How-To Geek
Ask The Readers: What Are Your Best Malware Fighting Tricks?
Malware has become increasingly sophisticated and widespread; it’s more important than ever to have a robust toolkit for dealing with it. This week we want to hear about your favorite tips and tricks for dealing with malware infestations.
Photo background by clix.
Dealing with malware infestations usually takes more than simply running an anti-virus scanner. This week we want to hear your best tips, tricks, and unique tools for dealing with malware on your computer or, more likely, the computers of unwitting friends and relatives.
Here’s a few tips we’ve shared in the past to highlight what we’re talking about when we ask for tips (as opposed to simple recommendations for a certain AV application):
- Here’s a Super Simple Trick to Defeating Fake Anti-Virus Malware
- How To Remove Internet Security 2010 and other Rogue/Fake Antivirus Malware
- How To Remove Antivirus Live and Other Rogue/Fake Antivirus Malware
- How To Remove Security Tool and other Rogue/Fake Antivirus Malware
So let’s hear it! Sound off in the comments with your tips, your tricks, and your stories of malware extraction and decimation.
|
Subscribe |
Daily Email Updates |
|
You can get our how-to articles in your inbox each day for free. Just enter your email below: |
- By Jason Fitzpatrick on 03/2/11
Comments (108)
-
UrichhaiMS Security on all of my systems seems to be doing a great job, used to use antivir but free is better.
-
FHS Admin
I use Super-Anti Spyware Pro for virus protection at home, and at the school I’ve implemented the use of avast! Internet Security 6.
-
Reverend D
One tool that has saved me several times from my own mistakes is Startup Monitor (google it, look for Mike Lin’s Home Page). Anything that wants to run at startup usually has to add itself to the startup location (msconfig or startup folder). This tool monitors it and lets you know if something attempts to change it and lets you allow/deny the change. If this pops up, then I know its time to pay attention.
The tool itself is only 60K and uses less than that for resources. So far it works on all versions of 32bit windows from my experience. Have not tried it on 64bit.
~Rev
-
Samon53
In Linux nothing needed. For Windows I use AVG as it recently came out best in a which report. Portable is the way to go for clearing machines and I hate Norton because its such a nanny!
-
raikkonen
Vista/Win7 + Windows Update + brain = No malware
-
raikkonen
Antivirus Software – worst malware ever
-
logan
use mcafee siteadvisor and secureity center. good for me.
-
Chris
Im a fan of SuperAntiSpyware. I found ut to bemoreeffective than Malwarebytes; although the interface is abit primitive.
-
Don Mitchell
i have been using threatfire,,Ad-aware,and AVG for years with spybot for my kicker,so far no problems
-
doejep
Scan w/OTL by OldTimer–R Kill + TDSS Killer + Malwarebytes + SuperantiSpyware. Then I drop “The Hammer”—ComboFix by sUbs. Subsequent scan with OTL & custom script w/ ComboFix…..
Malware buh-bye.
-
Locochat25
well I’m using Microsoft security essensial, since i installed has running perfect, but i dont know which one is perfect for infected machines, so i hope can find the good one
-
doejep
@Ameen—Norton internet security
BWAAAHAHAHAA!!! YOU FUNNEEE!!!
Norton is as useful as a screen door on a submerged submarine.
-
Albert
Only for Windows Users:
1.Disable Administratives shares.
2.Turn Off File Sharing on Windows
3.Running as Limited User.
4. Rename, disable default accounts and to apply strong password.
5.Combining a Non-Administrator (limited) account with Software Restriction Policy.
6. Sanbox browser and P2P applications.
7.To save personal files in a separate partition.
8.to Use virtual machines
9.Turn off risky services
10. Use linux CD live for make bank transatcions.
11.Scan your PC with Bootable AntiVirus Rescue -
Jaxon
Safe Mode with Networking and malwarebytes. If it’s a tough cookie then ComboFix. Maybe throw in a little hijack this!
