Cleaning infected system?

Discussion in 'other anti-malware software' started by Bio-Hazard, Apr 26, 2007.

Thread Status:
Not open for further replies.
  1. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    I would like to collect a arsenal of programs that, if i have to clean a infected computer and what programs to put on it afterwards. So can you give me some ideas?

    1. Antivirus
    2. Antispyware
    3. Special tools
    4. Firewall
    5. any other programs that you think is useful

    Thanks

    Kristian
     
  2. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Comodo BOClean, Superantispyware free edition, Spyware Terminator, AVG anti spyware free, A squared free, Avast home, Spyware Blaster. CCleaner.
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    5. Image Backup + Immediate System Recovery (for instance : ShadowProtect + FirstDefense-ISR)
    If anything goes wrong, these programs will put you back in business in no time.

    6. Separate your personal files from your system files :
    System partition [C:] = Windows + Applications
    Data partition [D:] = personal data, emails, ... anything what is created or downloaded by you.
     
  4. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    To cheater87: Thanks i have donwloaded all of them already!:thumb:
     
  5. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    Thanks. I just actually started a new thread in FDISR forum about using in. I am really intrested in using it.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    This is a very dangerous thread.
    It requires a very long answer.

    To help myself answer it, I believe in minimalistic approach and heavy use of brains to make the computing logical and effective.

    Cleaning - I think full format is the best way. Going into minutes about how to clean particular infections is difficult - you have dozens of malware-removal forums where they can offer that information.

    Some general rules:

    Cleaning should never be done unless you have a full backup of personal information - or can perform one. If not, it's very very troublesome.

    Cleaning should always begin with trimming down on unwanted applications via add/remove, cleaning temporary files and similar junk.

    Second stage is using full system update, if possible.

    Third, updating existing security applications and running scans until malware is cleaned or at least you reach a stage where you no longer progress. This includes normal and safe mode scans.

    Fourth, trying some more, 2-3 online AV scans, 2-3 local AT, AS scans, maybe a few anti-rootkit tools etc. Remember that all these require expertise to properly analyze the logs.

    Fifth, if system is deemed cleaned, use a firewall, anti-virus and Firefox as basic security.

    Of course, cooperation from the owner is expected, otherwise problems will reoccur.

    Having live CDs is a must, including Windows and Linux-based live CDs, which include a variety of forensic tools.

    You can also check my website for information on:

    Internet usage and behavior (including basic security advice)
    Windows XP install (including basic security advice)
    Useful Windows programs (you'll find your cookies and sweet there)

    Other places where you can look for information that I can think of right now:

    RejZor's site (includes a long list of online AV scanners and other useful tools); he's a member of this forum.

    Names of products that I can recommend, without links as I'm not in the mood link.

    Firewall: ZA, Comodo, Sygate, Kerio.

    Anti-virus: AVG, avast!, Antivir, ClamAV, BitDefender, Kaspersky IE plugin, Dr. Web Firefox plugin, McAfee Stinger, MWAV, many other useful AV tools for dedicated cleaning of specific infections - more information on sites of many of the above listed products.

    Anti-malware: AVG AS, A2, SAS.

    Anti-rootkits: AVG, RootkitRevealer, gmer, IceSword, RkU - these will kill your machine if used unproperly; be extra extta cautious.

    Special tools: Autoruns, ProcessExplorer, HijackThis.

    Live CD utilities: BartPE, UBCD4WIN, Knoppix, Helix, SystemRescueCD.

    That's it for now. Me mind is blank.

    Enjoy,
    Mrk
     
  7. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    Thank you for your honest answer. I also think full format would be best way to go. I also believe in backing up all important data. But i have few friends and family members who dont listen at all what when it comes to computer security. So thats why i started this thread. So when time comes to help them to clean their computers i am ready. You could ask why should i help them...well they are still my friends and family!

    Dealing with programs like RootkitRevealer, gmer, IceSword, RkU i know i need to be very careful and i would definately ask for advice before i do anything.

    I know it is difficult go into detail of how to clean specific infections, but what i am looking for is software that i can download and have it ready. I have been to your and RejZor's site. I have donwloaded almost all of the programs. I am creating a special security usb memory stick. I have also printed your answer and that will be added to it aswell. I am also educating myself by reading all kinds of artciles about computer security, as many i kind find.

    I hope you can make something out of my reply.

    Kristian
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Hi Kristian

    Time wise prevention is soooo much easier then cleaning. And some threats leave you with nothing to clean. Last time I spent almost 8 hours trying to clean a machine, and in two days it was gunked up again because the person took no action. That was the last time I get involved with cleaning. If people have to pay for the cleaning then maybe they will pay attention.

    I know these folks are family and friends, but if you are wise you will stick to advising on prevention, and not get involved with cleaning. When I am asked for help, I always say my only expertise in cleaning comes from restoring backups, and I ask them if the have backups. If no I can't help. Otherwise you will waste lots and lots of time.

    Pete
     
  9. wat0114

    wat0114 Guest

    I would check out the Castlecop's Malware Removal and Prevention page.

    For those who don't want to clean their systems, restoring an image using Ghost or Acronis is probably better - certainly faster - than formatting.
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    My security is partly based on recovery to have my clean machine back in no time.
    I did it extreme, each time I reboot, my system partition starts with a clean shirt. ;)
     
  11. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    I know and trust me i have tried. I do believe in prevention, but it is hard when you nobody isnt listening you. Family members i have sorted out...almost. Few things to do and i am done. When it comes to friends i do what i can. I am also lucky that nothing has happened..yet anyway. I am collecting this software for rainy day. Thanks!

    Kristian
     
  12. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    Thanks for that site. I personally use acronis and i am thinking of adding FDISR to my set up.
     
  13. wat0114

    wat0114 Guest

    You are welcome. I will say that although Castlecops’ cause is very generous and noble, those seeking their services can wait two weeks or more to get their machine cleaned. They are backlogged constantly with hijackthis log submissions. This lengthy wait makes even re-formatting a much better option IMO, but only if the victim of a malware infection has all valuable data backed up. I still favor the idea of using imaging software combined with routine backups. Personally, I can re-image my drive in <1 hour compared to ~ 6 hrs to re-format and reinstall/reconfigure/patch everything.
     
  14. Bio-Hazard

    Bio-Hazard Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    529
    Location:
    Cornwall, UK
    I thought that would be the case. I have been following hijackthis log threads in spywarewarrior site and they are also very busy. I also think imaging software and routine backups are they to go.

    Kristian
     
  15. coldplay

    coldplay Registered Member

    Joined:
    Nov 12, 2006
    Posts:
    191
    if you know what infected your system then use dedicate removeal tool for it.
    if you dont know , then get a good AV install file and latest updates file from somewhere else. CUT off your internet so you wont have to install firewall install av on your PC in safe mode then manually install the update. then go to restart to your account do a full scan. restarted after cleaning. scan again. scan in safe mode if necessary.
     
Thread Status:
Not open for further replies.