Cleaning infected machines

Discussion in 'malware problems & news' started by Peter2150, Sep 17, 2009.

Thread Status:
Not open for further replies.
  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Hi All

    I am curious. If you have experience cleaning infected machines, how many tools, did you need to clean the machine. I don't care what the tools are, just how many you needed.

    THanks,

    Pete
     
  2. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    Usually only 1 or 2 tools + brain power, or slave the infected drive and do whatever needs doing. If it's virut or similar I just backup files, wipe drive and reinstall.
     
  3. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I'm not a professional malware remover, so I don't have a massive amount of experience of cleaning infected systems as I only do this for people in my immediate social circle.

    Usually, I start with an anti-virus scanner for the heavy lifting, followed by a couple of anti-malware scanners to remove any remaining spyware and adware. The exact approach though can vary, depending on how badly infected the system is and the nature of the infection.
     
  4. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    three to four (3-4)


    HKEY1952
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    In the last year, I bet 80% + has been malware problems for people I know. In almost every case MBAM alone is enough to do the job. The remaining has been manual removal of whats left. In many cases, they are new computers that came with a commercial AV, and the user did not understand it was only a 30-day trial. Disgusting practice IMO.

    Sul.
     
  6. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    I had to type them out first so I could count . Before I quit IT for my current gig I had 3 anti rooter , 3 load point list apps , 1 policy tool , 1 permissions tool , 1 all in one junk file location cleaner , 1 process tool , 1 reg tool and 1 hex viewer .
     
  7. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    2 rootkit
    1 permission
    1 junk cleaner
    1 AV
    2 Process
    1 Reg
    1 Hex

    /C.
     
  8. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I have very limited experience with removal of malware. If someone asks me to remove malware from their PC, I will probably do something like this:

    1. AVIRA Rescue CD - Used to get rid of most of the malware when it does not have a chance to fight back (re-install itself).

    2. SuperAntiSpyware Free

    3. Kaspersky AVP Tool

    4. A-Squared Free (Maybe)

    5. SuperAntiSpyware Free - Perform any necessary System and Browser "Repairs". SuperAntiSpyware->Preferences->Repairs
     
  9. Lebowsky

    Lebowsky Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    161
    I routinely clean up my family and friends computers of malware.
    It takes a few hours, but i've always managed to clean them.
    If for some reason its very serious infection, then i might have to post a HJT log on bleepingcomputer forums.

    This is what i do.
    I first install Avast! and then apply the latest virus definitions that i download on a USB stick.
    BTW, my USB stick already has a AUTORUN.INF folder create in it, that cannot be deleted or replaced, so the infection cant jump into my pendrive.
    The PC remains disconnected from the internet.
    Then i run a boot-scan.
    If i try to install MBAM first, many times the system is so borked,
    that it refuses to run because some virus/rootkit is trying to stop it from loading! :ninja:
    Oh i forgot to add, before installing Avast! i run RootRepeal.exe
    What a fantastic and powerful anti-rootkit program it is!!
    It always finds these weird rootkits on scanning, so i force delete them.
    Then, i proceed with the Avast! installation, because now the rootkit is atleast crippled, it cant stop Avast from running.

    Ok, so after the bootscan, Avast will usually find and delete hundreds of infected system files, but of course it dosent get them all.

    Then, i run MBAM and also manually apply the latest updates.
    Then the full scan will find 20+ additional infected files.

    Then i run SuperAntispyware, and then it finds the remaining ones.

    By the time i run these 5 programs, all traces of infection are gone.
    Oh yeah, i do turn off system restore, and then create a new restore point.

    Oh and somewhere along there i run ATF cleaner, awesome tool, deletes a lot of crap too.

    Then, once the system is clean, i install USB disk security, and now im thinking of installing or atleast recommending DEfenseWall as well.

    Deep Freeze also works for kids computers.
     
  10. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Dont often need to remove malware, only a few times a year.

    (Bellow is excluding SystemRestore, gpedit and the Windows CD)

    6 manual removal tools in my aresnal which is more than enough (normally use 2-3 depending on the type of infection) - for removal of active malware.

    2 scanners (sometimes offline scan, sometimes online scan) - for removal of inactive malware.
     
  11. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    As a rule I use 2 separate tools,however the actual number of individual programs are too numerous to count,I pick and choose based upon the issue at hand.The tools are:

    1.A copy of UBCD4Win (regularly updated) for severely infected/unbootable systems.
    2.A USB drive containing dozens of portable apps.
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Thanks guys, I am getting the picture. This is very helpful
     
  13. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    I always use 3 tools to clean the computers.
     
  14. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,124
    Location:
    Pennsylvania.
    I used 4 programs and got it pretty much clean.
     
  15. rolarocka

    rolarocka Guest

    I usually go to Safe Mode and use HijackThis do delete some weird autoruns.
    After that installing mbam and sas etc. is a breeze. gmer for rootkits. If nothing helps -> boot cd's.
     
Loading...
Thread Status:
Not open for further replies.