-
littlebearz
run operating system in virtual environment, after you’re done, delete it and start new session lmao
-
schil69
I got that Aluereon.A trojan a couple of weeks ago and all the computer
shops in my town were quoting about £65 – £85 to fix / re-install.
Luckily my browser kind of worked just enough to d’load Kaspersky TDSS killer.
To my surprise it cured my computer completely. In less than an hour. For free.
Without Kaspersky I would have been nailed. My vote goes to them.
-
Chuck
Microsoft Security Essentials, CCleaner and common sense. For those of you using OS X and Linux, don’t kid yourself. OS X is safe for now because it’s not as popular as Windows. But if you actually pay attention to tech news you would know of a recent virus that attacked both Windows and OS X. Just keep promoting your OS X so that the market share gets bigger and hackers get curious. OS X and Linux are not invulnerable, they just aren’t out there much yet. As for Linux, few people use it and is not something most people want so you can keep it.
-
stan
virtualtotal
+sandboxie or vmware -
stan
sorry,
virustotal
+ sandboxie or vmware -
Outspoken
Quote @raikkonen “Vista/Win7 + Windows Update + brain = No malware”
+1Although I use AVG Free + Comodo Firewall for outbound
Actually my DSL Modem has built in NAT based firewall that does an Excellent job, I was thinking of ditching Comodo.AVG is required because i get USB drives from infected computers. Maybe I should switch to an on-demand antivirus scanner.
-
Apple Fan Boy
Virus? What’s that?
-
Dwight Stegall
Microsoft Security Essentials is what I use..
But next computer buy will be iMack. I’m sick of spending more time keeping Windows running and keeping the Virues/Spyware/Adware of of my computer than I do using it.
-
mikia
LINUX
-
DF
On Linux:
Basic firewalls (router and software), https protection, common sense 1999.
On Windows:
MSE, Router Firewall and MAC filtering, https, common sense 2012.
…..Yeah, I’m not paying for a second license of common sense 2012 on linux.
-
miles
for prevention i dont watch porn n i have ESET NOD32 on my laptop and avast on my pc .. and weekly scheduled scans by both ESET/avast and Malware bytes..
removal (safe mode) clamwin portable and malware bytes.. if the infection is too serious just boot to bitdefender and that seems to do the job… -
Sebastian
As realtime security I use Comodo Internet Security (free!). On my x86 laptop I also have Threatfire installed. On my x64 desktop I use Malwarebytes Pro (no x64 for Threatfire available). This these combinations do the trick for me. Bare in mind that Comodo runs unfamiliar exe’s in a sandbox until you say it’s safe.
Once a week I run an on demand scan with SuperAntiSpyware and on top of that weekly scans with the realtime scanners in on demand mode.
To top that I do a monthly scan with Spybot portable.
Further, each couple of days I run Ccleaner to keep the temp files empty (you won’t believe the cr@p that hides here) and delete the (flash) cookies. And with Autoruns from Sysinternals I check for UFO’s in amongst other my startup items. I’m surprised no-one mentioned Autoruns yet.
Sounds like a lot of work but it’s done in a click. Works like a charm!
Should I get infected after al then I use Rkill before scanning with the earlier mentioned scanners + TDSS killer. Should that not be enough then I use the Kaspersky AV bootdisk.
Worst case scenario I take out the HDD, attach it to another pc using a SATA to USB adapter and scan the hell out of it again.Last but not least. If you feel you’re infected then check the System32 and look for strange files from a recent date, so sort by date. Most files should be from the install date (not all). Just Google files from a (too) recent date. Don’t go deleting!!!
My 2 cents ;)
-
KV
avast 6 + Malwarebyte PRO as both main and secondary protections.
Google Chrome for fast and sandbox browser. + Adblock, Disconnect / FIrefox + NoScript + Adblock Plus
CCleaner- clear all cookies and cache + fix registry
Some intelligence using the web.
That’s all you ever need for a home computer
Cheers..
