Guide to detecting and removing malware Options

[mudg3]

Just came across something eerily familiar.
all that is wrong with the world

Is it your site?
or
Or was this just a quick copy and paste?

look at the dates buddy. And considering this was copied from a V2 thread from 2008 its sure to be a copy and paste.


haha! I think hat is actually thesecret OP of this thread.

This post has been edited by mudg3: Nov 23 2010, 08:58 PM

[Harvey]

Just came across something eerily familiar.
all that is wrong with the world

Is it your site?
or
Or was this just a quick copy and paste?

look at the dates buddy. And considering this was copied from a V2 thread from 2008 its sure to be a copy and paste.


haha! I think hat is actually thesecret OP of this thread.

I did look at the dates buddy and that is why I asked.
I was wondering if it was not the OP's site or had someone just copied someone elses work without any recognition.
Did not mean to imply the copying was on the OP's part (my usual poor wording).

[Nasty-Pastie]

This thread is rather old and very outdated, good idea to maybe make a new one that is current and a lot more effective. Half the tools and advice actually have a detrimental effect rather then positive.

[tantryl]

Well, my currrent run at these sort of things generally goes something like this:

Download CCleaner Slim, MBAM & Updates, Super Anti-Spyware Portable, Dr Web Cure It, rkill.com, hostsperm and the appropriate replacement hosts file (WinXP, WinVista, Win7).

If you can't download them on the PC that's infected, download them on another PC and throw them on a USB drive or CD. For the MBAM updates you can install MBAM on that other PC then copy the rules.ref file from:
WinVista/7: C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
WinXP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

1. Boot the PC in to Safe Mode (no networking) and log in to an Administrator account.
2. Run rkill.com.
3. Install CCleaner and run a clean. If you've got more than one account on the computer this might be a waste of time as it only removes the internet temp files for the account it's run on and the sole purpose of running this clean is to reduce the scan times of the following programs.
4. Install MBAM, update (using the rules.ref you should have), and run and let it remove things. If it wants you to restart at the end, don't bother for now.
5. Run Super Anti Spyware Portable.
6. Run Dr Cure It.
7. Run hostsperm.bat.
8. Replace the systems hosts file with the one you downloaded. (location is C:\Windows\system32\drivers\etc on XP/Vista/7).
9. Restart into normal mode.

That'll take care of most things. If it doesn't, then you should follow the guide here and ask for help there, 'cause this forum isn't good for posting big logs. You do need an account on that website to view that guide. If you can't be bothered waiting, you can also try ComboFix if you're willing to take on the risk it does more harm than good.

Frankly, if you need this guide to try and remove malware and the above steps don't work your best bet is to wait 2-3 days, get the updated versions of the programs/defs and try again. The extra stuff is a matter of experience and waiting for responses on forums, so just waiting for MBAM or the like to get onto it is probably the way to go :P

It's also worthwhile running through Secunia PSI to plug up security holes.

This post has been edited by tantryl: Dec 4 2010, 10:34 AM

[mudg3]

This thread is rather old and very outdated, good idea to maybe make a new one that is current and a lot more effective. Half the tools and advice actually have a detrimental effect rather then positive.

Go for it then.

[tantryl]

Huh, with MBAM 1.50 that little tip about updates doesn't work any more. That's annoying.

*EDIT* Hmm, Now I'm not so sure of that. Seems to still work on Win 7, but it wasn't working on Win XP earlier today. I'll look into it more.

*EDIT2* I must have been looking at the wrong folder or something this morning. Seems fine on my test XP system too. Ignore this post!

This post has been edited by tantryl: Dec 6 2010, 03:37 PM

[mudjimba]

As far as I'm aware, Avast has the boot-time scanner and not Avira.
Also Spybot has a bootable-CD that gives a fresh "windows7 like" install with the spybot tools, quite handy. Not free on their website though.