What's your infected machine "attack strategy"?

Discussion in 'other anti-malware software' started by mattfrog, May 10, 2012.

Thread Status:
Not open for further replies.
  1. mattfrog
    Offline

    mattfrog Registered Member

    Sorry if this is in the wrong forum, it felt the best fit.. :D

    OK, assuming you want to avoid reinstalling Windows, what's your approach to cleaning up infected machines? Personally (and any feedback appreciated..!):

    • Ensure the machine has no network connection active
    • Insert read-only CD of tools
    • Uninstall any obviously nefarious software showing in add/remove
    • Strip down the start up applications in msconfig, and reboot (allowing for more resources to make the clean up less frustrating!)
    • Scan with malwarebytes and clean
    • Connect the machine to a network, and scan with hitmanpro
    • Install ESET instead of their out-of-sub McAffee (usually the case, and I have many ESET ESS licences)
    • Scan with ESET
    • Finish up with CCleaner

    Anyone do it differently, using HijackThis for example?
  2. Cudni
    Offline

    Cudni Global Moderator

  3. blacknight
    Offline

    blacknight Registered Member

    Restore with fixboot command from Windows cd the original MBR.
  4. Hungry Man
    Offline

    Hungry Man Registered Member

    I solve pretty much every problem by going to /appdata/ and deleting any folder I don't immediately recognize.
  5. ams963
    Offline

    ams963 Registered Member

    Dr. Web CureIt
    AVZ antiviral toolkit
    Emsisoft emergency kit
    Superantispyware
    Tdssiller
    F-secure easyclean
    Bytehero
    Norton power eraser
    Remotedll

    And if everything fails, I just restore a clean image.
    Last edited: May 11, 2012
  6. Baserk
    Offline

    Baserk Registered Member

    Nowadays I will only reimage the OS+progs partition and fix the MBR.
    Using a plethora of AV/AM scanners, rebooting, running bootable CD/USB tools and digging for hours doesn't offer me any fun anymore.
    Having a clean box in <20/30 minutes works best in my case.

    Question though, have you really ever encountered 'obviously nefarious software showing in add/remove'?
  7. mattfrog
    Offline

    mattfrog Registered Member

    I was refering to programs known to be/have adware - common ones being iMesh, MySearch Toolbars etc.
  8. Baserk
    Offline

    Baserk Registered Member

  9. AlexC
    Offline

    AlexC Registered Member

    Do you guys use bootrec /fixmbr and bootrec /fixboot in every cases or just in some particular situations?
  10. TheKid7
    Offline

    TheKid7 Registered Member

    I don't have much experience at all with cleaning infected PC's, but here are some ideas on what I might do.

    If Malware (Ransomware) has you are locked out of Windows, I would boot up with the Kaspersky Rescue Disk 10. Then open the Terminal, type "windowsunlocker" and then press Enter. Close the Terminal. The "windowsunlocker" command is supposed to unlock a Windows Operating System that has been locked by Ransomware.

    Maybe update the Kaspersky Rescue Disk 10 and run a scan with the default settings. It appears that the default selected items to scan may be related to Rootkits so the scan should be quite quick. If you like, do a Full scan with the Kaspersky Rescue Disk 10. The Full scan may take a while to complete.

    If time permits, you may want to scan with the Dr.Web LiveCD and/or the Avira Rescue System CD.

    Run scans (Preferably in Windows "Safe Mode") with one or more of the following:

    1. Malwarebytes AntiMalware
    2. Dr.Web CureIt (Skip this one if you already scanned with the Dr.Web LiveCD.)
    3. Emsisoft Emergency Kit
    4. SuperAntiSpyware Portable
  11. Triple Helix
    Offline

    Triple Helix Prevx Forum Helper

    I agree with Cudni get some professional help from one of the malware cleaning forums to make sure it's cleaned properly by experts!

    TH
  12. blasev
    Offline

    blasev Registered Member

    I always choose to reformat the whole disk and install clean OS.
  13. Ranget
    Offline

    Ranget Registered Member

    Finish up with CCleaner
    Somepeople start with ccleaner
  14. kupo
    Offline

    kupo Registered Member

    I agree, there are a lot of them and they really help a lot of people. I used to read such forums a while back for fun. :D
  15. TheKid7
    Offline

    TheKid7 Registered Member

    Routine System Partition "Imaging" is the best Strategy. You will never again have to "struggle" with Malware cleaning.
    Last edited: May 12, 2012
  16. tomazyk
    Offline

    tomazyk Guest

    I usually take this steps when removing malware:
    1. Start CCleaner and remove all internet and system temporary files.
    2. Scan computer with boot CD's (Avira and Kapsersky) and remove everything they find.
    3. Log into windows and disable and enable system restore. That way I remove possibly infected restore points.
    4. Check autostarts with Autoruns and disable all unnecessary and suspicious items.
    5. Restart and scan computer with MBAM and Hitmanpro.
    6. Install AV (usually Avast), update it and scan computer with it.
    7. Run Gmer to see if there are any rootkit activities.
    8. If all this doesn't solve the problem I reinstall the system. After install and update I install imaging software and backup new system.

    This procedure worked great for me in last years. I didn't have to clean machine for a while now. It looks like people are getting more careful when using computer.
  17. gerardwil
    Offline

    gerardwil Registered Member

    I agree as well here. I often see "unclassified people" (sorry if this seems harsh) cleaning machines resulting in doing more harm then good.
    Not to say some make it more tricky by running tons of anti-whatever-malware progs. on their machines.
  18. Fox Mulder
    Offline

    Fox Mulder Registered Member

    I've never been infected with malware, but if I was, I'd probably do a fresh reinstall...
  19. SourMilk
    Offline

    SourMilk Registered Member

    Quote: "An ounce of prevention is worth more than a pound of cure."

    That being said, I recommend imaging a clean OS with the MBR. If not, reinstall the OS. One can never be sure that all the infection/damage is corrected by so-called cleanup tools. In many cases, products like Hitman Pro and Malwarebytes can delete most of the malware. However, malware that changes integral parts of the OS cannot be cleaned without crippling the OS or some of it's features.

    Personally, I use Image for Windows, Avast Internet Security, and Shadow Defender on constantly.

    There! Take that malware! Mmmmwwwaaahhaahhaahhaa :D
  20. LockBox
    Offline

    LockBox Registered Member

    Bingo. I use boot-to-restore products like Returnil, Deep Freeze, and Drive Vaccine and therefore have no problems that can't be fixed with a simple reboot. As TheKid7 said, routine imaging is also important in case you just want to start fresh with a "perfect image" without the need to reinstall Windows.
  21. CogitoTesting
    Offline

    CogitoTesting Registered Member

    @ mattfrog

    My strategy is the sledge hammer or preferably Linux, that's it. :D.

    Thanks.
  22. Tsast42
    Offline

    Tsast42 Registered Member

    Malware infection! :D What better excuse for wipe and load?

    I love my Windows disk! :-*
  23. general_zerohour
    Offline

    general_zerohour Guest

    I agree prevention is best using KIS, Zemana, OPENDNS, Plus daily image taken daily by Acronis True Image.
  24. tk55
    Offline

    tk55 Registered Member

    sorry for been a noob. i've thought about such products before and found them not suitable for user like me who changes their windows setup all the time.

    am i wrong in thinking that these softwares simply revert your windows back to exactly how it was and removed any changes upon reboot? who uses a computer with contents that never changedo_O i must be missing something. can someone enlighten me please?
  25. Ranget
    Offline

    Ranget Registered Member

    you can exclude a Drive from Protection to save your Docs in it
Thread Status:
Not open for further replies.