Captain Colonoscopy
2[H]4U
- Joined
- Feb 19, 2004
- Messages
- 3,861
Good stuff there. Thanks for the link.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
How-to Guide for Virus/Trojan/Malware Removal
- Thread starter Captain Colonoscopy
- Start date
Good stuff there. Thanks for the link.
quicktech12
n00b
- Joined
- Dec 18, 2009
- Messages
- 12
Thanks for this thread about malware removal. I downloaded the sysinternals pdf and checked out some of the other great resource links. I have seen these fake AV programs more frequently since late last year. Sometimes they do damage to Windows that requires a clean install to fix. Other times they can be removed with a quick scan using mbam. One tip that I learned is to use the cmd prompt to install and run your av app. These new fake av's are disabling the .exe in windows, and even safe mode at times. However if you have mbam on a usb drive, then you can open cmd and browse to the .exe file to install and run it in normal mode. Also, I have seen if you delete the infected file it can disable certain critical windows functions. Hope that helps someone dealing with these Fake AV's.
Sp33dFr33k
2[H]4U
- Joined
- Apr 20, 2002
- Messages
- 2,481
Got a system yesterday with a bootkit/rootkit infection. Never had to deal with one of these so it should be interesting.
yomabingo_maria
n00b
- Joined
- Feb 8, 2012
- Messages
- 1
thank you so much,
this solve my problem, cause everytime i open the "my documents" folder
the folder hangs up and when i check in task manager,saw there that
the "my doc" folder is not responding
i always get that error, i'll consider i'm lucky when i can access that folder
without any problem.
and i don't want to take the option of reformatting my laptop, too lazy about it XD
good thing there is a very nice tutorial here.
thanks again!!!
this solve my problem, cause everytime i open the "my documents" folder
the folder hangs up and when i check in task manager,saw there that
the "my doc" folder is not responding
i always get that error, i'll consider i'm lucky when i can access that folder
without any problem.
and i don't want to take the option of reformatting my laptop, too lazy about it XD
good thing there is a very nice tutorial here.
thanks again!!!
Been using Malwarebytes as part of my virus removal routine on infected drives for a couple of years now.
Essentially infected drive is removed from PC slotted into a SATA caddy and scanned on my scanner PC with at least 4 products.
Am I the only one to notice that Malwarebytes rarely if ever finds anything now? I can have MSSE etc. pinging up red left right and center but Malwarebytes just finds zip. Not even bad cookies. This isn't a bad install as I rebuild the scanner often and always install the latest version. This has been happening over the past 3-4 months or so.
Just doesn't appear to be effective at all anymore. May soon get dropped from my regime.
Essentially infected drive is removed from PC slotted into a SATA caddy and scanned on my scanner PC with at least 4 products.
Am I the only one to notice that Malwarebytes rarely if ever finds anything now? I can have MSSE etc. pinging up red left right and center but Malwarebytes just finds zip. Not even bad cookies. This isn't a bad install as I rebuild the scanner often and always install the latest version. This has been happening over the past 3-4 months or so.
Just doesn't appear to be effective at all anymore. May soon get dropped from my regime.
CubanBlood
Weaksauce
- Joined
- Jun 4, 2010
- Messages
- 101
Very helpful information. Thanks
I also used black vipers Registry default files. Ran into so many times with the infection mess it up and cant do anything properly
7 Sp1: http://www.blackviper.com/2010/12/16/windows-7-service-pack-1-services-registry-files-2/
Vista SP2: http://www.blackviper.com/2009/12/07/windows-vista-sp2-services-registry-files/
XP Pro SP3: http://www.blackviper.com/2008/06/16/windows-xp-service-pack-3-services-registry-files/
7 Sp1: http://www.blackviper.com/2010/12/16/windows-7-service-pack-1-services-registry-files-2/
Vista SP2: http://www.blackviper.com/2009/12/07/windows-vista-sp2-services-registry-files/
XP Pro SP3: http://www.blackviper.com/2008/06/16/windows-xp-service-pack-3-services-registry-files/
nghiasimon007
n00b
- Joined
- Nov 9, 2012
- Messages
- 6
information is very helpful for everyone.
wtburnette
2[H]4U
- Joined
- Jun 24, 2004
- Messages
- 3,580
After getting a job on the security side of the industry, I would also urge people to harden their systems. Basic things like not using an account with admin privileges, changing default system ID's and using complex passwords, disabling unused services, uninstalling unused apps, running a firewall, enabling UAC, keeping OS and third party apps up to date, as well as running an up to date AV software package. I've been slowly hardening my systems and I have to say I'm shocked over how I used to run my system.
BobSutan
[H]F Junkie
- Joined
- Apr 5, 2000
- Messages
- 12,121
How current are the tools listed in the OP? I'm about to rebuild my system and need to do a deep scan of the date I'm going to keep and don't want anything I may have missed to reinfect my fresh build.
