Results 1 to 2 of 2

Thread: Malware Removal

  1. #1
    Senior Member alakhiyar's Avatar
    Join Date
    Dec 2006
    Location
    Land of Oryx
    Posts
    255

    Malware Removal

    I noticed that the Malware tutorial is severely out of date, so I thought I would make my own. You can add or counter as you deem fit.

    For some background, I've been doing malware removal since 1994. I used to have my own extensive collection of virii (ok, for the "outsiders" it's viruses. lol) and distributed them via dialup BBS. They were capable of wiping out BIOS', formatting harddrives, etc. As such I have a fairly indepth knowledge of what these things are capable of. I have been doing spyware removal since it was first introduced. 90% of my current business is residential clients that are infected with up to 12,000 instances of malware.

    With that said.

    The tools needed to fight these threats are ever changing. As the creators become more devious, they render older tools obsolete. It is a highly competitive market. Whereas Norton used to hold the crown for virus removal, they are now for the larger part ineffective against today's threats. Etc.

    There is a simple procedure to remove threats. Following the following steps precisely will greatly improve your chances of success and will dramatically decrease the amount of effort you expend.

    1) In normal mode download Prevx1.

    http://www.prevx.com/

    Install it. Use the online updater to install the latest signature files.

    In normal mode run a FULL system scan.

    Remove any threats that it finds.

    2) Download and install Ewido.

    http://www.ewido.net/

    Install it. Use the online updater to install the latest definitions.

    Reboot into Safe Mode with Networking

    Run a FULL system scan.

    Remove any threats that it finds.

    3) While in Safe Mode with Networking, download SmitFraudFix.

    http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    Execute the tool.

    4) While in Safe Mode with Networking download Autoruns.

    http://www.microsoft.com/technet/sys.../Autoruns.mspx

    Run it

    Click on Options.

    Select Include Empty Locations

    Select Verify Code Signatures

    Select Hide Microsoft Entries

    Click through the tabs and select the things that shouldn't be there. To verify that they shouldn't be there, enter the name of the file into Google and check the descriptions on various security sites such as Liutilities and BleepingComputer.

    When in doubt, do NOT delete it, rather post the item here for scrutiny.

    5) While in Safe Mode with Networking, do an online virusscan.

    http://www.pandasoftware.com/products/activescan

    Ensure that all threats have been removed.

    6) Finally, should problems still remain, download HijackThis

    http://www.spywareinfo.com/~merijn/programs.php

    Do a scan and save the log.

    Post the log here for analysis.



    Following these steps will provide a thorough cleaning of your machine. The HJT log will point out any remaining threats that can be assessed and cleaned on a case by case basis.

    To protect yourself against further infections, ensure that you have Avast! which monitors your computer on numerous fronts, including webpages, Prevx1 which includes real time monitoring, and Spybot S&D Teatimer which will protect your Registry from unauthorized modifications.

    Good luck and happy computing.
    (\__/)
    (='.'=)
    (")_(")

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    A few additions:

    1. Scan with Spybot S & D in safe mode.
    2. Get A-Squared and run it. This is a good one for diallers and key loggers.
    3. Try Panda Software's online scan as well............a second opinion is frequently useful

    Prevention is better than a cure!

    1. Try using a " virtual sandbox" such as Fortres or SandboxIE
    2. Go to the DiamondCS website and get "RegistryProt" A lot of malware still tries to alter the Registry..........this will warn you when that happens.
    3. Make sure that you have a firewall and understand its configuration.
    4. Keep your operating system up to date.

    For HijackThis! go to http://www.hijackthis.de/ and submit your log for analysis. This will save you a lot of research, as it will identify most of your "good" and "bad" stuff, leaving you with only the unknown and questionable entries.

    //off topic

    The correct word is "viruses"..................there is no Latin plural //

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •