How-to Guide for Virus/Trojan/Malware Removal

Discussion in 'Networking & Security' started by Captain Colonoscopy, Jun 12, 2009.

  1. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,861
    Joined:
    Feb 19, 2004
    Good stuff there. Thanks for the link.
     
  2. quicktech12

    quicktech12 n00b

    Messages:
    12
    Joined:
    Dec 18, 2009
    Thanks for this thread about malware removal. I downloaded the sysinternals pdf and checked out some of the other great resource links. I have seen these fake AV programs more frequently since late last year. Sometimes they do damage to Windows that requires a clean install to fix. Other times they can be removed with a quick scan using mbam. One tip that I learned is to use the cmd prompt to install and run your av app. These new fake av's are disabling the .exe in windows, and even safe mode at times. However if you have mbam on a usb drive, then you can open cmd and browse to the .exe file to install and run it in normal mode. Also, I have seen if you delete the infected file it can disable certain critical windows functions. Hope that helps someone dealing with these Fake AV's.
     
  3. Sp33dFr33k

    Sp33dFr33k 2[H]4U

    Messages:
    2,481
    Joined:
    Apr 20, 2002
    Got a system yesterday with a bootkit/rootkit infection. Never had to deal with one of these so it should be interesting.
     
  4. yomabingo_maria

    yomabingo_maria n00b

    Messages:
    1
    Joined:
    Feb 8, 2012
    thank you so much,

    this solve my problem, cause everytime i open the "my documents" folder
    the folder hangs up and when i check in task manager,saw there that
    the "my doc" folder is not responding

    i always get that error, i'll consider i'm lucky when i can access that folder
    without any problem.

    and i don't want to take the option of reformatting my laptop, too lazy about it XD

    good thing there is a very nice tutorial here.

    thanks again!!!
     
  5. daglesj

    daglesj [H]ardness Supreme

    Messages:
    5,027
    Joined:
    May 7, 2005
    Been using Malwarebytes as part of my virus removal routine on infected drives for a couple of years now.

    Essentially infected drive is removed from PC slotted into a SATA caddy and scanned on my scanner PC with at least 4 products.

    Am I the only one to notice that Malwarebytes rarely if ever finds anything now? I can have MSSE etc. pinging up red left right and center but Malwarebytes just finds zip. Not even bad cookies. This isn't a bad install as I rebuild the scanner often and always install the latest version. This has been happening over the past 3-4 months or so.

    Just doesn't appear to be effective at all anymore. May soon get dropped from my regime.
     
  6. CubanBlood

    CubanBlood [H]Lite

    Messages:
    101
    Joined:
    Jun 4, 2010
    Very helpful information. Thanks
     
  7. R3ckless

    R3ckless [H]Lite

    Messages:
    75
    Joined:
    Jul 19, 2010
    Another good removal app i just found is comodo cleaning essentials. it works alot like nortons power eraser.
     
  8. yujie

    yujie [H]ard|Gawd

    Messages:
    1,105
    Joined:
    Apr 15, 2002
  9. nghiasimon007

    nghiasimon007 n00b

    Messages:
    6
    Joined:
    Nov 9, 2012
    information is very helpful for everyone.
     
  10. janey6152

    janey6152 n00b

    Messages:
    35
    Joined:
    Dec 1, 2012
  11. wtburnette

    wtburnette 2[H]4U

    Messages:
    3,581
    Joined:
    Jun 24, 2004
    After getting a job on the security side of the industry, I would also urge people to harden their systems. Basic things like not using an account with admin privileges, changing default system ID's and using complex passwords, disabling unused services, uninstalling unused apps, running a firewall, enabling UAC, keeping OS and third party apps up to date, as well as running an up to date AV software package. I've been slowly hardening my systems and I have to say I'm shocked over how I used to run my system.
     
  12. BobSutan

    BobSutan [H]ardForum Junkie

    Messages:
    9,189
    Joined:
    Apr 5, 2000
    How current are the tools listed in the OP? I'm about to rebuild my system and need to do a deep scan of the date I'm going to keep and don't want anything I may have missed to reinfect my fresh build.
     
  13. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,861
    Joined:
    Feb 19, 2004
    Most of the tools are still current, links might have expired though. I still use MBAM, SAS and ComboFix to clean up infected PCs. Security Essentials for free AV software. One of these days, if I ever find some spare time, I might just revise/update that post...
     
