Malware Toolbox

[TheKid7]

On rare occasions someone will ask me to check out their PC because it is running slow, etc. If you were to clean malware from an infected PC what would be your choice of tools and what would be the recommended order of tool use?

Currently I plan to use (Not necessarily in this order): MBAM, SuperAntiSpyware Free, AVIRA System Rescue CD, CureIt, TMHouseCall (Online), NOD32 (Online), a2free.

Thank you.

[jmonge]

Quote:

Originally Posted by TheKid7

On rare occasions someone will ask me to check out their PC because it is running slow, etc. If you were to clean malware from an infected PC what would be your choice of tools and what would be the recommended order of tool use?

Currently I plan to use (Not necessarily in this order): MBAM, SuperAntiSpyware Free, AVIRA System Rescue CD, CureIt, TMHouseCall (Online), NOD32 (Online), a2free.

Thank you.

i will say spybot search and destroy,adaware,avira antivirus and some others i dont remenber at the moment.
note:spybot SD is always undergraded but it help me clean computers very good,it has some sharp teeth

[lodore]

Quote:

Originally Posted by TheKid7

On rare occasions someone will ask me to check out their PC because it is running slow, etc. If you were to clean malware from an infected PC what would be your choice of tools and what would be the recommended order of tool use?

Currently I plan to use (Not necessarily in this order): MBAM, SuperAntiSpyware Free, AVIRA System Rescue CD, CureIt, TMHouseCall (Online), NOD32 (Online), a2free.

Thank you.

Hello TheKid7,
quite a nice range of tools.
you can replace trend micro house call with sysclean link
never been a fan of online scanners mainly since they dont always remove themselfs and mostly use activeX.
i would add f-secure rescue cd to the setup. link
the drweb rescue cd will be out of beta soon. the main advantage of the drweb rescue cd is the bultin updator.

[Ilya Rabinovich]

Quote:

Originally Posted by TheKid7

If you were to clean malware from an infected PC what would be your choice of tools and what would be the recommended order of tool use?

I use AVZ. www.z-oleg.com

[bellgamin]

Quote:

Originally Posted by Ilya Rabinovich

I use AVZ. www.z-oleg.com

Ilya is an expert. Ergo, I recommend you go with his suggestion.

I have heard VERY good things about AVZ here at Wilders.

If you want to do a Wilders search -- you can't search for words of less than 4 characters. Therefore, do a Google search with the following entry...

"avz site:www.wilderssecurity.com" -- w/o the quotations.

[LoneWolf]

AVZ Antiviral Toolkit English Translation

[Bubba]

Quote:

Originally Posted by bellgamin

If you want to do a Wilders search -- you can't search for words of less than 4 characters

Only because it is a somewhat unknown\overlooked search feature of our forums do I offer the below.

In our FAQ there is Searching the forum easier that then has this thread.

AVZ search results utilizing the Google search box.

[Meriadoc]

Thekid7 here's a good antimalware toolbox (have a look and learn these tools they are quite easy to use and understand with use and they are all free)... Autoruns, ProcessExplorer and Process Monitor, TCPView and RootkitRevealer from Sysinternals. Then eventually substitute Rootkit Revealer with Rootkit Unhooker/IceSword or RootRepeal.

AVZ is very good all-in-one

[MrBrian]

Kaspersky AVPTool
ESET SysInspector
System Repair Engineer
HijackThis

I'd recommend to move some of the anti-spyware programs to the latter part of your list, or off altogether. See http://www.wilderssecurity.com/showp...8&postcount=28 and http://www.wilderssecurity.com/showp...7&postcount=31 for the reason why. If you do use anti-spyware programs, use those that excel at cleaning.

[Franklin]

Another vote for AVZ along with SAS, MBAM, Cureit, Runscanner...

If you come across any flash autorun.inf infections then Flash Disinfector may be able to help.

[MrBrian]

Perhaps run sfc /scannow, which is already present in Windows.

