Combat proven cleaning process for removing stubborn malware.

Discussion in 'other anti-malware software' started by ako, Sep 4, 2010.

Thread Status:
Not open for further replies.
  1. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    Below a combat proven cleaning process for removing stubborn malware. (Start with boot cd:s to kill most resistance before going to Windows.)

    1. AV boot cd - Avira/Kaspersky
    2. UBCD4Win + DrWeb Cureit/Emsisoft Emergency*
    3. Hitman Pro**
    4. Malwarebytes antimalware
    5. Prevx free + manual cleaning with UBCD4Win if needed
    6. Switch Windows firewall on.
    7. Winpatrol (For manual analysis: HOSTS-file, startups etc.)
    8. Clean Alternate Data Streams (ADS)
    9. Uninstall old AV. Install new AV and scan with it.
    10. Remove with CCleaner temp-files and clean registry. (Take registry snapshot before cleaning.)
    11. Verify the Integrity of Windows system files (sfc /scannow)
    12. Check for Windows/Microsoft updates.
    13. Check updates of other programs with Secunia sofware inspector
    14. Check DNS-settings. Here more info.
    15. Empty the system restore and create a new restore point. (XP, Vista/7)
    16. run chkdsk /r

    *) Notice, that all these portable antimalware can be used with UBCD4Win boot cd.

    **) If you meet a malware that still blocks executables, try a "Force Breach" start of Hitman Pro (hold the left Ctrl-key until the man with the ladder appears while opening Hitman Pro). If you get UAC prompt you need to keep holding ctrl while you acknowledge the message. In case the internet connection is broken or unavailable, start a Early Warning Scoring (EWS) scan by selecting it from the Next button. This will also reveal: 1) The use of a local proxy server (an indication of malware redirecting or sniffing your web activity). 2) Check and fix an invalid Winsock stack. 3) Detect problems with NDIS (Network Driver Interface). 4) Track down rootkits or other malware that are cloaked, perform suspicious activity or have many bad characteristcs (unethical construction and/or behavior).
     
  2. iravgupta

    iravgupta Registered Member

    Joined:
    Dec 17, 2009
    Posts:
    605
    And what does your majesty suggest we do if a rescue disk deletes a file that renders Windows unbootable?
     
  3. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    If NO reliable Back-Up solution exists (i.e. Imaging, ISR SnapShot etc.),
    grab your Windows CD and prepare for a FORMAT... :D:D:D
     
  4. iravgupta

    iravgupta Registered Member

    Joined:
    Dec 17, 2009
    Posts:
    605
    Actually, if time permits, then a clean install or a clean image restore should be the way to go. The methods outlined above should be used if and only if a reinstall/image restore is out of the question.
     
  5. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    No love for SUPERAntiSpyware? :D

    Any other AM that works with UBCD4Win?
     
  6. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    See my list for portable antimalware that works with UBCD4win
     
  7. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    Before cleaning process you should pray power from the Flying Spaghetti Monster. That'll do the trick.
     
  8. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    ako is correct:D :D :D
     
  9. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    If its left unbootable due to missing file just get your windows CD out and go to the recovery console. Then you can try the repair function. You have a fairly good chance that it will restore the erased file. I've saved not only my system but a friends as well. Friends don't let friends use registry cleaners and unlocker without help. :p
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    it is always good to have the original recover CD for just in case the only way is Formatt;)
     
  11. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    The one in your sig? It doesnt say which ones work with UBCD4win :blink:
     
  12. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    They all should work.
     
  13. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    I hope my subservient RaviG is now happy! :D

    http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm#cleanup

    Below a combat proven cleaning procedure for removing stubborn malware. (We start with boot cd:s to kill most resistance before going to Windows.)

    1. AV boot cd - Kaspersky/Avira
    2. UBCD4Win + DrWeb Cureit/Emsisoft Emergency*
    3. If system becomes unbootable try repairing Windows with the XP recovery console or Vista/7 system recovery options menu. (These may be found in the boot menu, but if they have not been installed, you can use them with original install cd or with a specially made recovery cd. (Look also here.)
    4. Hitman Pro**/Prevx free + manual cleaning with UBCD4Win/Bitdefender boot cd
    5. Malwarebytes antimalware/Superantispyware
    6. Winpatrol (For manual analysis: HOSTS-file, startups etc.)
    7. Remove with CCleaner temp-files and clean registry. (Take registry snapshot before cleaning.)
    8. Clean Alternate Data Streams (ADS)
    9. Verify the Integrity of Windows system files (sfc /scannow)
    10. Check DNS-settings. Here more info.
    11. Switch Windows firewall on.
    12. Uninstall old AV. Install new AV and scan with it.
    13. Check for Windows/Microsoft updates.
    14. Check updates of other programs with Secunia sofware inspector
    15. Empty the system restore and create a new restore point. (XP, Vista/7)
    16. run chkdsk /r

    *) Notice, that all these portable antimalware can be used with UBCD4Win boot cd. You can copy them to hard disk, USB stick or CD. Run always "full scan".

    **) If you meet a malware that still blocks executables, try a "Force Breach" start of Hitman Pro (hold the left Ctrl-key until the man with the ladder appears while opening Hitman Pro). If you get UAC prompt you need to keep holding ctrl while you acknowledge the message. In case the internet connection is broken or unavailable, start a Early Warning Scoring (EWS) scan by selecting it from the Next button. This will also reveal: 1) The use of a local proxy server (an indication of malware redirecting or sniffing your web activity). 2) Check and fix an invalid Winsock stack. 3) Detect problems with NDIS (Network Driver Interface). 4) Track down rootkits or other malware that are cloaked, perform suspicious activity or have many bad characteristcs (unethical construction and/or behavior).
     
    Last edited: Sep 10, 2010
  14. Cvette

    Cvette Registered Member

    Joined:
    Apr 16, 2010
    Posts:
    373
    Location:
    South Carolina, USA
    Interesting approach! Mine is only slightly similar.

    1) Dr.Web Live CD
    2) Kaspersky Live CD
    3) COMODO Firewall w/D+ (Paranoid settings) and prevent anything unknown from running
    4) Gmer
    5) VBA Antirootkit
    6) HMP, MBAM, Emsisoft, Prevx, Norton Power Eraser
    7) TDSSKiller, virutkiller, zbotkiller, SalityKiller
    8 ) Review anything blocked by COMODO
    9) CCleaner
    10) HijackThis, SysInspector, HijackFree

    I curious about cleaning ADS though, is it something you would consider crucial?
     
  15. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    ADS is sometimes used by rootkits, not obligatory but could be useful.
     
  16. yashau

    yashau Registered Member

    Joined:
    Oct 13, 2008
    Posts:
    151
    Thanks for the lists. There's a few I didn't know about :)
     
Loading...
Thread Status:
Not open for further replies.