Malware Removal Guide for Windows [Feedback]

My apologies for causing confusion; what I meant was that I had a problem with the download file from the Kaspersky page you linked to with your "Homepage" link, but if I navigated to Kaspersky and then to the TDSSKiller page then the download file was correct.

In other words, it seemed to be a problem with the Kaspersky download on their page, but I wondered whether the page you linked to was somehow a different "entry" and this caused the download file to be "bad".

The "bad" download link had something about "omniture" in it so I guess it was an error in coding on the Kaspersky side, but whatever the cause the download file was the wrong size and not an openable zip at all, which was somewhat alarming and it made me wonder whether the link on your page was to a rogue link of some sort.

Please be assured I do not mean to cast doubt on your integrity by saying this, that's not my intention at all, it's just to explain the reason I decided to bring it to your attention in case others received the "bad" download.

Whew!

It appears to be fixed now, however.

 

Oh, I should really check beforehand next time.

 

Have you considered mentioning use of sfc.exe? Sfc.exe can also be run offline.

 

Hi Brian,

System file checker is not particularly user friendly. The average user would have no idea how to use it. Thanks for the info.

I don't know enough about it, so I won't be adding it. Thanks.

 

Update:

- Added malware symptoms
- Revised disclaimer
- Added revision history page (Note #4)
- Revised safe mode instructions
- Revised system restore instructions
- Removed dead links

http://www.selectrealsecurity.com/malware-removal-guide

 

Malwarebytes Anti-Malware:

It is suggested that a link be added for downloading the MBAM Offline Database installer file. This will allow for updating MBAM after installation in the event that no internet connection is available on the infected PC.

http://malwarebytes.gt500.org/

 

How often is the offline database updated?

 

From the link posted above; 'Someone is supposed to be updating the mbam-rules.exe download once a week now.'
That information is from february though, no idea if it's still the case.
You'd have to ask at the MBAM forum for details.

 

Most techies just take a recent copy of the rules.ref from their own system.

 

Thanks Baserk.

 

Update:

- Revised disclaimer
- Added important note about malware blocking downloads (Preparation for Removal)
- Changed TDSSKiller image
- Removed note about running Malwarebytes in safe mode

I also added a Google Plus One button to the page. It is above the index. Please click on it. Thanks.

 

geohac,


I had bookmarked your page loooooong ago because someone suggested it to me at Matt Rizos' web-page [removemalware.com] because it had [still has] a tab with links of malware testing sites such as MDL , Malc0de and Clean-MX which I visit every now and then to submit samples to ESET NOD32 that haven't been included in their virus database.

[By the way, do not show the tab with the links here at Wilders because it might be edited or deleted by one of the many members of the Wilders' staff]

But other than that, your site is very informative and very useful about helping people fight malware and keeping their computers operating at their best.

Lastly, among the tools you are including to fight malware, could you add ROGUEKILLER, please? It's a utility that largely works like BleepingComputer's RKILL but it's much more efficient when it comes to terminating malicious processes running in the background on infected computers such as Fake AVs et al.

Can be downloaded from Majorgeeks, Betanews or the author's web-site [it's in French]: sur-la-toile.com/RogueKiller/


Thanks and keep up the good work.

Regards,


Carlos

 

Hi Zyrtec,

I'm glad you found my site useful. I added RogueKiller to the list of anti-malware tools. Thanks for the suggestion.

 

Hi guys,

I am wondering if I should remove Step 3 (Full Antivirus Scan). I think it's unnecessary because if your antivirus was not able to detect the malware, it also won't be able to remove it. What is your opinion? Should step 3 be removed? I could also move the step.

Thanks,
Brian

 

I suggest adding Dr.Web CureIt. The scan speed of Dr.Web CureIt was dramatically increased beginning early last week. I saw a 2X scan speed increase on one of my Windows XP Pro PC's. Some others have reported a greater scan speed increase.

 

Hi,

Your statement makes sense to me. If an AV is blind-as-a-bat on PREVENTING a given threat from infecting a computer, what's the point of performing a full scan with it?

Again, the best approach to deal with malware is a layered solution where the AV plays a role but it's not the only solution to stop malware.

Examples of layered solutions:

AV + Anti-executable + Virtualization software


Regards.

 

That's good news.

Update:

- Added RogueKiller (Additional Detection/Removal Tools)
- Added Windows Defender Offline (formerly Standalone System Sweeper)
- Added Ultra Virus Killer (Additional Detection/Removal Tools)
- Added file sizes (Additional Detection/Removal Tools)
- Removed unnecessary links

Thanks for your input Zyrtec.

 

Very comprehensible, thanks.

 

I suggest that the Bitdefender Bootkit Removal Tool be added to your Malware Removal Guide for Windows.

https://www.wilderssecurity.com/showthread.php?t=314738

 

Update:

- Added instructions on how to fix the Registry (Preparation for Removal)
- Changed Malwarebytes download link
- Added note about manually updating Malwarebytes (Step 2)
- Updated HitmanPro (3.6)
- Removed F-Secure Online Scanner
- Added Bitdefender Bootkit Removal Tool (Additional Detection/Removal Tools)

Thanks for the suggestion Kid7.

 

At this page, there's mention to Sucuri's blacklist. It seems it doesn't get updated that often. Last update was 2011/06/06. More than half a year ago.

Sucuri blog appears to be OK, though.

 

Hi M00n,

I removed it from the list, but I'll keep an eye on it. Thanks.

 

By the way, www.malwareblacklist.com is now run by SparkTrust. ParetoLogic Malware Blacklist should be renamed to SparkTrust Malware Blacklist.

-edit-

I see that at the bottom of www.malwareblacklist.com it still mentions Paretologic, though. Maybe Paretologic is just advertising SparkTrust?

 

They formed a partnership: http://www.paretologic.com/company/media/press_release_malwareblacklist_sparktrust_partner.aspx

 

Update:

- Changed the link to backup instructions
- Added Windows Repair by Tweaking.com (Fix Post-Disinfection Problems)
- Removed TaskManager.xls
- Added Process Hacker (Additional Detection/Removal Tools)
- Removed unnecessary links