Malware Removal Guide for Windows [Feedback]

Hi everyone,

I would really like to get some feedback from you. What is your opinion on the guide? What do you like about it? If you don't like it, what is it that you don't like? How could it be improved? I want to make the guide as user friendly as possible. Please give me your feedback, ideas, and suggestions. Thanks.

Malware Removal Guide for Windows

By the way, I'm considering publishing the guide, but I need to get your feedback first. Also, I'm going to be moving my site to Office 365; however, it won't happen anytime soon. I'll keep you updated.

 

The guide is pretty good IMO... but I would think that leading off with the rescue CD's would be someone's best bet. Nowadays, the odds of cleaning something while running in windows (even in safe mode) is pretty low. TDSS is a very common infection, and typically outpaces the updates of TDSSKiller and Hitmanpro.

I think its much safer to clean offline, then load up mbam and the other tools and see if it missed anything...

..but, I do understand that for many people simply loading a boot cd is a little difficult (I teach a class, and 20 minutes is taken up because people can't grasp the concept of this)...

 

Hi hpmnick,

That is partly true, but you shouldn't underestimate the removal capabilities of on-demand scanners, such as MBAM and SAS. Ofcourse, this all depends entirely on the type and severity of the infection.

I do, however, completely agree with you that rescue CDs are becoming more important as malware becomes more sophisticated.

Thank you for your comments.

 

Heres another

http://www.overclock.net/networking-security/1029025-malware-removal-guide.html#links

 

I have added several things to the guide. Please give me some feedback.

- Revised proxy setting instructions (Preparation for the Removal Process)
- Added MiniToolBox
- Added instructions on how to create a system restore point (After the Removal Process)
- Added instructions on how to reset Hosts file (Fix Post-Disinfection Problems)
- Added GooredFix
- Added new images

Spoony, I'll take a look at it, however, if you want feedback on your guide, please start your own thread.

 

Hi, another thing I might suggest is to recommend TFC.exe before any scanning. Due to the fact this might not have been done (EVER), it might speed up scanning from hours to 10-20 minutes.. Otherwise scanners will scan the GB's worth of data in the temp folder (lots of small little files, very slow)..

 

Why that instead of CCleaner? I do agree that a file cleaner should be utilized beforehand.

 

Hi JL,

Simply because TFC doesn't offer to clean the registry, whereas, Cleaner does offer it. I personally prefer CCleaner. You can read about TFC here http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

Also, Stapp is correct. Look at quietman7's post here: http://www.bleepingcomputer.com/forums/topic397900.html/page__view__findpost__p__2263164

 

Well its pretty much common knowledge that before you potentially make your system unusable, to back up your stuff. There are a number of things that could happen if you unsuccessfully try and clean malware... one of them includes a vengeful response from the malware..

As for malware making things like the start menu and desktop unaccessible, they are just shortcuts... and you will never be able to account for every quirk in every piece of malware..

 

Hi everyone,

My website has moved to http://www.selectrealsecurity.com/ Check out the new site. I've renamed it.

The Malware Removal Guide for Windows is now here: http://www.selectrealsecurity.com/malware-removal-guide

Please update your bookmarks. Thanks.

 

Will update links in list.

 

When I looked at the instructions (including the Tutorial link) for using Hitman Pro, I saw no mention of the 'Force Breach' (or whatever it is called) method. It is my understanding that if you hold down the Crtl key while executing the Hitman Pro exe, Hitman Pro will block Malware attempts to terminate the execution of Hitman Pro. I have never done this, but I read about this method somewhere in this forum.

 

Very Informative site!
Kudos!

 

Thanks for updating the list JL. I appreciate it!

Thanks for the information. I'll add it soon.

By the way, I have added share buttons to the website. Please use them.

 

I found a Thread with details about Hitman Pro's "Force Breach" feature:

https://www.wilderssecurity.com/showthread.php?t=265202

 

Update:

- Revised introduction
- Added FixTDSS from Symantec (Step 1)
- Added instructions on Hitman Pro's Force Breach mode
- Revised System Restore instructions (After the Removal Process)
- Revised Repair System Settings (Fix Post-Disinfection Problems)
- Added new links

http://www.selectrealsecurity.com/malware-removal-guide

Thanks for the link Kid7!

 

Update:

- Changed Malwarebytes download link
- Replaced TFC with CCleaner (Clean up Temp Files)
- Added TnT forums (Get Expert Analysis)
- Added VIPRE Rescue (Additional Malware Detection / Removal Tools)

 

geohac, on your tutorial you have:

Download and run TDSSKiller​

followed by 3 links. The last link, titled "Homepage", links to [presumably] a Kaspersky page, but the download link for TDSSkiller on that page does not download a functional zip file, the download is only 3KB, not the expected 1.3 mb and it does not open at all. Multiple download attempts were incorrect.

By contrast, the following page with the download link does download the file correctly:
http://support.kaspersky.com/faq/?qid=208280684

I'm not savvy enough to determine what's wrong with the "Homepage" URL, or whether the page is genuine, or why the download is incorrect, or whether it's just something wrong on my side (seems unlikely since it downloaded correctly from the above page), but perhaps you could re-check the link on your tutorial page.

Thank you for your efforts on the tutorial, it's a great resource.

 

Hi axial,

The download link on the homepage is working correctly for me. Is anyone else experiencing this issue?

 

I was playing the other day with a trojan downloader that I let through my security setup. It proceeded to change all the Internet settings so any browsers, email apps, etc couldn't be used (while the malware transmitted to its nasty heart's content).

Minitoolbox was the tool to use at that point. Just by clicking on the top few non-report generating boxes and clicking "Go" reset everything to a state prior to the malware infection. No need to play around with Network settings or registry manipulations. Although seldom used, Minitoolbox is a very valuable tool.

 

Would the Banking Trojan Detection Tool be useful in your Malware Removal Guide for Windows? It only "detects" (no Malware removal) Banking Malware.

https://www.wilderssecurity.com/showthread.php?t=306978

 

Where's the website? I'm not sure what software you're talking about.

 

I couldn't agree with you more.

Thanks, I'll check it out.

Hi JL,

He is referring to the tool used in the Preparation section of my guide.

 

Should this TDSS Rootkit removal tool be added to the Malware Removal Guide for Windows? I have never tried it.

https://www.wilderssecurity.com/showthread.php?t=307041