This should be intresting...

So, your hit with a really big drive by download. Your computer has random pop ups, rouge antispyware installed, and a bunch of error messages. Your friend asks you to clean it up, but heres the tricky part, you cant use the "common" programs (ex. MalwareBytes, Superantispyware, Avira so on and so forth) What apps would you bring to the battle field?

 

I'm abit curious curious why not?

 

Why you can't use them? They don't install, or... Grab one or more of the live CDs available from major vendors to clean up the system a bit first.

 

just to see how it would be without the new products out there, and a bit of a challenge i guess. I'd also like to see some new tools.

 

liveCD?

 

Those are from the "big" vendors, we cant have that. Gotta make it a challenge here...

 

How's AVZ?

 

Thats not from a "big" vendor, i guess its fine. But, you'd bring only that?

 

Eh, like... backup the data, fdisk and reinstall? Really too old, lazy and busy for manual fixing of malware-infested systems; unless you have one specific and known infection to handle it's not worth wasting the time.

 

No, you could use programs, just no BIG AV companies. I guess HJT would be fine, but then again it was bought out by Trend Micro...but stuff like that. Something not too common.

 

So, you mean some 0day unknown infection, or what exactly? There are one-purpose tools for tons of malware, but you need to know what you are trying to disinfect.

 

Okay, AVZ and RkU

 

Rouge antispyware programs, Rootkits, trojans, the whole sha bang.

 

What about little cheating
here: Multi AV

 

I was in that situation recently.

Here is what I used: DBAN

 

This subject matter is already kind of being discussed here.

 

It's not the same. This is a hipotethical scenario where you are not allowed to use mainstream apps.

 

Exactly, its supose to be somewhat more challenging since you cannot have direct access the the biggies.

 

Knowledge, patience, safemode, explorer, search and delete.

 

Ridiculous on both counts! Why would you not be "allowed" to have access to to the "biggies" or whatever is chosen? the other thread even mentions alternatives anyways. How especially does using a Live CD equate to leaning on a "Big vendor" for this scenario?

 

Just a little fun, I you don't want to participate, then don't. As simple as that.

Now, as I said, I had such a scenario. No major AV was allowed to run. SAS couldn't even install. MBAM couldn't find the problem. So it's a valid scenario.

 

Trojan Remover, DrWeb CureIt (safemode), Counterspy (safemode) and F-Prot

 

Too many "Big Vendors" in that arsenal ...Live CD.

Seriously, I don't see how a Live CD is a big vendor. It's the obvious choice for me if I were to attempt cleaning. It's worked very well for me in the past, though nowadays I would recommend re-install O/S if important data is backed up or preferably backup image if available. It might be considered the lamers way of doing things but at least you can be certain the bugs are gone. If it's only rogue software then it's not bad using the applicable cleaning tool for cleansing.

The malware cleaners such as CastleCops and others do a most noble service - kudos to them all - helping people rid their machines of infections, but look how long it can take; one - two weeks is usually minimum for wait time after submitting hjt log, then there is the often long, painstaking cleaning process. Usually it works but not without some collateral damage to the O/S post-aftermath; some things don't work right, icons missing, context menus missing, some programs don't work right and assorted other nuisances that go with the territory. A re-image or even re-install is done within one to six hours typical.

Of course prevention is always foremost but re-imaging I feel is the ultimate recovery method from malware. Too bad it hasn't hit household mainstream yet.

 

At the end of my home user IT career my tool box was condensed to the following :

GMER
RKU
IceSword
Autoruns
RunScanner
ProcessExplorer
Unlocker (I used this to DOR things like temp folders and RECYCLER to ensure that they are indeed empty , windows makes new ones in case your wondering)
HJT
LSPFix/WinsockFix
Dial-a-fix/xp_secconsole
CCleaner/Cleanup!
Sigverif (part of windows)
A small pile of .reg and .bat files (for stuff like upper/lower filter fix)
Virustotal/google (for the ones you are not 100% sure on killing , google VS. GUIDs is a very good way to spot malware BTW)
VistaPE (from time to time you just cant win in a live environment)

 

To state that it is impossible to load the "biggies" is a false claim, its obvious any malware creater would target the "biggies" but in any case, i did read it somewhere as well.

http://remove-malware.com/

He talks about how he could not load up avira and SAS wouldn't work properly, but, why not be prepared for the "what if" moments?

and for nosirrah, nice set. Thanks.