Viruses/Spyware/Malware Removal Guide


Recommended Posts

I tend to use SuperAntiSpyware and MalwareBytes to remove malware. And if all else fails, ComboFix.

And if that fails.. I just backup and reload.

Thanks for the guide, I'll look at the other options as well.

Simple and nice guide. :)

It's everything I would have mentioned.

For the sole purpose of removal, a good free firewall such as Comodo may sometimes be necessary to terminate outbound connections by malware already nesting inside the system. One thing you forgot to mention is that users should terminate Internet connections after updating their security programs before running any scan. Some malware can contact their home servers and "morph" to avoid detection.

For prevention, well, I guess you'll need to write another guide. lol

One thing you forgot to mention is that users should terminate Internet connections after updating their security programs before running any scan. Some malware can contact their home servers and "morph" to avoid detection.

I agree, and I have amended (well, added) to the original guide. Thanks :)

For prevention, well, I guess you'll need to write another guide. lol

Please do the honors of writing such a "platform" guide to prevention

I was going to add info on Hosts file and Firewalls etc, but I concluded with MS Security Updates only

Windows firewall should not be fully overlooked as a poor Firewall, it has come leaps and bounds since it was first released. Plus MS have other detection tools as well, that can help in prevention

I normally suggest to always:

  • Complete all MS Security Updates
    Confirm your firewall is on
    Always have an up to date Antivirus software before downloading anything
    And run an updated Malware (and Antivirus) scan periodically

But this really needs to be expanded a lot. ie user Internet browsing and downloading (including emails)

Even file sharing has its insecurities (actually many Malwares come from this area alone)

I would think that a Guide like this would be invaluable, but difficult to write up (ie lengthy)

Its all about a bit of common sense and surfing responsibly. ie Not downloading cracks or illegal content

I welcome all good suggestions in the fight to rid user's computers of Malware.

  • 11 months later...

Avira and Avast? :laugh: I suggest fixing that because it ruins a (IMO) great guide.

You're crazy. Avast is the best free AV available. Besides it has a boot time scan option, which is very useful.

When I tried Antivir, it was crap and many people felt the same.

You're crazy. Avast is the best free AV available. Besides it has a boot time scan option, which is very useful.

When I tried Antivir, it was crap and many people felt the same.

I find that to be quite the opposite. I wouldn't say Avast is crap, but I find Antivir to be better, IMHO.

You do know that CCleaner also has a section on their tools- then startup tab which does the same thing as the Startup Control Panel- without having multiple programs installed that do the same thing.

I would also suggest after all your cleaning is done- A free second opinion check can be found here-

http://www.pandasecurity.com/homeusers/solutions/activescan/

Even though It does not remove it but will if you read the text file generated after the scan (don't forget to save it) the locations of the Bad files that may have been missed so you can manually remove them.

Just to be on the safe side.

  • 3 weeks later...

I have read the entire thread so I hope that I did not miss anyone mentioning this little application.

For me this is something that I always install for my customers! SpywareBlaster by JAVACOOL SOFTWARE.

This tool is not a repair tool but purely used for prevention! It watches out for something like 13801 bits of crapware and dangerous websites! One of it's best features, besides being an excellent little piece of software, is that it's free! :)

So guys which Real-Time Protection AntiSpyware free software do you recommend me to use ?

I'm using Avira free so it doesn't have Spyware protection i guess.

NOTE: I'm using Google Chrome , so SpyBlaster won't be an answer since it doesn't work with Chrome .

  • 3 months later...

registry cleaning can break something, also by reducing the size won't make much difference though defragging it from time to time depending on how many apps you install/etc... can help a bit.

smokn: try MSE 2.0. it seems to have improved over the 1xx versions.

  • 1 month later...

Old topic, but I hope you all realize combofix should only be used by a trained helper when you have already identified the infection. If you run it without the private documentation, and good knowledge of the infection, you could easily end up with an unbootable machine.

People always say that, but I've never found Combofix to be dangerous. In fact, what do you really have to know to run it?

1) Double click combofix.

2) Do you agree with the terms, blah blah blah? Yes

3) Are you sure you want to update? Yes

4) Comboxfix shall now restart. OK

5) Do you agree with the terms, blah blah blah? Yes

6) Do you want to install the recovery console? No ( always choose no because i'm running it in my shop I have access to the recovery console if i Need it)

Then it just runs it's course, until it's done.

Sure it gives you a log file at the end you should know how to read, but I've ran that on a TON of machines. Never once has it prevented a machine from starting up.

16lxye9.jpg

Combofix

      • You are advised to read the Combofix Instructions
HERE before using this specialized program

Your Antivirus software must be disabled before running a scan. Combofix download link HERE

Below is an example of the "instructions that you should read before using this specialized program"

disclaimer.jpg

If you do not agree to the disclaimer, then click on the No button to exit the program. Otherwise, to continue you should press the Yes button to continue. If you decided to continue, then ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

The entire instructions are like that. So basically you are saying I should click yes if I want combofix to actually continue forward????? Well NO ****!

lol, Combofix is commonly known for hosing systems. Completely deleting System32 and other critical files like HAL.DLL and atapi.sys.

I have never had an issue running combofix (other than the whole x64 issue when x64 was becoming more and more popular). Can I see it doing such a thing, sure, just like any other piece of antimalware software. Can I recover from stupid crap like that, well I wouldn't be much of a tech if I couldn't. I have been using it for about 2-3 years, but I can also make sense of the log files (I may not understand what each section is giving me, it does give me information that I can cross reference and see without manually going through the system and looking for questionable files).

The instructions you just posted are whats public, they are given to users. The documentation on CF for trained helpers is an entire forum, and the discussions on the tool are incredibly long and detailed.

What Combofix does, and how to correctly use it, is private info, so I can't go into a huge amount of detail. While lots of users do run it, certain infections, and certain circumstances, will interfere with it causing problems. Trained helpers have access to a lot more info about the tool, and discussions on it's latest development. I've seen users only able to get BSOD after running it when they didn't identify the infection first.

Basically, you run it at your own risk, but it has a much higher risk of running it on your own without supervision, than normal freeware tools. There is a private forum full of information on CF, and all it's features. I can't stop anyone using it, it has enough warnings built in, but you can at worst end up with an unbootable system, more than likely the infection won't be completely removed properly, and you could end up with a ton of other errors.

I posted this, because I think this guide should have more of a warning about running such a powerful tool, where there is no public documentation. What really bugs me is when Computer Techs use CF on their customers PCs. If you destroy your customers computer, then you've got some problems.

  • 4 months later...
  • 2 weeks later...

Update on trojan scare by MSFT sciencetists:

No Reinstall Needed for Trojan Popureb

Microsoft wants to emphasize that in the case of the complex Trojan:Win32/Popureb.E bug, that a full

system wipe and reinstall is really "not necessary" as has been suggested by earlier media reports and

"play-it-totally-safe" IT security pundits -- some of whom provide background for this blog.

continued:

http://mcpmag.com/articles/2011/07/05/no-reinstall-needed-for-trojan-popureb.aspx

more:

Microsoft Clarifies Stance on 'Killer Trojan' Removal

http://www.infopackets.com/news/business/microsoft/2011/20110706_microsoft_clarifies_stance_on_killer_t
rojan_removal.htm

:blush:

  • 3 years later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.