-
kikkeliskokkelis
Normal user account + EMET (+ if you have W7 Ultimate, AppLocker) is good foundation. On top of that you can build your security softwares.
-
SpiderDan
I use ESET Smart Security for protection.
It is lightweight and has a simple yet intuatitve GUI with standard and advanced views.
It offers realtime protection, HTTP filtering, firewall and email spam protection, and only notifies you when absolutely necessary. Definantly the least annoying internet security suite I have seen by far.
It has picked up every piece of malware I’ve stumbled upon (almost all from other peoples USB drives!!)If I am to clean an Infected machine I will generally start with Malwarebytes Anti-Malware and step it up from there to other tools such as ComboFix.
-
I2
Windows firewall.
Updating the OS and apps, especially the ones using net connection.
Common sense. -
Hozefa
Totally depending on –
1. MSE
2. Spybot
3. CCleancer
4. Conscious browsingNothing beats it
;) -
Hozefa
Relying on
1. MSE
2. CCleaner
3. Spybot
4. Conscious browsingNothing beats it!
-
meatloaf
malwarebyte antimalware as scanner, microsoft security essentials as realtime scanner
further im more online on my linux distro lol
-
Nirab Sarma
Combination of “Sandboxie” and “Shadow Defender” ……….Not a single problem of Virus…..for many Years ……
-
zs474
hover with cursor over all links to check at the bottem of the browser
-
Me
Firefox Addons:
- Adblock Plus (for the rogue ads)
- Web of Trust (forcibly block me from accessing known malicious sites without express permission)
- VTZilla (virus scan files against multiple AV before download)Also recommended:
- Common sense
- Brain -
Antrikshy
I never get malware in the first place (I use Norton 360, will switch to MSE in 22 days). If it is serious, I’ll use an Ubuntu live CD.
-
okwhen
Sandboxie, any additional protection is to protect you from yourself and what you allow too pass through Sandboxie.
-
mocca
MSE and SuperAntispyware for real time protection plus TDSSkiller for those nasty viruses.
-
KB Prez
Norton Internet Security for real-time protection and Malwarebytes and SuperAntispyware on demand.
-
lonewolf74
Some good recommendations above. Personal favorites include MalwareBytes Anti-Malware, and Avast / MSE.
One tip that I have found also helps: when not using the computer… turn it off. Hard to get infected when the machine isn’t powered up!
-
asdf-chan
Don’t need tricks, never get stuff like that
-
ga4a
Enabled UAC, that’s all I need. Not antivirus, not another firewall or spyware removal tool and anything like that…
First thing you have to understand is that SexyLolitas.exe file is probably a virus and you should not install anything like that!
Second… if your browser has a fraud protection- please keep it enabled, maybe even get some WOT (web of trust) addon for your browser.
My system’s been running 3 years now with only one reinstall (because I corrupted my Explorer.exe by customizing my windows with app suggested by you btw lol. Not blaming you, it was unstable.) -
Jodi
Right now I am just using Kaspersky.
Would MS Essentials or Malawarebytes be compatible? -
cpx
I just use brain. It’s free and also the best solution.
-
Steve
While I agree that even Unix-based systems are becoming more susceptible to malware and viruses, at this point, it is still more secure than Windows-based operating systems. But, since Ubuntu is becoming more popular, I believe this will change in the near future. I prefer Ubuntu over Windows and have found that I have far less problems with malware and viruses over your typical Windows operating system.
-
Bill
A full backup on the network is nice when you can no longer trust whats on the HD.
-
Sebastian
Hey, where did my elaborate reply go :(
-
Brandon
Monthly Scans with
Spybot Search and Destroy
MalwarebytesAnd use MS Security Essentials for AV
-
GeezerAl
I use Norton Internet Security 2011.
I use Norton DNS server to prevent getting to sites that are known to be infectious.