  14. wtburnette

    wtburnette 2[H]4U

    Messages:
    3,581
    Joined:
    Jun 24, 2004
  15. Life.exe

    Life.exe n00b

    Messages:
    13
    Joined:
    Nov 13, 2012
    I use HijackThis frequently for browser hijacks and it is an awesome tool. You are right though, it can be more of a problem if you don't take the time and learn how to properly use it.:(
     
  16. StuartDavidson

    StuartDavidson n00b

    Messages:
    2
    Joined:
    Nov 16, 2013
    Wow, great advice in this thread. I wrote an article that is WordPress orientated that might help people harden their blog security and avoid any malicious hacking attempts.

    You can read my article here is you think it will help you:

    http://stuartjdavidson.com/wordpress-security/

    Anything I can help with WP wise then let me know.
     
  17. daglesj

    daglesj [H]ardness Supreme

    Messages:
    5,027
    Joined:
    May 7, 2005
    Dont forget EMET 4.1!
     
  18. automaton

    automaton Limp Gawd

    Messages:
    165
    Joined:
    Feb 5, 2003
  19. automaton

    automaton Limp Gawd

    Messages:
    165
    Joined:
    Feb 5, 2003
  20. Simmonz

    Simmonz 2[H]4U

    Messages:
    2,506
    Joined:
    May 14, 2008
    Pretty decent list. My usual routine at work is:

    1. Run Kaspersky Rescue CD
    2. Run Avira Rescue CD
    3. Run Comodo Rescue CD
    4. Go into safe mode
    5. Run Rkill
    6. Run CCleaner
    7. Run Malwarebytes
    8. Run JRT
    9. Run ComboFix
    10. Run ADW
    11. Go into Normal Mode
    12. Run whatever the customer has on full scan (or put something on there if they have nothing or crap)
     
  21. daglesj

    daglesj [H]ardness Supreme

    Messages:
    5,027
    Joined:
    May 7, 2005
    Cryptoprevent https://www.foolishit.com/

    Essential to stop the encryption viruses. Even the free version can help stop or slow it down.

    I now recommend it a lot. Not expensive either. Seen a few small firms lose all their data and they weren't running it.
     
  22. x509

    x509 [H]ard|Gawd

    Messages:
    1,687
    Joined:
    Sep 20, 2009
    And there is a free version also. Thanks for this tip.
     
  23. jefferysummers

    jefferysummers n00b

    Messages:
    35
    Joined:
    Apr 29, 2015
    Malwarebytes Anti-Exploit is a best solution for malware problem.
     
  24. daglesj

    daglesj [H]ardness Supreme

    Messages:
    5,027
    Joined:
    May 7, 2005
    It's just a different version of EMET.

    About time MS put EMET into Windows 10 as standard.
     
  25. oneforspeed

    oneforspeed [H]Lite

    Messages:
    102
    Joined:
    Jan 6, 2012
    Guys thanks for all this info and the start of this thread. I was looking all over for help and found this here while cruising around. I generally just buy on the for sale thread but this community has a ton to offer.

    Killer!
     
  26. Zahid Iqbal

    Zahid Iqbal [H]Lite

    Messages:
    64
    Joined:
    Oct 31, 2015
    very interesting list.
     
  27. Zahid Iqbal

    Zahid Iqbal [H]Lite

    Messages:
    64
    Joined:
    Oct 31, 2015
    Best ever guides, I see on internet. Personally i use KasperSky
     
  28. SKiZZ

    SKiZZ Gawd

    Messages:
    514
    Joined:
    Mar 9, 2000
  29. leSLIe

    leSLIe Fisting is Too Mainstream for Me

    Messages:
    13,987
    Joined:
    Oct 18, 2004
    Does this how-to guide need an update?
     
  30. jshaw42

    jshaw42 Gawd

    Messages:
    526
    Joined:
    Apr 18, 2016
    I am currently running Malwarebytes on all my PCs. Is it necessary to add Spybot Search and Destroy?
     
  31. scgt1

    scgt1 [H]ardness Supreme

    Messages:
    5,095
    Joined:
    Jun 4, 2007
    Any of these work for removing ransomware? My dad's work has been effected with a time limit and a 2 BTC demand to unlock the files. This is their server that is effected so EVERYTHING is locked down. The owner is looking at paying the BTC.
     
  32. JHefile

    JHefile Necrophilia Makes Me [H]ard

    Messages:
    1,180
    Joined:
    Jun 22, 2003
    Bleeping Computers is a well respected site for the fight for our clean computers. Click on the anti- ransomeware tab and see what you can do. https://www.bleepingcomputer.com/download/windows/
    upload_2016-12-19_22-23-15.png