What's your infected machine "attack strategy"?

Discussion in 'other anti-malware software' started by mattfrog, May 10, 2012.

Thread Status:
Not open for further replies.
  1. mattfrog

    mattfrog Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    78
    Location:
    United Kingdom
    Sorry if this is in the wrong forum, it felt the best fit.. :D

    OK, assuming you want to avoid reinstalling Windows, what's your approach to cleaning up infected machines? Personally (and any feedback appreciated..!):

    • Ensure the machine has no network connection active
    • Insert read-only CD of tools
    • Uninstall any obviously nefarious software showing in add/remove
    • Strip down the start up applications in msconfig, and reboot (allowing for more resources to make the clean up less frustrating!)
    • Scan with malwarebytes and clean
    • Connect the machine to a network, and scan with hitmanpro
    • Install ESET instead of their out-of-sub McAffee (usually the case, and I have many ESET ESS licences)
    • Scan with ESET
    • Finish up with CCleaner

    Anyone do it differently, using HijackThis for example?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,069
    Location:
    Europe
    Restore with fixboot command from Windows cd the original MBR.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,133
    I solve pretty much every problem by going to /appdata/ and deleting any folder I don't immediately recognize.
     
  5. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,936
    Location:
    Parallel Universe
    Dr. Web CureIt
    AVZ antiviral toolkit
    Emsisoft emergency kit
    Superantispyware
    Tdssiller
    F-secure easyclean
    Bytehero
    Norton power eraser
    Remotedll

    And if everything fails, I just restore a clean image.
     
    Last edited: May 11, 2012
  6. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,268
    Location:
    AmstelodamUM
    Nowadays I will only reimage the OS+progs partition and fix the MBR.
    Using a plethora of AV/AM scanners, rebooting, running bootable CD/USB tools and digging for hours doesn't offer me any fun anymore.
    Having a clean box in <20/30 minutes works best in my case.

    Question though, have you really ever encountered 'obviously nefarious software showing in add/remove'?
     
  7. mattfrog

    mattfrog Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    78
    Location:
    United Kingdom
    I was refering to programs known to be/have adware - common ones being iMesh, MySearch Toolbars etc.
     
  8. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,268
    Location:
    AmstelodamUM
  9. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,276
    Do you guys use bootrec /fixmbr and bootrec /fixboot in every cases or just in some particular situations?
     
  10. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,394
    I don't have much experience at all with cleaning infected PC's, but here are some ideas on what I might do.

    If Malware (Ransomware) has you are locked out of Windows, I would boot up with the Kaspersky Rescue Disk 10. Then open the Terminal, type "windowsunlocker" and then press Enter. Close the Terminal. The "windowsunlocker" command is supposed to unlock a Windows Operating System that has been locked by Ransomware.

    Maybe update the Kaspersky Rescue Disk 10 and run a scan with the default settings. It appears that the default selected items to scan may be related to Rootkits so the scan should be quite quick. If you like, do a Full scan with the Kaspersky Rescue Disk 10. The Full scan may take a while to complete.

    If time permits, you may want to scan with the Dr.Web LiveCD and/or the Avira Rescue System CD.

    Run scans (Preferably in Windows "Safe Mode") with one or more of the following:

    1. Malwarebytes AntiMalware
    2. Dr.Web CureIt (Skip this one if you already scanned with the Dr.Web LiveCD.)
    3. Emsisoft Emergency Kit
    4. SuperAntiSpyware Portable
     
  11. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    11,177
    Location:
    Ontario, Canada
    I agree with Cudni get some professional help from one of the malware cleaning forums to make sure it's cleaned properly by experts!

    TH
     
  12. blasev

    blasev Registered Member

    Joined:
    Oct 25, 2010
    Posts:
    763
    I always choose to reformat the whole disk and install clean OS.
     
  13. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    Finish up with CCleaner
    Somepeople start with ccleaner
     
  14. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    I agree, there are a lot of them and they really help a lot of people. I used to read such forums a while back for fun. :D
     
  15. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,394
    Routine System Partition "Imaging" is the best Strategy. You will never again have to "struggle" with Malware cleaning.
     
    Last edited: May 12, 2012
  16. tomazyk

    tomazyk Guest

    I usually take this steps when removing malware:
    1. Start CCleaner and remove all internet and system temporary files.
    2. Scan computer with boot CD's (Avira and Kapsersky) and remove everything they find.
    3. Log into windows and disable and enable system restore. That way I remove possibly infected restore points.
    4. Check autostarts with Autoruns and disable all unnecessary and suspicious items.
    5. Restart and scan computer with MBAM and Hitmanpro.
    6. Install AV (usually Avast), update it and scan computer with it.
    7. Run Gmer to see if there are any rootkit activities.
    8. If all this doesn't solve the problem I reinstall the system. After install and update I install imaging software and backup new system.

    This procedure worked great for me in last years. I didn't have to clean machine for a while now. It looks like people are getting more careful when using computer.
     
  17. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,713
    Location:
    NL
    I agree as well here. I often see "unclassified people" (sorry if this seems harsh) cleaning machines resulting in doing more harm then good.
    Not to say some make it more tricky by running tons of anti-whatever-malware progs. on their machines.
     
  18. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    189
    I've never been infected with malware, but if I was, I'd probably do a fresh reinstall...
     
  19. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Quote: "An ounce of prevention is worth more than a pound of cure."

    That being said, I recommend imaging a clean OS with the MBR. If not, reinstall the OS. One can never be sure that all the infection/damage is corrected by so-called cleanup tools. In many cases, products like Hitman Pro and Malwarebytes can delete most of the malware. However, malware that changes integral parts of the OS cannot be cleaned without crippling the OS or some of it's features.

    Personally, I use Image for Windows, Avast Internet Security, and Shadow Defender on constantly.

    There! Take that malware! Mmmmwwwaaahhaahhaahhaa :D
     
  20. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,264
    Bingo. I use boot-to-restore products like Returnil, Deep Freeze, and Drive Vaccine and therefore have no problems that can't be fixed with a simple reboot. As TheKid7 said, routine imaging is also important in case you just want to start fresh with a "perfect image" without the need to reinstall Windows.
     
  21. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    @ mattfrog

    My strategy is the sledge hammer or preferably Linux, that's it. :D.

    Thanks.
     
  22. Tsast42

    Tsast42 Registered Member

    Joined:
    May 7, 2012
    Posts:
    137
    Location:
    United Kingdom
    Malware infection! :D What better excuse for wipe and load?

    I love my Windows disk! :-*
     
  23. I agree prevention is best using KIS, Zemana, OPENDNS, Plus daily image taken daily by Acronis True Image.
     
  24. tk55

    tk55 Registered Member

    Joined:
    Apr 18, 2009
    Posts:
    59
    sorry for been a noob. i've thought about such products before and found them not suitable for user like me who changes their windows setup all the time.

    am i wrong in thinking that these softwares simply revert your windows back to exactly how it was and removed any changes upon reboot? who uses a computer with contents that never changedo_O i must be missing something. can someone enlighten me please?
     
  25. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    you can exclude a Drive from Protection to save your Docs in it
     
Thread Status:
Not open for further replies.