198.153.192.1 DNS
198.153.194.1 Alternate DNS
I use WOT
I do occasionally go to Porn sites and I have not had a virus in 5 years. -
Matt
At home I use Ubuntu Linux. At work I have a Barracuda Web Filter if anything gets past that on to one of our computers I use Malwarebytes, Spybot Search and Destroy, and MS Security Essentials. All in safe mode. We also have Symantec Endpoint Protection on all of our computers as well.
-
Bob
Commodore 64. Like a rock!
-
quimera2325
Bitdefender + sandboxie + superantimalware + microsoft security essentials done.
-
quimera2325
Bitdefender + sandboxie + superantimalware + microsoft security essentials and its all for free.
-
Abiud
My system has the following “security” software and so far it has been GREAT:
Win7 Professional OS with Firewall turned on, Automatic Updates where I choose Non-Critical update installation. Critical updates install immediately.
Active on PC:
AVG Free Antivirus latest version updated daily,
Microsoft Security Essentials updated daily,
Spybot S&D updated daily,
SpywareBlaster updated daily,Non Active but I run at least once a week:
SuperAntiSpyware updated daily,
MalwareBytes updated daily,I use Google Chrome with AdBlocker as my primary browser.
A lot of common sense in my browsing.Besides my system above, I have 2 laptops and 2 desktops all running the same software (detailed above) with different OS system Win XP and Vista. The Firewall is always active and all the above software installed and running. These are my children and wife pc’s/laptops so I included also a Host File. SEE LINK BELOW:
http://allthingsmarked.com/2006/08/28/howto-block-websites-using-the-hosts-file/In the past 3 years on my PC, I have not had any issues with performance or corruption.
On my children PC we have had a few infections before I installed the Host file (mentioned above). When that has occurred I have used SuperAntiSpyware and MalwareBytes to remove the “infections”. They have worked wonderfully.
I have one laptop running Ubantu. I have had great difficulty finding security software. Does anyone know where I can find Free and Non-Free firewall, antivirus software for Ubantu?
Thank you…
-
Mathyabus
Avast and as some have posted common sense. Sadly just posted a review of the new Avast 6 on downloaddotcom, and had it downrated due to an individual not believing that a users browsing/downloading habits can be the biggest threat to their system.
-
Dave
Autoruns + Process Explorer
-
ganjiry
i hav avast 6 free, with malwarebytes runnin in bkground. ccleaner,advance systemcare pro. neva have a problem
-
rMatey180
Ubuntu.
-
Austin Hanson
1. Wait for virus, malware, etc.
2. Autoruns – http://technet.microsoft.com/en-us/sysinternals/bb963902
3. ???
4. ProfitNote: Run in safemode, if malicious software is still running then use UBCD4Win and kill registry entries.
This has never failed me, doesn’t require additional software hogging resources and is completely free.
-
will
Windows7 and common sense
-
Rob50
Those who say that they use only their brain instead of having some type of Antivirus/malware protection must have infected systems already. It is not wise to run your system with out some type of protection. You are playing Russian Routelette with your data if you run your system without having some type of security protection. Not all spyware or viruses mess up your system, some send information such as keyloggers to capture information such as passwords or even banking information. So you could be infected and you don’t even know it unless you run a scan. McAffee and Norton are too much of resource hogs as are some of the Internet security packages offered by many ISP. It used to be that you can infect your system just by visiting porn sites but this is not true in our day and age, you can easily be infected by visiting your favorite website. Read the news this has happened alot. You don’t have to click on a exe file from a website, you can get infected just by visiting an infected site (called drive-by infection)
I like and use MS Security Essentials to protect my systems in the background. I often install it on my customer’s systems, it protects the systems well and it does not use much system resources to run in the background.For systems that are already infected, I use Rkill, then run superantispyware, and malwarebytes, and then finally do a full scan with MS security Essentials.
-
ER SQUARED
I THINK WE ALL ARE A LITTLE CRAZY WHEN WE TALK ABOUT THAT ?!!!–!?? THING THAT MESSES UP MY FINE TUNED MACHINE.
