If malware gets past your antivirus utility, the consequences can be nasty. It may deliberately disable your PC, demanding a ransom before it restores access. It may drive a stake through the heart of the antivirus that missed its entry. Or it may just keep you from booting the PC because it’s badly written. What, you think malware doesn’t have bugs? That’s where FixMeStick can help. You just insert the device, boot to its Linux-based environment, and let it take care of the problem. It’s a fantastic tool for emergency situations, though it won’t replace your regular antivirus.
FixMeStick isn’t a static product; every time you launch its software, it checks for product updates and malware signature updates. Your $59.99 per year Home subscription gets you the device itself, with no shipping charge, and the ability to use it on three PCs. For $89.99, you get two years of service and the option to scan five PCs. That’s a good deal! Not sure you want it? You can get a 30-day trial for $9.99 plus shipping. Finally, the $299.99 Pro edition, designed for business use, gives you a year of service on unlimited PCs.
For all but the 30-day trial edition, the clock doesn’t start until the first time you use the device, so you can keep it around for emergencies without wasting its powers. If you fail to renew your subscription, the device stops working; that check for updates also checks for a valid subscription. However, you can revive your subscription at any time. There’s also a separate edition designed for macOS devices.
If by some mischance FixMeStick can’t fix your malware problems, you can contact tech support for help. In fact, if the FixMeStick scan determines something didn’t work right, it offers details on how to get help. The support agent can give you a special keystroke to launch a built-in copy of TeamViewer if necessary, meaning the agent can both chat with you and remotely diagnose and fix the problem. Hours for live chat support are weekdays from 10 a.m. to 6 p.m. Eastern time. Phone support is available weekdays from 7 a.m. to 7 p.m., and Saturdays from 9 a.m. to 7 p.m. Be sure to avoid malware problems on Sunday.
The device has evolved physically since my last review. Its new capless form factor easily clips to your keyring. Per the company website, Chip-on-Board technology means it’s waterproof, dustproof, and shockproof. Full disclosure; I didn’t subject the device to waterboarding or shock testing.
Reboot to Clean
Quite a few antivirus products include the option to create a bootable USB rescue scanner, but it isn’t always easy to use the resulting device. It’s not too hard to tweak the BIOS in an older computer to permit booting from USB, but modern computers use UEFI (Unified Extensible Firmware Interface), which can be challenging. FixMeStick aims to overcome that challenge, completely automating the process.
To clean a system that can still boot Windows, insert the FixMeStick, run the FixMeStick program (if it doesn’t launch automatically), and click the big red button titled “Reboot and Start FixMeStick.” You’ll see a notification that FixMeStick is configuring automatic launch at boot, and that it may take three reboots. Why three? My contact at the company explained this. There’s just one way to configure a PC for BIOS boot, but three ways for UEFI boot. On a UEFI system, FixMeStick tries each of the three ways in turn, remembering which one worked.
New since my last review, FixMeStick accounts for possible obstacles including Secure Boot and pending Windows Updates. On detecting such problems, it guides the user to reach a clean, bootable state.
In either case, if FixMeStick exhausts its possibilities without booting successfully, it directs the user to an online set of detailed instructions for manual boot management. This includes specific details on how to reach the boot menu from most popular computer types. You can use these instructions on a PC that just won’t boot to Windows, too. Of course, you can also contact tech support if you need help booting from the device. In testing, I found that it booted on the first try every time.
The company is currently rolling out a technology called SmartBoot. SmartBoot leverages accumulated server-side data to prioritize the best boot choices for each PC model. You may not see benefits from this technology, as it has only been rolled out to a small percentage of users.
One more thing: If by some mischance FixMeStick’s cleanup itself made Windows fail to boot (something that happened in my testing of past versions, but not recent ones), you can boot to FixMeStick and choose Undo Quarantine. Doing so restores the system to its previous, infected state of course, so a better option is to contact tech support for help unraveling the problem.
Automated Malware Removal
After the FixMeStick boots, it establishes an Internet connection, checks for product updates, downloads the latest malware signatures, and starts its malware protection scan. This all happens without any action by the user. In fact, it pops up a notice suggesting that you go take a break, since the scan could take hours.
My company contacts promised a speedier scan with this iteration, and indeed, my test scans averaged about an hour and a quarter. The average scan time on my standard test system for current products running under Windows is a little over an hour, so that’s not too bad. Webroot SecureAnywhere AntiVirus beat that time by a mile, scanning in just five minutes the first time and less than 10 seconds for a subsequent scan. But then, Webroot’s technology is very different from most, with a strong focus on behavioral detection.
