Hi,

Just a question, not a pro or against discussion of product X versus Y

My Experience when helping friends

I always use Dr Web, Avast, A2 and SAS when de-infecting a computer, those turned out to be the most effective malware removers

I am not talking about detection rates, but talking about correction rate

I am not saying other products do not work, just posing the question which helps when really confronted with an infected computer and NOT wanting to reformat the hard disk, because there is to much emotional data on it (like pics and movies of the family)

Please post real experiences not opinions, tips really appreciated

Cheers Kees

malwarebytes antimalware is great. it does a good job.my opinion is just you should use it..

i always use superantispyware it is a killer:thumb:

-{ Quote: "malwarebytes antimalware is great. it does a good job.my opinion is just you should use it.." }-

Well MBAM sometimes impressed and sometimes disappointed. When dealing with real new samples I am inclined to throw MBAM in also (on these moments it surprised), for general clean up I am doubting. Can you support your endorsement with real samples (e.g. helped friends or saved your own butt)

ive always had sucess with superantispyware. dealing with even the most tough malware.

IMO nothing beats HijackThis & Autoruns run under safe mode, followed with manual removal of nasties & their traces!
Afterward run on-demand scan from personal favorite(s)..
Oh yes, add something like RootkitRevealer to the crew if the PC was owned big time:)

The easiest way to clean up any infections perfectly is to delete the contents of the sandbox. ;)

I just worked on a PC that was totally and completely infected with spyware/malware, particularly Vundo. I also didn't want to reformat due to losing unrecoverable data/information.
I used a program called ComboFix, which removed almost all instances of infection. I would recommend using that program first and then doing a full, complete drive/system scan with both Malwarebytes and SUPERAntiSpyware.

-{ Quote: "
ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program.
" }-

-{ Quote: "The easiest way to clean up any infections perfectly is to delete the contents of the sandbox. ;)" }-and for sure delete all junk from pc leaving it clean;)

-{ Quote: "I just worked on a PC that was totally and completely infected with spyware/malware, particularly Vundo. I also didn't want to reformat due to losing unrecoverable data/information.
I used a program called ComboFix, which removed almost all instances of infection. I would recommend using that program first and then doing a full, complete drive/system scan with both Malwarebytes and SUPERAntiSpyware." }-

Thanks real usefull application, it also creates a log. So combo fix and (other tip I got) hitmanpro 3, Eset sysinspector are usefull before manually removing suspicious autostart entries.

combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix
hitmanpro 3 http://www.surfright.nl/en/HitmanPro
Sysinspector http://www.eset.com/download/sysinspector.php

Cheers Kees

-{ Quote: "Hitman Pro" }- - running Antivir, Eset, Prevx and A2 without installing sounds a good aid. - The reporting looks good by the screen shots from their home page.

I would prefer to use tools similar to the sysinternal freeware, sleuthing/investigating tools choosing what to look at, reporting tool, debug, dumping the memory,.. then making the decisions and choosing what to remove with the knowing that its only down to me, how hard I looked if I've missed something.

-{ Quote: "Thanks real usefull application, it also creates a log. So combo fix and (other tip I got) hitmanpro 3, Eset sysinspector are usefull before manually removing suspicious autostart entries.

combofix http://www.bleepingcomputer.com/combofix/how-to-use-combofix
hitmanpro 3 http://www.surfright.nl/en/HitmanPro
Sysinspector http://www.eset.com/download/sysinspector.php

Cheers Kees" }-

I've used Hitmanpro in free mode as a second (and third,fourth,fifth)opinion for some time.It's a great concept and I wonder why it doesn't seem to gain widespread appeal.???

I'd also like to add A-squared HijackFree to the list,very extensive utility.

I usually use, in this order:
hijackthis
combofix
Kaspersky virus removal tool (max heuristic)
SAS

sometimes gmer or rootrepeal (when I find traces of rootkit)

Combofix is very useful to his log, which includes many important information

if you restart any unknown anomaly, once done all this, as scan control:

prevx csi
Sysinspector

often remove the antivirus software already installed (often avg or avast) and put Avira Free+SAS Free+MBAM Free (sometimes, depends by user, also Comodo or Online Armor Free)

Regards

I'm using: SAS, MBAM, A-squared, then running HiJackThis/Combofix

When i have to clean my friends Pc's

First will use MBAM
then i will use SAS
then Drive Sentry
then i will pass A-Squared (Great Product)
then i will pass Prevx Edge Free monitor to see if it finds anything left

if i have a lot of time i will add to the list

-DrWeb Cureit
-Kaspersky

and probably change my friends AV and pass a scan

Prevx CSI is strong. Some examples
http://www.youtube.com/prevxresearch

I use Combofix to remove nasty files which don't go away otherwise.
Just have to create CFScript.txt file and move it over Combofix. Then it will delete files that I decided to be malicious.
Also, I use Icesword's abilities to delete/force delete files. Most of time it is successful on removing gaopxxx rootkit files at system32 folder.
MBAM is another top product for me at removing infections from computers that I've dealt with (removing malware)
SAS as well :thumb:

thanks for the link:thumb:

My last last infection was 3 years ago (because NOD32 has failed).
I have detected the malware with several softs (but without success to remove it) and deleted it manually with. . . . Unlocker.
:)

SAS
DRWEB CURE IT

Haven't tried the below but could come in handy?

-{ Quote: "Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:

* repair a damaged system,
* rescue data,
* scan the system for virus infections.

Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.

The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available." }-
Avira Antivir Rescue System (http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html)

I'll start with the basics:

SAS & MBAM = no brainers
AV's of your choice
AVZ AntiVital Kit = Very Useable
AutoRuns & NIRSOFT Utilities to do cleaning TEMPS etc. Even Index.dat Suite
Unlocker and a UnRegister App to unregister those stubborn dlls.
Plenty of different anti-rootkit detectors like RADIX, ROOTREPEAL, RKU, KERNEL DETECTIVE. ETC.
My old Windows 98 RegCrawler to quickly jump in a search to usually Enum\Root to change permissions in order to manually delete those sticky entries inserted with malwares. They really get a grip on malware dll's. exe's lodged in a system and IMO serve to hold them tightly in place. UnPermission and Delete those and the others even if hidden suddenly appear and can be disposed of. I hate that part of MS's registry system but at least you can release their grip once you find them which isn't that hard most of the time.
COMBO FIX is been a real breadwinner.
I know theres others i left out of the rotation but with exception of file infectors which are absolutely destroyers in most case, those tools and the others mentioned can reasonably well force out and dismiss most of today;s rootkits, trojans, and other annoying malware.

EASTER

Another handy tool for removing rogue anti-malware progs that can be extremely difficult to shift,is Revo Uninstaller.It can unlock just about anything.

SAS + MBAM, hand down, these will get rid of nearly any infection you got. then install ur AV after cleaning and scan with that, and tada, this always works for me great.when cleaning ;D