BUT I RUN A DUAL BOOT SYSTEM ONE FOR INTERNET FUN THE OTHER TO FIX IT OR REPLACE IT WITH A IMG FILE HAS NOT FAILED ME YET AND IS FASTER THEN ANY THING ELSE WHEN THAT ?!!!–!?? THING COMES AROUND.YOU AIN’T GOING TO STOP IT BEFORE IT BITS YOU IN THE A!!!
-
LastLifeLost
Combo kit here:
Malwarebytes – run every so often
MSE – set to scan every day
CCleaner – set to run every day
Avast Antivirus – set to run every dayTo help keep from getting infected, I use Web of Trust and avoid any negatively rated sites.
Free and Clear and livin’ proud!
-
xana452
I use Kaspersky IS 2011 and MBAM. If I can’t hit it with that, then i resort to norton powercleaner. But, luckily, I’ve never had one that bad.
-
ThrDude
I use AVG, i used to use KAV 2011 but it always took up more than 50% of my Cpu. AVG is really good at cleaning out anything. if i can’t get it, i will make a C++ or C# program that can destroy the suspicious files that annoy me sometimes :-)
-
harold
I use Kapersky internet 2011,Malwarebyes” AntiMalware,SuperAntiVirus,CCleaner.I also have some others that I have never had to use as back up.These seem to do the job.In the past I,ve used many,many others that didn’t work good enought.
-
Cronozz
1) MSE.
2) Freecommander-open pendrive and delete virus manually in case no 1 failed.
3) WOT on browser.
4) Ccleaner.
5) Superantispyware portable. -
Chamberly
Hmm, mine is different. ^.^
Here is how: I have a computer set up and not allowed to go on the internet. Pretty neat? That is where all of the main stuff went. On the other hand, I have a computer that is set up to be on the internet. The computer with internet have plenty of things; Avast (I sometime disable it, running XAMMP for college, if the How-To-Geek could do an article for XAMMP I’d appreciate that (or I may have not found it yet), I have WOT (its a web advisor), Malwarebtye Anti-malware, the operating come with Window Defender, and that is just all.
Having a computer (no internet-accessed) is pretty neat because you can put some of the work on there (do anything you want, save some homework, do some programming, make something, etc.) It is not on the network either. Only thing I do to transfer things is by flash drive or the external hard drive. Obviously, I scan the file right away once I downloaded it before I transfer it. I also have another computer that is set up on the internet, but it is set up strictly (Zone alarm, etc.) because the important part for such things as online banking/shopping or so. That is the 3rd computer.
Ok enough talking for me now. ;)))
-
cseiter
Computer Associates Integrated Threat Management Suite, but I’m testing DeepFreeze now. Any suggestions on DF settings since it wasn’t mentioned much at all?
-
Sebastian
On both my laptop and desktop I have Comodo Internet Security installed. It’s free and it’s good. It even has a sandbox feature. On my (x86) laptop I also run Threatfire and on my desktop (x64) I run Malwarebytes Pro. Both machines also have Spywareblaster installed. So far the realtime protection.
Once a week I run a full on demand scan with the earlier mentioned Comodo and Malwarebytes. Once every two weeks I run an on demand scan with SuperAntiSpyware.
If the sh!t still hits the fan (so if I get infected after all) then I run Rkill followed by Malwarebytes (full scan) and SuperAntiSpyware (full scan). Then I use Autoruns to see if there are any ufo’s in startup or elsewhere. I also manually check the System32 folder to see if there are any strange files. Usually I sort the contents of that folder by date. Then I’ll check the files/folders from recent dates. (Never go deleting from this folder if you’re not sure what you’re doing!!!).
Further, in case of a bad infection I run TDSSkiller and run the Kaspersky Rescue (boot)disk.
Worst case scenario: I take out the hdd and connect it to another pc using a SATA/IDE to USB connector and run a scan from here.My 2 cents.
