How to clean a infected computer?

Discussion in 'malware problems & news' started by solphusion, May 6, 2011.

Thread Status:
Not open for further replies.
  1. solphusion

    solphusion Registered Member

    Joined:
    May 6, 2011
    Posts:
    23
    The notebook of my girlfriend was heavily infected with malware like trojans that she got via USB. I tried to clean it (now there are no more warnings left - in total I found between 5-8 malware things).

    Is there anything more to do to check if there is still malware on her laptop? I scanned all files on her system with:

    - Kaspersky Virus Removal Tool (free)
    http://www.kaspersky.com/virus-removal-tools

    - Avira Antivir Personal (free) (she did not have that installed before, she had some other AV)
    http://www.avira.com/en/avira-free-antivirus

    - Microsoft Windows Malicious Software Removal Tool (free)
    http://www.microsoft.com/security/malwareremove/default.mspx

    - McAfee Stinger (free)
    http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx

    - Malwarebytes Anti-Malware (free)
    http://www.malwarebytes.org/products

    - Hitman Pro (free)
    http://www.surfright.nl/en/hitmanpro/

    - Immunet (free) (and installed it as addition to Avira)
    http://www.immunet.com/



    I did not have the time yet to use an online-scanner like recommend by this website:
    http://webcache.googleusercontent.com/search?q=cache:VFWc3KLaVegJ:www.elitekiller.com/malware.htm

    F-Secure Online Scanner
    http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/online-scanner/

    Eset (NOD32) Online Scanner
    http://www.eset.com/home/products/online-scanner

    Bitdefender Online Scanner (part of G-Data's multi-engine that is part of Hitman Pro's multi-engine)
    http://www.bitdefender.com/scanner/online/free.html
     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I would scan with one or more Antivirus Rescue CD's. Here are three of the many available ones.

    1. Avira Rescue System
    2. Kaspersky Rescue Disk 10
    3. Dr.Web LiveCD

    Also, I would do a Full Scan with Dr.Web Cureit. The time for a Full Scan with Dr.Web Cureit is rather long (several hours).

    There are a lot of good ideas here:

    -http://realsecurity.web.officelive.com/removemalware.aspx-
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    The best cleaning is a clean disk image.
     
  4. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    2. Kaspersky Rescue Disk 10

    is the worst rescue disck it take ages to finish scanning and remove only signature based viruses

    use DRWeb

    And tell her to change her passwords from there
    it has surfing capability


    i'm with J_L

    Re install is the only solution


    my general Cleaning method is :
    1- Hitman
    2-MBAM - SAS - Eset online scanner under safemode
    4-kaspersky virus removal and tdsskiller if needed


    but this will not work if it's a new virus
    the only way to be sure is to reinstall

    as a wise man once said " when the trust is Broken it's Broken!!! "
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Disk Imaging isn't the same as re-installing. It's far more convenient, quicker, and more up-to-date.
     
  6. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I agree. It can take hours and hours to attempt to clean Malware from a PC and then you are never sure it is really clean.
     
  7. solphusion

    solphusion Registered Member

    Joined:
    May 6, 2011
    Posts:
    23
    Thx again for your answers. I'm going to scan her laptop with Dr.Web CureIt!, just as TheKid7 and Ranget have recommended (and I'm doing this out of curiosity if there was anything left, that all the other scanners have missed).

    Another idea would be to download, install and scan the computer (one after the other, only one product per time)(again out of curiosity if there was anything left) with the 30 day trial versions of:

    - G-Data (combines the engines of AVAST and BitDefender)
    http://www.gdata-software.com/home-security/antivirus-2011/

    - or TrustPort (combines the engines of AVG and BitDefender)
    http://www.trustport.com/en/download

    - and Kaspersky
    http://www.kaspersky.com/trials


    Because the trust is broken, finally Windows has to be re-installed (she won't manage disk imaging herself).


    Question: Should Dr.Web CureIt! be run in Windows safe mode, as well?
     
  8. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I'm sure disk imaging isn't harder than running, updating, uninstalling trials of all these scanners in various environments (Normal Mode, Safe Mode, Boot CD, etc).
     
  9. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    really.

    it is amazing to me that the best solution to malware and hardware failure, imaging, is being ignored by most everyone.

    most people i know either don't know, or don't care about normal backups.
    less alone imaging...:blink:
     
  10. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I agree.

    I know a person with a 4 year old laptop which I recently only partially(?) cleaned (SAS Portable) for him. He has the original Antivirus software which has never even been activated (An inactive Antivirus product with no activation or signature updates for 4 years!!!). He says that the PC works better now and "sort of" acknowledges that he "may" need a Antivirus product. It has been several weeks since I have brought up the need of an Antivirus product.

    I have brought up Imaging of the Windows System Partition to several dozen people with only one person eventually saying yes and using Macrium Reflect Free.

    I have also recommended Sandboxie to several dozen people with only two people using Sandboxie. One person being the same person who listened and started using Macrium Reflect Free. The other person may not use it regularly and may not have it set up properly.

    Also, there is another person who partially listened to me. He did uninstall his McAfee which had no updates for over a year. He was infected with a Rogue disk utility which essentially crippled his PC. I brought him a copy of the Avira Rescue System CD. He eventually figured out how to boot the CD and use it. Avira killed that Rogue plus a "bunch" of other Malware and he was able (after I told him how) to remove the blocked CD/DVD access that that Rogue had caused. He installed Avast and his PC got infected again. He still has the Avira Rescue System CD which he boots, updates and scans/cleans periodically. I mentioned using Sandboxie, MBAM, SAS, Dr.Web Cureit and he won't use any of them. I also brought up the need of Imaging which was a big "waste of time" to bring up to him.
     
    Last edited: May 7, 2011
  11. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Disk imaging is not going to be an easy solution for a lot of people.

    For one, you need an external source that is big enough to hold all of your data. Some times that is a tougher nut to crack by itself. I have a 120 GB external pocket drive that I keep images on, but I need to turn up the compression to make an image... and I can only keep 1 image on it. I have more than one machine, and I can only image the one I use the most.

    Sure, I could buy a bigger drive, but then that would cost $100... but to be honest, considering the alternatives, I personally opt to just keep my essential data backed up. Everything else can be recovered with enough time.

    Another big disadvantage to imaging is the fact that a lot of people aren't on the computer with a lot of time to kill. They use it as a tool, and get back to their regular life. Imaging takes time, and I only do it on one machine every few months. The idea of doing it weekly, or even monthly, like some people do... its just too much.

    In the end, I'd prefer to just backup my important data via network share, external drive, or cloud based service. I just use xcopy to update any changed files every couple of days, and it takes roughly five minutes. On the machines I don't use that much, and I don't make an image for, this is more than good enough. If something happens I'll just take the time to reinstall.

    Prevention is key though. I use Sandboxie personally in conjunction with applocker on almost every program I run. Unless there is a network based attack that can bypass windows firewall, or a drive by attack that can bypass Applocker and Sandboxie, I'm golden. Its been a while since I've had this combo, and I'm pretty encouraged by it.
     
    Last edited: May 7, 2011
  12. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I have suggested to some people to "at least" make what I call a "base" Image to DVD(s). My definition of a "base" Image is one that is made on a "for sure" clean PC with the software installed that they plan to use. This would ideally be done on a PC that has recently had a "clean" install of Windows + any needed software.

    I typically suggest to use Image for Windows and Image to DVD(s). The 1st DVD is bootable and the Image Restore process is quite simple. If the PC ever gets messed up (Malware, hard drive failure, etc.) then they can easily do the Image Restore themselves rather than taking it to some "high dollar" place like BestBuy.

    My suggestion to others was done only once (by myself) when someone purchased a copy of Image for Windows as a gift for a friend with tight finances. I did a Crtl F11 (Dell) + Windows Update + Image for Windows + some additional software. I made two sets of Restore DVD's (just in case one set got damaged) and returned the PC to the owner.
     
  13. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Remember when they used to actually give you those images with the PC? For some reason they are too cheap to do that now.. I never quite understood why they stopped. It can't cost them more than a dollar to supply the media.

    I've made a couple universal images for the purpose of "fresh start" re-imaging.. you can even throw a copy of Office, and any other common software on there.. It gets things up and running pretty quick.

