December 17th, 2006, 07:45 AM
I noticed that the Malware tutorial is severely out of date, so I thought I would make my own. You can add or counter as you deem fit.
For some background, I've been doing malware removal since 1994. I used to have my own extensive collection of virii (ok, for the "outsiders" it's viruses. lol) and distributed them via dialup BBS. They were capable of wiping out BIOS', formatting harddrives, etc. As such I have a fairly indepth knowledge of what these things are capable of. I have been doing spyware removal since it was first introduced. 90% of my current business is residential clients that are infected with up to 12,000 instances of malware.
With that said.
The tools needed to fight these threats are ever changing. As the creators become more devious, they render older tools obsolete. It is a highly competitive market. Whereas Norton used to hold the crown for virus removal, they are now for the larger part ineffective against today's threats. Etc.
There is a simple procedure to remove threats. Following the following steps precisely will greatly improve your chances of success and will dramatically decrease the amount of effort you expend.
1) In normal mode download Prevx1.
Install it. Use the online updater to install the latest signature files.
In normal mode run a FULL system scan.
Remove any threats that it finds.
2) Download and install Ewido.
Install it. Use the online updater to install the latest definitions.
Reboot into Safe Mode with Networking
Run a FULL system scan.
Remove any threats that it finds.
3) While in Safe Mode with Networking, download SmitFraudFix.
Execute the tool.
4) While in Safe Mode with Networking download Autoruns.
Click on Options.
Select Include Empty Locations
Select Verify Code Signatures
Select Hide Microsoft Entries
Click through the tabs and select the things that shouldn't be there. To verify that they shouldn't be there, enter the name of the file into Google and check the descriptions on various security sites such as Liutilities and BleepingComputer.
When in doubt, do NOT delete it, rather post the item here for scrutiny.
5) While in Safe Mode with Networking, do an online virusscan.
Ensure that all threats have been removed.
6) Finally, should problems still remain, download HijackThis
Do a scan and save the log.
Post the log here for analysis.
Following these steps will provide a thorough cleaning of your machine. The HJT log will point out any remaining threats that can be assessed and cleaned on a case by case basis.
To protect yourself against further infections, ensure that you have Avast! which monitors your computer on numerous fronts, including webpages, Prevx1 which includes real time monitoring, and Spybot S&D Teatimer which will protect your Registry from unauthorized modifications.
Good luck and happy computing.
December 17th, 2006, 11:31 AM
A few additions:
1. Scan with Spybot S & D in safe mode.
2. Get A-Squared and run it. This is a good one for diallers and key loggers.
3. Try Panda Software's online scan as well............a second opinion is frequently useful
Prevention is better than a cure!
1. Try using a " virtual sandbox" such as Fortres or SandboxIE
2. Go to the DiamondCS website and get "RegistryProt" A lot of malware still tries to alter the Registry..........this will warn you when that happens.
3. Make sure that you have a firewall and understand its configuration.
4. Keep your operating system up to date.
For HijackThis! go to http://www.hijackthis.de/ and submit your log for analysis. This will save you a lot of research, as it will identify most of your "good" and "bad" stuff, leaving you with only the unknown and questionable entries.
The correct word is "viruses"..................there is no Latin plural //
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?