Repair malware damage with Windows Medkit

While anti-virus packages are fine at removing malware, they’re often less useful at undoing the damage an infection has caused. And so even if you’ve managed to get rid of the initial threat, you might still have problems running Explorer, opening particular files, launching key Windows components, and so on.

Windows Medkit is an interesting collection of tools which promises it can help regain control, fix the Registry and get everything working again. Sounds impressive, especially when you notice that the package comes in the form of a tiny (107KB) download, but can it really deliver? We took the program for a spin.

As you’d expect for something this size, there’s no installation required. The program is portable, so you just need to launch it to display the tiny Medkit console. This has no fancy toolbars or other interface complexities: all you really have to do is browse the menus to check out the various options.

Click Manage > Tasks, for instance, and you’ll find a simple task manager-type program. It’s very basic, just listing all your running processes, but then it’s really only for using if the regular Task Manager doesn’t work. And it does have one handy bonus feature in its ability to terminate multiple processes with a single click, perhaps valuable if there are still malicious programs running which you need to control.

Clicking File System > Safe Explorer launches a basic file manager, which has a very similar philosophy. It’s extremely simple and limited -- if Explorer is working properly, you won’t need to use it -- but if you’re currently having problems then the program does provide another way to browse your file system, copying or moving files and folders. And, also, it has some extra features which may be useful in an emergency, including the ability to regain access to files if they’re currently blocked by NTFS permissions, as well as being able to mark locked files for deletion when you next reboot.

And Windows Medkit also has a "Fixes" module which can apply various Registry tweaks at a click. If malware has disabled Regedit or the Task Manager, damaged the taskbar, got rid of your Folder Options or Internet Options dialogs, or caused other damage, then there may be a solution here. Just check the relevant boxes, click "Fix It" and reboot to see if normal service is restored.

While these options work well, there are others which are a little less clear. What does the "Delete/ Show File Have Name" function mean, for instance? We’d guess it’s for forcibly deleting locked files, but we’re not completely certain.

The "Prevent Tasks" module isn’t exactly a model of clarity, either. It seems you can use it to delete process executable files, great for manually removing malware, but the same dialog presents several other options and we’re unsure how they fit together.

Elsewhere, there’s a "Drives Dog" function which we really don’t get, at all. We could make a few guesses, but that’s a bad idea with this kind of powerful system tool (it’s best to know exactly what you’re doing at all times). And, unfortunately, there’s no real help to walk us through the fine points.

Windows Medkit has some issues, then. Its modules are on the basic side, and some are tricky to use: if you make a mistake you could find the program causes more problems than it solves.

For the most part, though, there’s a great deal to like here. Windows Medkit packs an enormous amount of functionality into its tiny frame, and if you find you can’t run Explorer, Task Manager or some other key tool then there’s a good chance it’ll be able to help. The program definitely deserves inclusion in your troubleshooting toolkit: go download a copy immediately.