Captain Colonoscopy
2[H]4U
- Joined
- Feb 19, 2004
- Messages
- 3,861
Most of the tools are still current, links might have expired though. I still use MBAM, SAS and ComboFix to clean up infected PCs. Security Essentials for free AV software. One of these days, if I ever find some spare time, I might just revise/update that post...
wtburnette
2[H]4U
- Joined
- Jun 24, 2004
- Messages
- 3,580
A couple of other items for keeping a PC locked down are:
Secunia PSI: http://secunia.com/vulnerability_scanning/personal/
Qualys Browerscheck: https://browsercheck.qualys.com/
Both help to find vulnerabilities and make sure software and drivers are up to date. Of course, for something with more information, there's always:
Belarc Advisor: http://www.belarc.com/free_download.html
Secunia PSI: http://secunia.com/vulnerability_scanning/personal/
Qualys Browerscheck: https://browsercheck.qualys.com/
Both help to find vulnerabilities and make sure software and drivers are up to date. Of course, for something with more information, there's always:
Belarc Advisor: http://www.belarc.com/free_download.html
I use HijackThis frequently for browser hijacks and it is an awesome tool. You are right though, it can be more of a problem if you don't take the time and learn how to properly use it.
StuartDavidson
n00b
- Joined
- Nov 16, 2013
- Messages
- 2
Wow, great advice in this thread. I wrote an article that is WordPress orientated that might help people harden their blog security and avoid any malicious hacking attempts.
You can read my article here is you think it will help you:
http://stuartjdavidson.com/wordpress-security/
Anything I can help with WP wise then let me know.
You can read my article here is you think it will help you:
http://stuartjdavidson.com/wordpress-security/
Anything I can help with WP wise then let me know.
has anyone tried these
after malware bytes I used http://www.7tutorials.com/test-comparison-what-best-free-online-antivirus-scanner
eset or and fsecure
after malware bytes I used http://www.7tutorials.com/test-comparison-what-best-free-online-antivirus-scanner
eset or and fsecure
these guys are security super concious
http://www.wilderssecurity.com/
http://www.wilderssecurity.com/
Simmonz
2[H]4U
- Joined
- May 14, 2008
- Messages
- 2,506
Pretty decent list. My usual routine at work is:
1. Run Kaspersky Rescue CD
2. Run Avira Rescue CD
3. Run Comodo Rescue CD
4. Go into safe mode
5. Run Rkill
6. Run CCleaner
7. Run Malwarebytes
8. Run JRT
9. Run ComboFix
10. Run ADW
11. Go into Normal Mode
12. Run whatever the customer has on full scan (or put something on there if they have nothing or crap)
1. Run Kaspersky Rescue CD
2. Run Avira Rescue CD
3. Run Comodo Rescue CD
4. Go into safe mode
5. Run Rkill
6. Run CCleaner
7. Run Malwarebytes
8. Run JRT
9. Run ComboFix
10. Run ADW
11. Go into Normal Mode
12. Run whatever the customer has on full scan (or put something on there if they have nothing or crap)
Cryptoprevent https://www.foolishit.com/
Essential to stop the encryption viruses. Even the free version can help stop or slow it down.
I now recommend it a lot. Not expensive either. Seen a few small firms lose all their data and they weren't running it.
Essential to stop the encryption viruses. Even the free version can help stop or slow it down.
I now recommend it a lot. Not expensive either. Seen a few small firms lose all their data and they weren't running it.
And there is a free version also. Thanks for this tip.
jefferysummers
n00b
- Joined
- Apr 29, 2015
- Messages
- 35
Malwarebytes Anti-Exploit is a best solution for malware problem.
It's just a different version of EMET.
About time MS put EMET into Windows 10 as standard.
oneforspeed
Weaksauce
- Joined
- Jan 6, 2012
- Messages
- 122
Guys thanks for all this info and the start of this thread. I was looking all over for help and found this here while cruising around. I generally just buy on the for sale thread but this community has a ton to offer.
Killer!
Killer!
Zahid Iqbal
Weaksauce
- Joined
- Oct 31, 2015
- Messages
- 64
very interesting list.
Zahid Iqbal
Weaksauce
- Joined
- Oct 31, 2015
- Messages
- 64
Best ever guides, I see on internet. Personally i use KasperSky
leSLIe
Fisting is Too Mainstream for Me
- Joined
- Oct 18, 2004
- Messages
- 13,975
Does this how-to guide need an update?
Any of these work for removing ransomware? My dad's work has been effected with a time limit and a 2 BTC demand to unlock the files. This is their server that is effected so EVERYTHING is locked down. The owner is looking at paying the BTC.
JHefile
Necrophilia Makes Me [H]ard
- Joined
- Jun 22, 2003
- Messages
- 1,180
Bleeping Computers is a well respected site for the fight for our clean computers. Click on the anti- ransomeware tab and see what you can do. https://www.bleepingcomputer.com/download/windows/