    If we are talking about the avg person though, I've learned that they will never do anything "the right way". I can't tell you how many times I put Sandboxie on a machine, and told them to simply click on the Sandboxie icon... only to have them not do it. I don't even really understand this, since sandboxie will launch the same browser they use.

    Essentially I think what it comes down to is that people don't even want to be bothered learning to click on a different icon... and that isn't very encouraging IMO.
     
  14. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I am guessing that they hope that you will not create your own Restore DVD's (Most people don't.). That way they can sell you one later when you get in a "bind". I have the impression (from listening to other people) that they charge around $40 for Restore DVD's.

    I forgot to mention in Post #10, above, that the person with the never activated Antivirus has never made his Restore DVD's. I offered to do it for him if he would pay for the blank DVD+R's, but he is dragging his feet on bringing the PC back to me.
     
  15. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Probably. People would rather just buy a new computer for $400 then have best buy charge $200 to have the OS reinstalled on their four year old machine. They are half way to a new computer anyway, so why not upgrade?

    I guess they have to find some way to keep computer sales climbing..
     
    Last edited: May 7, 2011
  16. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I read somewhere (I think in this forum) about someone who takes their PC to BestBuy around three to four times a year for Malware cleanup and shells out $200 to $300 each time. I remember that the person was advised many times on Malware prevention and Imaging, but the person would not listen.
     
  17. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Ughh.. what a waste. I wish I could pull in those prices.. Personally, I'm surprised people pay it at all..
     
  18. solphusion

    solphusion Registered Member

    Joined:
    May 6, 2011
    Posts:
    23
    Exactly. I have heard about imaging years before, but still I never did it myself. When I was younger I did not have the money to buy more external space for my data to backup/image my stuff.

    The second problem is that you have to really learn it. I consider it being not much more complicated than figuring out how to create good copies of music (MP3s from CDs) - but it still takes time. It's on my list of things I should try, like using a virtual machine, installing Linux as second OS and using Sandboxie. I'm finally backing up my stuff at the moment using Mozy (and a external hdd).

    I'm using Google Chrome as browser that has internal sandboxing btw.
     
  19. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Not if you're hard drive is big enough to be split into another partition where you can keep your images. Not as secure, but it works.

    Same can be said for running all these scanners, except they'll take far more time combined.
     
  20. solphusion

    solphusion Registered Member

    Joined:
    May 6, 2011
    Posts:
    23
    That is exactly why so many new startups fail, because they massively overestimate the willingness of people (potential users) to learn how to use new things - to get to the resulting benefit. Investors are more and more aware of the problem that average people don't want to change their behavior.

    Security products have to fulfill the "it just works" goal to get mass adoption. Otherwise it will stay in a small niche.
     
    Last edited: May 8, 2011
  21. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Well, thats true.. but that might not be the safest place to keep an image. A piece of malware could potentially wipe it... but its unlikely... It would indeed be a good alternative if you simply don't have external storage space though..

    Of course, such a solution would only provide protection against malware... a lot of people also do it in the case of drive failure..
     
  22. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Its true, and sort of sad in a way... There are a lot of great products out there that get no attention. Sandboxing tools, light virtualization tools, etc... and its all because they are perceived as too complicated. Even when they happen to be very easy to use, like Sandboxie IMO, the complicated nature of the concept is enough to deter people not to use it. If they understood how it protects them, and how its better than the AV that failed them 50 times already, they might be inclined to attempt to use it..

    Unfortunately, people are woefully ignorant of both the threats AND why certain tools are necessary to prevent them.

    Personally, I have a hard enough time convincing people to use Chrome let alone any of the other stuff.
     
  23. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia
    Exactly,what they think are if their computer infected by malware,they just know to reformat,reformat and reformat.That's all.Besides,they also don't know that reformat will cause their processor works slower and slower although they feel fast performance after the reformat.Sorry to my bad English.
     
  24. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    You are right to a tiny degree, if you meant hard drive, not processor.
     
  25. solphusion

    solphusion Registered Member

    Joined:
    May 6, 2011
    Posts:
    23
    Loosing performance is true for SSDs (solid state disks).
     
Loading...
Thread Status:
Not open for further replies.