Combat proven cleaning process for removing stubborn malware.

Below a combat proven cleaning process for removing stubborn malware. (Start with boot cd:s to kill most resistance before going to Windows.)

1. AV boot cd - Avira/Kaspersky
2. UBCD4Win + DrWeb Cureit/Emsisoft Emergency*
3. Hitman Pro**
4. Malwarebytes antimalware
5. Prevx free + manual cleaning with UBCD4Win if needed
6. Switch Windows firewall on.
7. Winpatrol (For manual analysis: HOSTS-file, startups etc.)
8. Clean Alternate Data Streams (ADS)
9. Uninstall old AV. Install new AV and scan with it.
10. Remove with CCleaner temp-files and clean registry. (Take registry snapshot before cleaning.)
11. Verify the Integrity of Windows system files (sfc /scannow)
12. Check for Windows/Microsoft updates.
13. Check updates of other programs with Secunia sofware inspector
14. Check DNS-settings. Here more info.
15. Empty the system restore and create a new restore point. (XP, Vista/7)
16. run chkdsk /r

*) Notice, that all these portable antimalware can be used with UBCD4Win boot cd.

**) If you meet a malware that still blocks executables, try a "Force Breach" start of Hitman Pro (hold the left Ctrl-key until the man with the ladder appears while opening Hitman Pro). If you get UAC prompt you need to keep holding ctrl while you acknowledge the message. In case the internet connection is broken or unavailable, start a Early Warning Scoring (EWS) scan by selecting it from the Next button. This will also reveal: 1) The use of a local proxy server (an indication of malware redirecting or sniffing your web activity). 2) Check and fix an invalid Winsock stack. 3) Detect problems with NDIS (Network Driver Interface). 4) Track down rootkits or other malware that are cloaked, perform suspicious activity or have many bad characteristcs (unethical construction and/or behavior).

 

And what does your majesty suggest we do if a rescue disk deletes a file that renders Windows unbootable?

 

If NO reliable Back-Up solution exists (i.e. Imaging, ISR SnapShot etc.),
grab your Windows CD and prepare for a FORMAT...

 

Actually, if time permits, then a clean install or a clean image restore should be the way to go. The methods outlined above should be used if and only if a reinstall/image restore is out of the question.

 

No love for SUPERAntiSpyware?

Any other AM that works with UBCD4Win?

 

See my list for portable antimalware that works with UBCD4win

 

Before cleaning process you should pray power from the Flying Spaghetti Monster. That'll do the trick.

 

ako is correct

 

If its left unbootable due to missing file just get your windows CD out and go to the recovery console. Then you can try the repair function. You have a fairly good chance that it will restore the erased file. I've saved not only my system but a friends as well. Friends don't let friends use registry cleaners and unlocker without help.

 

it is always good to have the original recover CD for just in case the only way is Formatt

 

The one in your sig? It doesnt say which ones work with UBCD4win

 

They all should work.

 

I hope my subservient RaviG is now happy!

http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm#cleanup

Below a combat proven cleaning procedure for removing stubborn malware. (We start with boot cd:s to kill most resistance before going to Windows.)

1. AV boot cd - Kaspersky/Avira
2. UBCD4Win + DrWeb Cureit/Emsisoft Emergency*
3. If system becomes unbootable try repairing Windows with the XP recovery console or Vista/7 system recovery options menu. (These may be found in the boot menu, but if they have not been installed, you can use them with original install cd or with a specially made recovery cd. (Look also here.)
4. Hitman Pro**/Prevx free + manual cleaning with UBCD4Win/Bitdefender boot cd
5. Malwarebytes antimalware/Superantispyware
6. Winpatrol (For manual analysis: HOSTS-file, startups etc.)
7. Remove with CCleaner temp-files and clean registry. (Take registry snapshot before cleaning.)
8. Clean Alternate Data Streams (ADS)
9. Verify the Integrity of Windows system files (sfc /scannow)
10. Check DNS-settings. Here more info.
11. Switch Windows firewall on.
12. Uninstall old AV. Install new AV and scan with it.
13. Check for Windows/Microsoft updates.
14. Check updates of other programs with Secunia sofware inspector
15. Empty the system restore and create a new restore point. (XP, Vista/7)
16. run chkdsk /r

*) Notice, that all these portable antimalware can be used with UBCD4Win boot cd. You can copy them to hard disk, USB stick or CD. Run always "full scan".

**) If you meet a malware that still blocks executables, try a "Force Breach" start of Hitman Pro (hold the left Ctrl-key until the man with the ladder appears while opening Hitman Pro). If you get UAC prompt you need to keep holding ctrl while you acknowledge the message. In case the internet connection is broken or unavailable, start a Early Warning Scoring (EWS) scan by selecting it from the Next button. This will also reveal: 1) The use of a local proxy server (an indication of malware redirecting or sniffing your web activity). 2) Check and fix an invalid Winsock stack. 3) Detect problems with NDIS (Network Driver Interface). 4) Track down rootkits or other malware that are cloaked, perform suspicious activity or have many bad characteristcs (unethical construction and/or behavior).

 

Interesting approach! Mine is only slightly similar.

1) Dr.Web Live CD
2) Kaspersky Live CD
3) COMODO Firewall w/D+ (Paranoid settings) and prevent anything unknown from running
4) Gmer
5) VBA Antirootkit
6) HMP, MBAM, Emsisoft, Prevx, Norton Power Eraser
7) TDSSKiller, virutkiller, zbotkiller, SalityKiller
8 ) Review anything blocked by COMODO
9) CCleaner
10) HijackThis, SysInspector, HijackFree

I curious about cleaning ADS though, is it something you would consider crucial?

 

ADS is sometimes used by rootkits, not obligatory but could be useful.

 

Thanks for the lists. There's a few I didn't know about