Separate names with a comma.
Discussion in 'Networking & Security' started by Captain Colonoscopy, Jun 12, 2009.
Good stuff there. Thanks for the link.
Thanks for this thread about malware removal. I downloaded the sysinternals pdf and checked out some of the other great resource links. I have seen these fake AV programs more frequently since late last year. Sometimes they do damage to Windows that requires a clean install to fix. Other times they can be removed with a quick scan using mbam. One tip that I learned is to use the cmd prompt to install and run your av app. These new fake av's are disabling the .exe in windows, and even safe mode at times. However if you have mbam on a usb drive, then you can open cmd and browse to the .exe file to install and run it in normal mode. Also, I have seen if you delete the infected file it can disable certain critical windows functions. Hope that helps someone dealing with these Fake AV's.
Got a system yesterday with a bootkit/rootkit infection. Never had to deal with one of these so it should be interesting.
thank you so much,
this solve my problem, cause everytime i open the "my documents" folder
the folder hangs up and when i check in task manager,saw there that
the "my doc" folder is not responding
i always get that error, i'll consider i'm lucky when i can access that folder
without any problem.
and i don't want to take the option of reformatting my laptop, too lazy about it XD
good thing there is a very nice tutorial here.
Been using Malwarebytes as part of my virus removal routine on infected drives for a couple of years now.
Essentially infected drive is removed from PC slotted into a SATA caddy and scanned on my scanner PC with at least 4 products.
Am I the only one to notice that Malwarebytes rarely if ever finds anything now? I can have MSSE etc. pinging up red left right and center but Malwarebytes just finds zip. Not even bad cookies. This isn't a bad install as I rebuild the scanner often and always install the latest version. This has been happening over the past 3-4 months or so.
Just doesn't appear to be effective at all anymore. May soon get dropped from my regime.
Very helpful information. Thanks
Another good removal app i just found is comodo cleaning essentials. it works alot like nortons power eraser.
I also used black vipers Registry default files. Ran into so many times with the infection mess it up and cant do anything properly
7 Sp1: http://www.blackviper.com/2010/12/16/windows-7-service-pack-1-services-registry-files-2/
Vista SP2: http://www.blackviper.com/2009/12/07/windows-vista-sp2-services-registry-files/
XP Pro SP3: http://www.blackviper.com/2008/06/16/windows-xp-service-pack-3-services-registry-files/
information is very helpful for everyone.
After getting a job on the security side of the industry, I would also urge people to harden their systems. Basic things like not using an account with admin privileges, changing default system ID's and using complex passwords, disabling unused services, uninstalling unused apps, running a firewall, enabling UAC, keeping OS and third party apps up to date, as well as running an up to date AV software package. I've been slowly hardening my systems and I have to say I'm shocked over how I used to run my system.
How current are the tools listed in the OP? I'm about to rebuild my system and need to do a deep scan of the date I'm going to keep and don't want anything I may have missed to reinfect my fresh build.
Most of the tools are still current, links might have expired though. I still use MBAM, SAS and ComboFix to clean up infected PCs. Security Essentials for free AV software. One of these days, if I ever find some spare time, I might just revise/update that post...
A couple of other items for keeping a PC locked down are:
Secunia PSI: http://secunia.com/vulnerability_scanning/personal/
Qualys Browerscheck: https://browsercheck.qualys.com/
Both help to find vulnerabilities and make sure software and drivers are up to date. Of course, for something with more information, there's always:
Belarc Advisor: http://www.belarc.com/free_download.html
I use HijackThis frequently for browser hijacks and it is an awesome tool. You are right though, it can be more of a problem if you don't take the time and learn how to properly use it.
Wow, great advice in this thread. I wrote an article that is WordPress orientated that might help people harden their blog security and avoid any malicious hacking attempts.
You can read my article here is you think it will help you:
Anything I can help with WP wise then let me know.
Dont forget EMET 4.1!
has anyone tried these
after malware bytes I used http://www.7tutorials.com/test-comparison-what-best-free-online-antivirus-scanner
eset or and fsecure
these guys are security super concious
Pretty decent list. My usual routine at work is:
1. Run Kaspersky Rescue CD
2. Run Avira Rescue CD
3. Run Comodo Rescue CD
4. Go into safe mode
5. Run Rkill
6. Run CCleaner
7. Run Malwarebytes
8. Run JRT
9. Run ComboFix
10. Run ADW
11. Go into Normal Mode
12. Run whatever the customer has on full scan (or put something on there if they have nothing or crap)
Essential to stop the encryption viruses. Even the free version can help stop or slow it down.
I now recommend it a lot. Not expensive either. Seen a few small firms lose all their data and they weren't running it.
And there is a free version also. Thanks for this tip.
Malwarebytes Anti-Exploit is a best solution for malware problem.
It's just a different version of EMET.
About time MS put EMET into Windows 10 as standard.
Guys thanks for all this info and the start of this thread. I was looking all over for help and found this here while cruising around. I generally just buy on the for sale thread but this community has a ton to offer.
very interesting list.
Best ever guides, I see on internet. Personally i use KasperSky
Has helped me disinfect many a PC's
Does this how-to guide need an update?
I am currently running Malwarebytes on all my PCs. Is it necessary to add Spybot Search and Destroy?
Any of these work for removing ransomware? My dad's work has been effected with a time limit and a 2 BTC demand to unlock the files. This is their server that is effected so EVERYTHING is locked down. The owner is looking at paying the BTC.
Bleeping Computers is a well respected site for the fight for our clean computers. Click on the anti- ransomeware tab and see what you can do. https://www.bleepingcomputer.com/download/windows/