-Windows environment Avira totally missed one rootkit sample, and its cautious handling in repairing sensitive files helped it along to a mediocre score.

Worse, though, is the fact that it rendered one test system totally unusable, and that Avira doesn’t offer tech support to remedy such a situation. If at all possible, make a full backup before scanning with this product. Better yet, use Malwarebytes Anti-Malware 1.70, our Editors’ Choice for free, cleanup-only antivirus, instead.

Once you’ve got your system out of emergency mode, you’ll want to install a full-scale antivirus for ongoing protection. Assuming you need to stick with a free solution, go ahead and try either or both of our Editors’ Choice products, AVG Anti-Virus FREE 2013 and Ad-Aware Free Antivirus+ 10.5. AVG beats Ad-Aware at cleanup, but Ad-Aware is a knockout for protection against new threats.

The bootable Avira Rescue System will scan and clean malware even when you can't boot Windows, though I expected a more thorough cleanup than I got. Beware; if its cleanup disables your computer, as it did one of my test computers, you'll have to fix the problem yourself.
Published under license from Ziff Davis, Inc., New York, All rights reserved.
Copyright © 2012 Ziff Davis, Inc