Cleaning procedure

Discussion in 'other anti-malware software' started by ako, Nov 11, 2010.

Thread Status:
Not open for further replies.
  1. ako

    ako Registered Member

    Nov 16, 2006

    Cleaning procedure

    Below a combat proven cleaning procedure for removing stubborn malware. ( All steps are not necessarily needed.)

    1. AV boot cd - Kaspersky/Avira (How to enter BIOS How to set BIOS to boot from the CD)
    2. UBCD4Win + DrWeb Cureit/Emsisoft Emergency*
    3. If system becomes unbootable try repairing Windows with the XP recovery console or Vista/7 system recovery options menu. (These may be found in the boot menu, but if they have not been installed, you can use them with original Windows install cd or with a specially made recovery cd. (Look also here.)
    4. Repair possibly corrupted .exe association made by malware.
    5. Repair internet connection, if it was lost during cleaning.
    6. COMODO Firewall with Defence+ ***
    7. You can try to perform the next two steps in Safe Mode** with networking
    8. Hitman Pro****
    9. Malwarebytes antimalware/Superantispyware
    10. Prevx free + manual cleaning
    11. Winpatrol (For manual analysis: HOSTS-file, startups etc.)
    12. Remove with CCleaner temp-files and clean registry. (Take registry snapshot before cleaning.)
    13. Clean Alternate Data Streams (ADS)
    14. Verify the Integrity of Windows system files (sfc /scannow)
    15. Check DNS-settings. Here more info.
    16. Switch Windows firewall on.
    17. Uninstall old (possibly corrupted) AV. Install new AV and scan with it.
    18. Check for Windows/Microsoft updates.
    19. Check updates of other programs with Secunia sofware inspector
    20. Repair system modifications made by malware.
    21. Empty the system restore and create a new restore point. (XP, Vista/7)
    22. run chkdsk /r
    23. If you suspect you've had MBR-rootkit you can repair MBR with the XP recovery console or Vista/7 system recovery menu. (Look also here.)

    *) Notice, that all these portable antimalware can be used with UBCD4Win boot cd. You can copy them to hard disk, USB stick or CD. Run always "full scan".

    **) Some malware does not run in safe mode.

    ***) Use paranoid settings and prevent anything unknown from running. Check these.

    ****) If you meet a malware that still blocks executables, try a "Force Breach" start of Hitman Pro (hold the left Ctrl-key until the man with the ladder appears while opening Hitman Pro). If you get UAC prompt you need to keep holding ctrl while you acknowledge the message. In case the internet connection is broken or unavailable, start a Early Warning Scoring (EWS) scan by selecting it from the Next button. This will also reveal: 1) The use of a local proxy server (an indication of malware redirecting or sniffing your web activity). 2) Check and fix an invalid Winsock stack. 3) Detect problems with NDIS (Network Driver Interface). 4) Track down rootkits or other malware that are cloaked, perform suspicious activity or have many bad characteristcs (unethical construction and/or behavior).
    Last edited: Nov 11, 2010
  2. ReverseGear

    ReverseGear Registered Member

    Mar 21, 2010
    12. Clean Alternate Data Streams (ADS)
    what's this ?
  3. ako

    ako Registered Member

    Nov 16, 2006
    The original list has links that explain e.g. this, see there :)
  4. TheKid7

    TheKid7 Registered Member

    Jul 22, 2006
    20. Repair system modifications made by malware.

    I noticed that SuperAntiSpyware Free shows many System repair options under Preferences. However, I have never used these repair options since I have never been in a situation that may need them.


    1. Has anyone used the SAS System repair options? Feedback?
    2. Do the SAS System repair options cover all System repairs that may needed?
    3. Do the SAS System repair options work in both SAS Free and SAS Pay versions?

    Thank in Advance.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.