Jump to content

23 posts in this topic

Posted

I got out of the computer game years ago to go do other things. I have not kept up on the most effective methods of removing malware.

 

Back in the day it was best to remove the hdd and toss it in a clean system and do a virus scan on it. After that we would put it back in the original pc, boot into safe mode and run another scan from that machine.

 

1. Is that still the best way to go about things?

 

2. What are the best tools to use these days to remove rootkits, virus, malware, etc?

 

3. What tools are a waste of time?

 

Thanks :)

 

 

Share this post


Link to post
Share on other sites

Posted

Kaspersky tssd killer
Malwarebytes
Any reputable internet security suite come to mind

I wont recommend any brands as someone will sooner or later pipe up to say my choices are junk

Share this post


Link to post
Share on other sites

Posted

I would agree that scanning it in another system with some bootable rescue CD (that can update itself) is the safest course.

If there was a definite proof of malware, I would not agree on running it after the cleaning, regardless of results. I'd take important files and settings only and then go for a clean slate.

Share this post


Link to post
Share on other sites

Posted

combofix & malwarebytes

Share this post


Link to post
Share on other sites

Posted

Malwarebyes is the best  removal software! I have used it for many years to scan and get rid of things from Trojan horses to adware. :)

1 person likes this

Share this post


Link to post
Share on other sites

Posted

Hello,

 

The most effective way of removing malware is to erase the drive and then reload the operating system and applications from their original media and your data from your backups.

 

The second most effective operation is to contact your anti-malware developers technical support department and have them walk you through removing the malware, or remotely connect to your computer and remove it.  They are going to be the experts on what that particular family of malware is doing right now to users' systems, and know the exact steps needed to remove it as well as any changes it might have made to the system.

 

Regards,

 

Aryeh Goretsky

7 people like this

Share this post


Link to post
Share on other sites

Posted

^ agreed!!!

"The most effective way of removing malware is to erase the drive and then reload the operating system and applications from their original media and your data from your backups."

I say NUKE it from Orbit it is the ONLY way to be sure ;) This is quite often less time consuming, and really the only way to be 100% sure your clean.

Now I rarely do this for users machines - I will normally just clean them off best I can, where I am 90% sure its gone.. But if it was my machine. Lets pretend I let some retarded people use it for some reason, how else would it get infected? ;) heheheeheh I would most likely wipe it, so that I was 100% sure..
2 people like this

Share this post


Link to post
Share on other sites

Posted

Depends on the malware, but usually System Restore will take care of most of it the best. Some malware affects system restore files, but 95% of the time it is the easiest and best way to get rid of it. Just make sure you pick a date before your system was infected.

Share this post


Link to post
Share on other sites

Posted

Personally, best way is to not get infected in the first place.  Safe browsing habits, make use of sandboxes, keep your software up to date so any app/OS vulnerabilities are patched, stop running everything as admin/root, etc etc.  Probably 99% of the time it's the user's fault it happened in the first place.. it doesn't appear out of thin air.   Proactive versus reactive. When all else fails.. yea I'd go for the "nuke it from orbit" method too, make use of that handy backup that you should be making regularly.

Share this post


Link to post
Share on other sites

Posted

Hello,

boot-and-nuke.jpg

If that fails, contact Budman ASAP.
2 people like this

Share this post


Link to post
Share on other sites

Posted

Format the Hard drive and re-install OS is the cleanest way, but overkill in most cases.

 

Just get an Internet Security suite and clean it, cleans most malware and if it infected OS files you may need to put your OS disc in and do a system repair.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

Appreciate the advice guys, thanks.

Share this post


Link to post
Share on other sites

Posted

"Just get an Internet Security suite and clean it, cleans most malware"

Well how and the F did they get infected in the first place then? What about those it doesn't? There is no such thing as software that can detect let alone clean all forms of malware/virus/trojans/payware/ransomware/etc

This badware lets call it changes by the minute to be honest, there is always a new variants, a new zero day a new nasty pos software that will show what its going to do in very small print that you agreed too, so many of the major player tools can not even touch those because the user agreed to install them.. Oh and there is a bug in their uninstall "that they are working on" where it might not uninstall on "rare" occasions..

Its rare to come across a box that is just infested with 1 thing, its more than likely a whole nest of crap!! Now you can run all the tools you know about, and it might look clean tool X found abc, tool Y found 123, tool Z shows clean.. Does that mean your clean or that XY and Z just don't detect what your infected with and you needed to run tool W as well.

If its your box - hey fine XYZ shows it clean.. But if my box.. NUKE IT, sorry its the ONLY way to be sure! Overkill I say not ;) Not when it comes to my computer.. Sorry.

Share this post


Link to post
Share on other sites

Posted

http://www.youtube.com/watch?v=aCbfMkh940Q

 

only effective way

Share this post


Link to post
Share on other sites

Posted

*Boot it from a Kaspersky rescue CD, full scan.

*Run Ccleaner, Empty restore points.

*Run full scan of TDSSkiller, Malwarebytes, and Superantispyware.

*Reboot, scan again, make sure nothing fishy set to startup.

*Scan with ESET online scanner.

*Fully update Windows and any other programs like Flash, Reader, etc.

*Remove Java and explain to person that its the devil.

*Install reputable AV and set Windows Update to auto.

*Make a system image.

 

Preferably I'd rather Just wipe/reload as I can't trust the machine anymore. Some people just make that too difficult an option because they're missing application discs for things I can't get.

Share this post


Link to post
Share on other sites

Posted

"Some people just make that too difficult an option because they're missing application discs for things I can't get"

Its too bad the virus broke that then isn't it ;)

Share this post


Link to post
Share on other sites

Posted

Ok, I can see all the obvious solutiosn have been posted, so howbout this one:

- Create a whitelist of addresses you actually need to visit (neowin.net), then if there is any missed malware, it ain't going NOWHERE!

Share this post


Link to post
Share on other sites

Posted

Ideally you make a full back up (I'd use acronis true image) before being infected.

Once your pc infected (if this happen), you restore the back up.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

Generally speaking

 

Run a utility that you boot off of that can scan the system without it being loaded.

Then hit it with multiple products, some are better than other's with specific types of infections.

Scan for Root Kits - Karpasky tddk

 

Don't forget to do the browser reset option in Internet Explorer, Firefox, and Chrome. 

And still check for any unusually add-ons installed in the browsers.

Double check the default home page / search engine.

 

The other root is complete nuke and reload everything. 

 

Tweaking.Com Windows Repair is a great utility to try and reset to windows defaults - hosts, networking components, windows update, and much more. http://www.tweaking.com/content/page/windows_repair_all_in_one.html

 

Just be very careful what options you choose, example reseting file permission's and removing hidden attribute from non-system files.

It shows up a lot of hidden by default folders, that are not system files. 

Share this post


Link to post
Share on other sites

Posted

"Some people just make that too difficult an option because they're missing application discs for things I can't get"

Its too bad the virus broke that then isn't it ;)

Tru dat brutha, tru dat :laugh: 

Share this post


Link to post
Share on other sites

Posted

Format the computer and reinstall the OS.

 

It's the most effective way of removing it - you didn't ask for the least destructive way. :P

1 person likes this

Share this post


Link to post
Share on other sites

Posted

you may want to use a VM next time chief, wink wink

Share this post


Link to post
Share on other sites

Posted

"- Create a whitelist of addresses you actually need to visit (neowin.net), then if there is any missed malware, it ain't going NOWHERE!"

What?? Lets say that worked - it didn't actually fix/clean anything.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.