Malware Removal Guide for Windows [Feedback]

Discussion in 'other security issues & news' started by Brian_12, Jul 19, 2011.

Thread Status:
Not open for further replies.
  1. Brian_12

    Brian_12 Guest

    Hi everyone,

    I would really like to get some feedback from you. What is your opinion on the guide? What do you like about it? If you don't like it, what is it that you don't like? How could it be improved? I want to make the guide as user friendly as possible. Please give me your feedback, ideas, and suggestions. Thanks.

    Malware Removal Guide for Windows

    By the way, I'm considering publishing the guide, but I need to get your feedback first. Also, I'm going to be moving my site to Office 365; however, it won't happen anytime soon. I'll keep you updated.
     
    Last edited by a moderator: Sep 6, 2011
  2. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    The guide is pretty good IMO... but I would think that leading off with the rescue CD's would be someone's best bet. Nowadays, the odds of cleaning something while running in windows (even in safe mode) is pretty low. TDSS is a very common infection, and typically outpaces the updates of TDSSKiller and Hitmanpro.

    I think its much safer to clean offline, then load up mbam and the other tools and see if it missed anything...

    ..but, I do understand that for many people simply loading a boot cd is a little difficult (I teach a class, and 20 minutes is taken up because people can't grasp the concept of this)...
     
  3. Brian_12

    Brian_12 Guest

    Hi hpmnick,

    That is partly true, but you shouldn't underestimate the removal capabilities of on-demand scanners, such as MBAM and SAS. Ofcourse, this all depends entirely on the type and severity of the infection.

    I do, however, completely agree with you that rescue CDs are becoming more important as malware becomes more sophisticated.

    Thank you for your comments.
     
  4. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
  5. Brian_12

    Brian_12 Guest

    I have added several things to the guide. Please give me some feedback.

    - Revised proxy setting instructions (Preparation for the Removal Process)
    - Added MiniToolBox
    - Added instructions on how to create a system restore point (After the Removal Process)
    - Added instructions on how to reset Hosts file (Fix Post-Disinfection Problems)
    - Added GooredFix
    - Added new images

    Spoony, I'll take a look at it, however, if you want feedback on your guide, please start your own thread.
     
  6. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Hi, another thing I might suggest is to recommend TFC.exe before any scanning. Due to the fact this might not have been done (EVER), it might speed up scanning from hours to 10-20 minutes.. Otherwise scanners will scan the GB's worth of data in the temp folder (lots of small little files, very slow)..
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Why that instead of CCleaner? I do agree that a file cleaner should be utilized beforehand.
     
  8. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,290
    Location:
    England
    What happens then if you run a temp file cleaner before hand and the user has one of the The Window Recovery family of rogue security applications which can hide the start up and desktop folder in a backup in a temp folder? If they are cleaned the user will be unable to start their machine.
     
  9. Brian_12

    Brian_12 Guest

    Hi JL,

    Simply because TFC doesn't offer to clean the registry, whereas, Cleaner does offer it. I personally prefer CCleaner. You can read about TFC here http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

    Also, Stapp is correct. Look at quietman7's post here: http://www.bleepingcomputer.com/forums/topic397900.html/page__view__findpost__p__2263164
     
  10. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Well its pretty much common knowledge that before you potentially make your system unusable, to back up your stuff. There are a number of things that could happen if you unsuccessfully try and clean malware... one of them includes a vengeful response from the malware..

    As for malware making things like the start menu and desktop unaccessible, they are just shortcuts... and you will never be able to account for every quirk in every piece of malware..
     
  11. Brian_12

    Brian_12 Guest

  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Will update links in list.
     
  13. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    When I looked at the instructions (including the Tutorial link) for using Hitman Pro, I saw no mention of the 'Force Breach' (or whatever it is called) method. It is my understanding that if you hold down the Crtl key while executing the Hitman Pro exe, Hitman Pro will block Malware attempts to terminate the execution of Hitman Pro. I have never done this, but I read about this method somewhere in this forum.
     
  14. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Very Informative site!
    Kudos! :thumb:
     
  15. Brian_12

    Brian_12 Guest

    Thanks for updating the list JL. I appreciate it!

    Thanks for the information. I'll add it soon. :)

    By the way, I have added share buttons to the website. Please use them. :D
     
  16. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I found a Thread with details about Hitman Pro's "Force Breach" feature:

    https://www.wilderssecurity.com/showthread.php?t=265202
     
  17. Brian_12

    Brian_12 Guest

    Update:

    - Revised introduction
    - Added FixTDSS from Symantec (Step 1)
    - Added instructions on Hitman Pro's Force Breach mode
    - Revised System Restore instructions (After the Removal Process)
    - Revised Repair System Settings (Fix Post-Disinfection Problems)
    - Added new links

    http://www.selectrealsecurity.com/malware-removal-guide

    Thanks for the link Kid7!
     
  18. Brian_12

    Brian_12 Guest

    Update:

    - Changed Malwarebytes download link
    - Replaced TFC with CCleaner (Clean up Temp Files)
    - Added TnT forums (Get Expert Analysis)
    - Added VIPRE Rescue (Additional Malware Detection / Removal Tools)
     
  19. axial

    axial Registered Member

    Joined:
    Jun 27, 2007
    Posts:
    477
    geohac, on your tutorial you have:

    Download and run TDSSKiller​

    followed by 3 links. The last link, titled "Homepage", links to [presumably] a Kaspersky page, but the download link for TDSSkiller on that page does not download a functional zip file, the download is only 3KB, not the expected 1.3 mb and it does not open at all. Multiple download attempts were incorrect.

    By contrast, the following page with the download link does download the file correctly:
    http://support.kaspersky.com/faq/?qid=208280684

    I'm not savvy enough to determine what's wrong with the "Homepage" URL, or whether the page is genuine, or why the download is incorrect, or whether it's just something wrong on my side (seems unlikely since it downloaded correctly from the above page), but perhaps you could re-check the link on your tutorial page.

    Thank you for your efforts on the tutorial, it's a great resource.
     
  20. Brian_12

    Brian_12 Guest

    Hi axial,

    The download link on the homepage is working correctly for me. Is anyone else experiencing this issue?
     
  21. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    976
    Location:
    Paris
    I was playing the other day with a trojan downloader that I let through my security setup. It proceeded to change all the Internet settings so any browsers, email apps, etc couldn't be used (while the malware transmitted to its nasty heart's content).

    Minitoolbox was the tool to use at that point. Just by clicking on the top few non-report generating boxes and clicking "Go" reset everything to a state prior to the malware infection. No need to play around with Network settings or registry manipulations. Although seldom used, Minitoolbox is a very valuable tool.
     
  22. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
  23. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Where's the website? I'm not sure what software you're talking about.
     
  24. Brian_12

    Brian_12 Guest

    I couldn't agree with you more. ;)


    Thanks, I'll check it out.


    Hi JL,

    He is referring to the tool used in the Preparation section of my guide.
     
  25. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
Loading...
Thread Status:
Not open for further replies.