[MrBrian]

Computer Repair Utility Kit and/or PC Repair System - portable versions of repair programs
Ultimate Boot CD for DOS
Ultimate Boot CD for Windows

[EliteKiller]

rogueremoval kit

[HURST]

Avira RescueCD
MBAM
HiJackThis
RogueRemoval Kit
RRT
xpsecconsole
CureIt
AVZ
AVP Tool
SAS
Autoruns
Process Explorer
RKU

[EASTER]

Quote:

Originally Posted by Ilya Rabinovich

I use AVZ. www.z-oleg.com

Likewise, indeed a very in-depth searcher and remover but i found for the very most extreme cases ERD COMMANDER cd invaluable! Working along somewhat similar lines as BART PE & Win PE, you can approach a heavily infested disk indirectly with this CD, in effect loading that system inside ERD totally immobilized, and yank out the toughest static-cling placed on it as well as remove deeply embedded registry issues and such.

I always tote that CD with me along with excellent apps mentioned just in case the system can't boot and such.

I seen in dual partition systems where malware has even deleted one of the partitions, so in a case of that nature, and provided the partition hasn't been written over too badly, PARTED MAGIC cd with TESTDISK usually can find and restore it again by writing it back.

EASTER

[aigle]

Quote:

Originally Posted by MrBrian

Kaspersky AVPTool

Does it has same signatures as KAV itself?

[Someone]

Quote:

Originally Posted by aigle

Does it has same signatures as KAV itself?

Hi

I think it has the KAV v7 database.

[lodore]

i wasa thinking about creating a bartpe cd for cleaning infected computers for other people. but havent had any success with my oem windows xp cd.
ive also tryed creating a vistape cd using winbuilder but cant seem to add more than the basic without errors.
btw i would surgest running superantispyware free first. that is normally enough for the computers i have dealt with.

[Shankle]

I look at all these answers and find no consistancy. This would drive a Puter novice crazy. I use none of the programs listed and I NEVER have problems with my Puter.
I guess it comes down to what you start with and what you are familiar with. Then there is cost and ratings. I would think that a combined package like ESS would give more value and less Puter hastle than buying a multitude of separate security packages.
Just my humble opinion.

[HURST]

Quote:

I look at all these answers and find no consistancy. This would drive a Puter novice crazy. I use none of the programs listed and I NEVER have problems with my Puter.
I guess it comes down to what you start with and what you are familiar with. Then there is cost and ratings. I would think that a combined package like ESS would give more value and less Puter hastle than buying a multitude of separate security packages.
Just my humble opinion.

I think most of us are writing what we use to CLEAN infected computers, not to protect our own.
On my own PC I don't even use scanners anymore.

[jmonge]

Quote:

Originally Posted by HURST

I think most of us are writing what we use to CLEAN infected computers, not to protect our own.
On my own PC I don't even use scanners anymore.

HURTS is correct there cause prevention is always better than the cure and if we are very preventive we sholdnt be talking about what we use to or for cleaning up our pcs.thas my 5 bucks
note:for developers and adventurers testers that take the risk of testing thats another story .

and also i dont use scaners too.

[nosirrah]

If you want to be 100% sure you need non blacklist tools .

I still do some home user IT from time to time and have my malware tools down to these :

RKU
GMER
IceSword
Autoruns
RunScanner
ProcessExplorer
HJT
sigverif (part of windows)
VistaPE

There is nothing wrong with using a blacklist scanner type tool to scrape a chunk off the top but after you need to dig deeper .

[MrBrian]

Quote:

Originally Posted by HURST

Avira RescueCD
MBAM
HiJackThis
RogueRemoval Kit
RRT
xpsecconsole
CureIt
AVZ
AVP Tool
SAS
Autoruns
Process Explorer
RKU

RRT = ?

[Pseudo]

Quote:

Originally Posted by MrBrian

RRT = ?

Remove Restrictions Tool?

[HURST]

Quote:

Remove Restrictions Tool?