Loaris Trojan Remover

Description

General purpose antivirus software and dedicated malware removal tools address different problems. Antivirus programs run constantly in the background, scanning files as they arrive on the computer and preventing known threats from running. Loaris Trojan Remover takes the second approach: Loaris Trojan Remover runs on demand, digging through a system that already shows signs of infection, targeting the category of malware that standard antivirus engines historically struggled to detect cleanly — trojans, rootkits, ransomware, and spyware that had already established themselves on a machine and modified the system to resist removal.

Loaris developed the software specifically for the remediation use case and not real-time prevention, which makes it a complement to existing antivirus solutions and not a replacement. A user whose machine already runs Kaspersky or Bitdefender can run Loaris Trojan Remover as a second opinion scanner when they think an infection was missed by their primary tool or not fully removed.

DEVELOPMENT HISTORY

Loaris created the product based on a detection challenge that made trojans and rootkits especially persistent: once active, many of them altered the operating system in a way that gave them visibility into what scanning tools were doing, enabling them to conceal their files, processes and registry entries from normal detection methods. Effective removal required scanning techniques that operated at a lower level than the malware itself — using kernel level drivers and scanning methods that ran before the malware had a chance to conceal itself.

The software developed through the 3.x generation with updated threat databases and detection algorithms that included recognition for ransomware families, cryptominers embedded in browsers and spyware packages that arrived bundled with legitimate-looking freeware installers. Ransomware detection got a particular boost after several high-profile ransomware campaigns between 2017 and 2021 showed that file encrypting malware was the most financially damaging consumer and enterprise threat category.

Loaris made the scanner available as a free trial with scan results visible to unregistered users with a paid subscription to take action on results. This model allows users to verify whether or not an infection is present before making a purchase.

KEY FEATURES

Trojan and Rootkit Detection

The core detection engine is focused on trojan horse programs — malware that masquerade as legitimate software or are delivered embedded inside legitimate application installers — and rootkits, which are software components that embed themselves into the operating system at a level that lets them alter what other programs can see. Rootkit detection requires looking at system calls and file system entries at the level of the operating system, comparing what is reported by the operating system and what is actually discovered by direct access to the disk, and marking discrepancies that show that there are hidden files or processes.

Ransomware Scanning

Ransomware detection involves known ransomware families and behavioral patterns that are indicative of file-encrypting activity. The scanner verifies for ransomware related file extensions that are added during encryption, altered shadow copy settings that are disabled by ransomware to prevent file recovery, and registry entries that are linked to known ransomware variants.

Spyware and Adware Removal

Spyware components which record keystrokes, capture screen content or transmit browsing activity are included in the scanner’s results along with adware packages which inject advertisements into browsers or modify browser settings. The scanner targets browser hijackers — programs that alter default search engines, add unwanted browser extensions, or redirect searches to advertising pages — as a different class of problem than more severe malware.

System Startup Analysis

The startup module lists all programs that are configured to run at Windows startup from all the standard startup locations: the Run and RunOnce registry keys, the Startup folder, scheduled tasks, and service entries. Malware will often install itself in a startup location to survive a reboot, and the startup analysis will flag entries that don’t match known legitimate software for further review.

Quarantine System

Detected threats go to quarantine folder instead of immediate deletion. Quarantine saves the original file in an encrypted and non-executable state and deletes it from its original location. If a detection ends up being a false positive — legitimate software mistakenly identified as malware — the quarantined file can be restored to its original path. Files that are confirmed to be malicious can be deleted from quarantine permanently.

Threat Database Updates

The detection database is updated automatically prior to each scan to contain signatures for newly discovered malware variants. Updates are pulled from Loaris servers and include recognition for newly identified trojan families, strains of ransomware and spyware packages. The update frequency is important when it comes to spotting new threats distributed via phishing campaigns and software exploit kits, which use frequently rotated malware variants to specifically avoid detection by signature databases that haven’t been updated in a long time.