On completion, FixMeStick offers to clean all the problems it found, or let you see the results first. Most users will just choose to clean everything. FixMeStick cleans malware traces from the Registry as well as the file system. If it can’t disinfect a file, it quarantines it, saving a copy as an encrypted ZIP file. In the distant past, I had a problem with FixMeStick quarantining essential Windows files. Recent versions handle infected Windows files by fetching a replacement file from the company’s extensive collection. If you need to check later just what the scan did, you’ll find a detailed report in a folder on the device itself.
When I ran a full scan on a virtual machine containing my current malware samples, FixMeStick detected and quarantined 91 percent of the samples, including all of the ransomware samples. This isn’t my usual malware protection test, naturally, as FixMeStick does not have a real-time blocking component. Webroot detected 100 percent of these samples, while Avast, McAfee, and Norton AntiVirus Plus managed 96 percent, but these products had a huge advantage. A real-time antivirus has many, many chances to block malware attack, including blocking access to the site hosting the malware, recognizing the malware signature on sight, halting the process during installation, and identifying malware by its behavior.
FixMeStick also eliminated all but a couple of my modified samples, and it did whack all the modified ransomware. To create the modified samples, I started with a copy of the full sample set, omitting any that weren’t detected in their original form. I renamed each file, appended nulls to change the file size, and overwrote some non-executable bytes. This test specifically examines static detection, so it’s not relevant for products like McAfee AntiVirus Plus that don’t check files for malware until they try to launch. Products that do check files on any access usually miss some of the modified files.
FixMeStick relies on antivirus detection engines from Avira, McAfee, and Sophos. Reviewing the report showed the benefit of having not one but three antivirus engines. All three engines detected many of the samples, but for fully a fifth of them, just one engine managed detection.
A Cleanup Challenge
Detecting and wiping out an inert, never-launched malware sample is not a real test of FixMeStick’s prowess. To continue my test, I rolled back the virtual machine to a state prior to FixMeStick’s scan. Next, I launched five or six samples and gave them time to finish their installation machinations. Finally, I ran a FixMeStick scan to clean up the mess. I repeated this process until I had tested using almost three dozen real-world samples.
FixMeStick detected every sample and removed at least some traces for all of them. Even so, two samples still had processes running in memory after the cleanup. The process reduced the number of malware executables in almost every case, but one or more executables remained for more than half the samples. FixMeStick did very little to remove non-executable malware traces. It deleted file-system traces for less than 10 percent of the samples, and Registry traces for about 20 percent. The remaining traces, thousands of them, weren’t affected.
For another view on the situation, I ran Malwarebytes Free after each FixMeStick cleanup. In an earlier test I found that Malwarebytes removed thousands of traces left behind by FixMeStick. This time around, not so much. It eliminated a handful of files, both executable and non-executable, and over a hundred Registry traces, meaning it didn’t improve much on the work already done by FixMeStick.
Of course, FixMeStick can’t undo the damage caused by encrypting ransomware. That limitation applies to any post-disaster cleanup-only antivirus tool. If your important files got encrypted, they’ll still be encrypted after cleanup. The best defense against ransomware is real-time antivirus protection, possibly supplemented by a ransomware-specific tool like Check Point ZoneAlarm Anti-Ransomware.
In Case of Emergency
The lesson is clear. FixMeStick can rescue you from the immediate emergency of a malware infestation. It’s essential in cases when the malware prevents you from installing or running a traditional antivirus. And it handles booting from USB better than any product I’ve seen.
However, you must use it alongside a regular antivirus, one that will provide real-time protection against new infestations and more thorough cleanup of any existing problems. Once FixMeStick solves the immediate problem, a full scan with a regular antivirus is the first order of business.
So just what antivirus should you use alongside FixMeStick? Bitdefender Antivirus Plus and Kaspersky Anti-Virus routinely earn top scores from the independent testing labs. McAfee AntiVirus Plus doesn’t pull down the same soaring test scores, but one McAfee license lets you protect every device you own. And Webroot SecureAnywhere AntiVirus can reverse malware activity, even (to an extent) ransomware activity, all while using a minimum of disk space and system resources. Use one of these Editors’ Choice products as your first line of defense, and call in FixMeStick for emergencies.