Anti-Malware Toolbox

Re: Your Malware Removal Toolbox

I always bring malwarebytes and superantispyware. If the system is too slow or unusable because infections I use ultimate boot cd and run superantispyware anyway

 

Re: Your Malware Removal Toolbox

Did you run Hitman Pro with Force Breach, because I have never experienced problems with it?

There are a lot of useful tools: but the best option I have available is the fact I have a clean complete system image (created on the moment with only all the essentials installed: Windows, drivers and all the common utilities and programs) and Windows backups. I can use them when using a System Restore Point fails.

Other useful tools:
* Unlockers and related: Rkill, FileASSASSIN (also included in Malwarebytes' Anti-Malware), RegASSASSIN and so on;
* Portable scanners: Dr. Web CureIt!, SUPERAntiSpyware Portable, Norton Power Eraser, Emsisoft Emergency Kit;
* special tools: removal tools for specific viruses by companies like Kaspersky, ESET and Sophos, for example TDSSKiller;
* Bootable system rescue discs.

 

Re: Your Malware Removal Toolbox

The most common infection I work on are rogue AV's.

First app to run is Malwarebytes but if an exe killing rogue is active then it's either one of the RKill versions or I have found RogueKiller to be quite good.

The rogue's that use a rootkit such as Antivirus 2010 where even HMP's forcebreach fails then RogueKiller seems to do a good job yet again against this family of rogues.

If you have already attempted to run MBAM or HMP with Antivirus 2010 active then after using RogueKiller to nullify the rogue you need to give yourself back permissions on both HMP and MBAM's exes in order to get a scan up and running to clean up any dregs.

You can manually go into Device Manager and disable the rogue's system driver (highlited in pic) which will allow a scan to proceed with MBAM or HMP giving yourself permissions on the exes if needed.

Log from RogueKiller with Antivirus 2010 active:

 

Re: Your Malware Removal Toolbox

when I am going for outcall I download a fresh copy of dr.web cureit and also carry ubcd4win incase the pc is not bootable..

 

Re: Your Malware Removal Toolbox

I do a lot of what has already been mentioned plus I made a Shardana Antivirus boot CD. It has several different AV's on it including Kaspersky, Avira, Bit Defender, Dr Web, G-Data and F-Secure. Using something like a Shardana boot CD it does not matter if the computer you are working on can boot or not.

 

Re: Your Malware Removal Toolbox

If the pc has multiple infections where there's several probs such the internet not working, system errors etc then my last resort app is Combofix before a repair install or a save data/wipe/reinstall.

If you are confident with Combofix then it can be used at any cleanup stage.

 

Imaging was mentioned as a fast recovery method. But wouldn't it be troublesome to try to restore an image of system in a totally different computer ? I thought it would give errors or something.

 

U can use this http://reboot.pro/13555/ to make a super iso combining sardu and ubcd4win

 

Re: Your Malware Removal Toolbox

absolutely right