Malware removal

auntjemima

[H]ard DCOTM x2
Joined
Mar 1, 2014
Messages
12,124
What is the current go-to software for removal of spyware? I have read discussions throughout the years that started with AdAware and then soybot and then running specific AV ones.. I just have a random issue with redirecting in IE after streaming the Packers game last night and want to do a scan.
 
d/l, install and run: adaware, spybot, hijackthis, ccleaner and run an AV scan. also check your HOSTS file, make sure there are no redirects in it. then you should be good to go.
 
5 different spyware scanners? There isn't one that's decent on its own?
 
you could use the free 30 day trial of Kaspersky first see what it pulls out then go from there :)
 
I wrote a document for this to give to the Help Desk personnel: Thoroughly Disinfecting a Computer.pdf

If the computer has a Windows 7 COA license sticker or a Windows 8 sticker on it and you are interested in reinstalling from ground zero (including not using the OEM recovery/repair mode at boot), you can find the ISOs here:

Microsoft Windows 8 Multi-Version (SHA1 1ce53ad5f60419cf04a715cf3233f247e48beec4)
Microsoft Windows 7 Ultimate x64 (SHA1 1693b6cb50b90d96fc3c04e4329604feba88cd51)

These ISOs are untampered and pure acquired through Microsoft's website. Don't believe me? Then that's precisely why you should generate a SHA1 checksum of these ISOs after you download them to verify that they are the checksums I provided AND to Google the checksum to validate that it really is what I am saying it is (genuine Microsoft and untampered ISO).

Even if you aren't licensed for the Ultimate edition this is still the correct ISO. If doing Windows 7, burn it to a USB drive and delete the /sources/ei.cfg file. Then when you boot from the USB flash drive and the setup asks which edition of Windows 7 to install, select the edition that matches your COA license sticker.

Windows 8 won't ask for a license because it checks the BIOS to acquire the SLIC license and uses that. It knows whether to install non-Pro vs Pro automatically, so you don't have to worry about that either.
 
Last edited:
5 different spyware scanners? There isn't one that's decent on its own?

to be thorough, yes. you could prob get by with just spybot or adaware but I've noticed over many years of cleaning this crap that one program does not catch everything. this combo has been my go-to for years! fix it don't, reload it.
 
5 different spyware scanners? There isn't one that's decent on its own?

Quite honestly? NO.

And that shouldn't be used to cast aspersions at these products.

Remember, these bits and bobs of malware are DESIGNED to try and work around these products. So you have a better chance of catching everything if you use multiple products.

As such, it's like going to a doctor and getting a diagnosis for something like cancer. You almost always want a second opinion. Just in case.
 
I understand, I assure you. I was just hoping to take care of it quickly.

Oh well. Malware Bytes founds 2 things but didn't sort my issue out. CCleaner didn't either. I'll try a couple others.

Finding decent football streams every Sunday is getting annoying lol
 
I wrote a document for this to give to the Help Desk personnel: Thoroughly Disinfecting a Computer.pdf

If the computer has a Windows 7 COA license sticker or a Windows 8 sticker on it and you are interested in reinstalling from ground zero (including not using the OEM recovery/repair mode at boot), you can find the ISOs here:

Microsoft Windows 8 Multi-Version (SHA1 1ce53ad5f60419cf04a715cf3233f247e48beec4)
Microsoft Windows 7 Ultimate x64 (SHA1 1693b6cb50b90d96fc3c04e4329604feba88cd51)

These ISOs are untampered and pure acquired through Microsoft's website. Don't believe me? Then that's precisely why you should generate a SHA1 checksum of these ISOs after you download them to verify that they are the checksums I provided AND to Google the checksum to validate that it really is what I am saying it is (genuine Microsoft and untampered ISO).

Even if you aren't licensed for the Ultimate edition this is still the correct ISO. If doing Windows 7, burn it to a USB drive and delete the /sources/ei.cfg file. Then when you boot from the USB flash drive and the setup asks which edition of Windows 7 to install, select the edition that matches your COA license sticker.

Windows 8 won't ask for a license because it checks the BIOS to acquire the SLIC license and uses that. It knows whether to install non-Pro vs Pro automatically, so you don't have to worry about that either.

Well said. That's my preferred method, reformat & reinstall fresh :)

OP, thoroughly removing malware infections is a dirty business, since there really aren't any ways to guarantee 100% removal. I shuddered when I learned about boot sector viruses.

The best defense malware is prevention.
 
I haven't had any issues in almost a decade. I don't visit sketchy sites and I certainly don't click links or install software. Since dropping our TV I have had to stream games from ad filled sites. After scanning it only found a few things.. So I figure my previous avoidance has been working. Unfortunately stream sites are the devil.. but its an evil that I must endure.

Luckily this is just a spare laptop, not my main system. So it really isn't a huge issue if I need to reinstall.
 
check you HOSTS file. it may still have redirects in it. go to C:\Windows\System32\drivers\etc find "hosts", right click and open with notepad. it should look like this:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost


anything else added to it that does not have a # before it is a redirect.
 
5 different spyware scanners? There isn't one that's decent on its own?
No. Cleaners usually target certain types of spyware.

When cleaning a PC I will usually start with MalwareBytes then SUPERAntiSpyware to get what MB missed (and it does miss).

After that I will use AdwCleaner to get rid of browser add-ons and toolbars that are missed by MB and SAS. Once that's done I'll run HiJackThis to verify and clean any leftover browser add-ons.

That's pretty much the minimal I've found you can get away with to clean 97% of items. When you need to start using programs like ComboFix and others that really dig into the OS I just prefer doing a reinstall.
 
the suite of things I use:
free items: Some are at bleepingcomputer.com
adwcleaner (bleeping computer)
combofix (bleeping computer)
junkware removal tool (bleeping computer)
RKill (bleeping computer)
kaspersky's virus removal tool
kaspersky's rescue disk
kaspersky's tdsskiller
Bitdefender's rescue disk
Emsisoft Emergency Kit
Malwarebytes
Bitdefender Anti-Ransomeware (not a cleaner, installs and runs, prevents .exe files running from %name% directories, and other blocks to prevent ransom ware...)
HijackThis
HitmanPro ( sadly, a one use item, pay if you use it more than once... But, it does have an usb boot version.)

I use the rescue disks (usually have to burn to a cd) so it can scan/remove without the OS being active, as some infections will remain alive if your are booted into Windows.

Really, I am a bit hyper about stuff, as I have to have HIPAA compliance, and can show I do over and above the requirements...
Have a pay to play A/V and then be randomly using a few things to check, and you should be fine.

Yeah, yeah, running joke," I just installed linux instead." Keep an eye on that, too, as a "proof of concept" just showed ransom ware is very possible, and easy to do, on Linux, too.
 
Last edited:
Back
Top