Malware Toolbox

Discussion in 'other anti-malware software' started by TheKid7, Jul 15, 2008.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    On rare occasions someone will ask me to check out their PC because it is running slow, etc. If you were to clean malware from an infected PC what would be your choice of tools and what would be the recommended order of tool use?

    Currently I plan to use (Not necessarily in this order): MBAM, SuperAntiSpyware Free, AVIRA System Rescue CD, CureIt, TMHouseCall (Online), NOD32 (Online), a2free.

    Thank you.
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i will say spybot search and destroy,adaware,avira antivirus and some others i dont remenber at the moment.
    note:spybot SD is always undergraded but it help me clean computers very good,it has some sharp teeth:D
     
  3. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello TheKid7,
    quite a nice range of tools.
    you can replace trend micro house call with sysclean link
    never been a fan of online scanners mainly since they dont always remove themselfs and mostly use activeX.
    i would add f-secure rescue cd to the setup. link
    the drweb rescue cd will be out of beta soon. the main advantage of the drweb rescue cd is the bultin updator.
     
    Last edited: Jul 15, 2008
  4. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    I use AVZ. www.z-oleg.com
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Ilya is an expert. Ergo, I recommend you go with his suggestion.

    I have heard VERY good things about AVZ here at Wilders.

    If you want to do a Wilders search -- you can't search for words of less than 4 characters. Therefore, do a Google search with the following entry...

    "avz site:www.wilderssecurity.com" -- w/o the quotations.
     
  6. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Only because it is a somewhat unknown\overlooked search feature of our forums do I offer the below.

    In our FAQ there is Searching the forum easier that then has this thread.

    AVZ search results utilizing the Google search box.
     
  8. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Thekid7 here's a good antimalware toolbox (have a look and learn these tools they are quite easy to use and understand with use and they are all free)... Autoruns, ProcessExplorer and Process Monitor, TCPView and RootkitRevealer from Sysinternals. Then eventually substitute Rootkit Revealer with Rootkit Unhooker/IceSword or RootRepeal.

    AVZ is very good all-in-one:thumb:
     
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  10. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Another vote for AVZ along with SAS, MBAM, Cureit, Runscanner...

    If you come across any flash autorun.inf infections then Flash Disinfector may be able to help.
     
  11. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Perhaps run sfc /scannow, which is already present in Windows.
     
  12. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  13. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
  14. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Avira RescueCD
    MBAM
    HiJackThis
    RogueRemoval Kit
    RRT
    xpsecconsole
    CureIt
    AVZ
    AVP Tool
    SAS
    Autoruns
    Process Explorer
    RKU
     
  15. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Likewise, indeed a very in-depth searcher and remover but i found for the very most extreme cases ERD COMMANDER cd invaluable! Working along somewhat similar lines as BART PE & Win PE, you can approach a heavily infested disk indirectly with this CD, in effect loading that system inside ERD totally immobilized, and yank out the toughest static-cling placed on it as well as remove deeply embedded registry issues and such.

    I always tote that CD with me along with excellent apps mentioned just in case the system can't boot and such.

    I seen in dual partition systems where malware has even deleted one of the partitions, so in a case of that nature, and provided the partition hasn't been written over too badly, PARTED MAGIC cd with TESTDISK usually can find and restore it again by writing it back.

    EASTER
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Does it has same signatures as KAV itself?
     
  17. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Hi

    I think it has the KAV v7 database.
     
  18. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    i wasa thinking about creating a bartpe cd for cleaning infected computers for other people. but havent had any success with my oem windows xp cd.
    ive also tryed creating a vistape cd using winbuilder but cant seem to add more than the basic without errors.
    btw i would surgest running superantispyware free first. that is normally enough for the computers i have dealt with.
     
  19. Shankle

    Shankle Registered Member

    Joined:
    May 2, 2006
    Posts:
    510
    I look at all these answers and find no consistancy. This would drive a Puter novice crazy. I use none of the programs listed and I NEVER have problems with my Puter.
    I guess it comes down to what you start with and what you are familiar with. Then there is cost and ratings. I would think that a combined package like ESS would give more value and less Puter hastle than buying a multitude of separate security packages.
    Just my humble opinion.
     
  20. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    I think most of us are writing what we use to CLEAN infected computers, not to protect our own.
    On my own PC I don't even use scanners anymore.
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    HURTS is correct there cause prevention is always better than the cure and if we are very preventive we sholdnt be talking about what we use to or for cleaning up our pcs.thas my 5 bucks;)
    note:for developers and adventurers testers that take the risk of testing thats another story:D .

    and also i dont use scaners too.
     
  22. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    If you want to be 100% sure you need non blacklist tools .

    I still do some home user IT from time to time and have my malware tools down to these :

    RKU
    GMER
    IceSword
    Autoruns
    RunScanner
    ProcessExplorer
    HJT
    sigverif (part of windows)
    VistaPE

    There is nothing wrong with using a blacklist scanner type tool to scrape a chunk off the top but after you need to dig deeper .
     
  23. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    RRT = ?
     
  24. Pseudo

    Pseudo Registered Member

    Joined:
    May 4, 2008
    Posts:
    193
    Remove Restrictions Tool?
     
  25. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    :thumb:
     
Loading...
Thread Status:
Not open for further replies.