Sebastian.
-
shibsb
I dont use any antivirus protection for the past 2 years now .. either i remove them manually or malwarebytes, superantispyware resolves the issue …. or if u want to go for any antivirus you can go for norton internet security but makesure u dont have any other antivirus installed to get better protection and hazzard free service from norton ..
-
mrphil
OSX
-
CPW
Installed software on Windows 7 64-bit:
MS Security Essentials
Threatfire
Malwarebytes
CCleaner
Virtualbox w/FedoraFor secure web browsing, I use Firefox for Fedora Linux from within Virtualbox, thereby sandboxing my web browsing. This is also where I will download files I would prefer to scan first from within a protected environment.
MSE scans my computer daily, and once every 2 weeks I will update and run Malwarebytes. I use CCleaner anytime I uninstall/remove software or to periodically check the registry/startup.
Lastly, I use a non-administrator for all activities on the computer, with completely random-generated passwords that are not used anywhere else.
-
harold
Great to see the options out there.RKill is now part of my security.Reverend D mentioned start up monitor
I,ve had that for a long time to keep my start up short.Everybody should use this app.My favorite app. -
Bob
I use Zone Alarm Extreme Security, never have a problem and no capture of email or any other data without my permission.
-
trm96
I use MSE, Malwarebytes, and a lot of common sense.
-
wrb
I have never seen a clients XP machine that had AVG on it and NOT be infected with some crazy stuff. I swear I think that company plays for both sides .. When you think about it , virus protection companies could easily be amazing doors for crime groups to use. Each free virus prog has a pool of ip’s that phone home everyday much like your standard botnet… Sorry not trying to step on any toes but have seen to many XP/AVG issues and the prog keeps receiving above average ratings. Someone really has AVG’s number or its a really clever scam that;s picking up in the last year or so.
AVG+XP OEM that’s starting to give the owner problems (no install Disk) = Suggest New Computer from the Microsoft Store.
-
silat
Browse with Sandboxie for a malware free surfing experience.
-
sonny johnson
Using task manager,identify the process, right click ,go to file location and delete the file. This will remove many viruses and malware that common tools will either not find or remove. 11 years experiance is behind this fix. Like it or not I don’t care it works
-
tommyt
I tell you like this I like some suggestions you guys gave but my rule of thumb is that i use only
Microsoft security cause of the os i run which is windows xp service pack3 so all my
security comes straight from microsoft cause using other free download security or malware or
spyware i learn that most comes with viruses and some time when you go in to a wrong web site
you will run in to a virus removal that contains viruses and malware so altogether i keep it
simple. but also there is a virus removal i have use that i find it to be very good it’s call emisoft security
suite it’s the best besides norton i’ve seen nothing else like i have it on my flashdrive if youlike
you can go to (http://www.emsisoft.com/en/support/contact/) i tell you there is no other i will use
out side microsoft. -
Drecked
I have two comps If one has a problem which is seldom I format & reinstall It always seems to
do it the world to good ! And I can use the other one while I’m doing the reinstall ! because with a
lot of those programs for malwere etc seem to leave something behind this way you know that you
killed those suckers ! there are four different ways you can have go at removing them manually
also, but I like to nuke them ! -
RoseTyler
OpenDNS, custom host file, and MSE. When I feel like being a perv.. there’s VirtualBox. /wink
-
B33tleborg
- Malewarebytes
- Spybot S&D
- CCleaner
- HijackthisUltimate tool: Revo Uninstaller
The last one isn’t really a security tool. But if you want to make sure you uninstall a program even a non malicious one, Revo is the best
-
Sparky
speccy tells me what I have…
MSSE protects me for free…
ghostery keeps me from evil…
redirect remover keeps me from trouble
carbonite promises to indemnify me to square one when I get jacked
and I just found startup monitor -
Qlice
Well, I make malwares.
-
Andrew
Webroot AV+spy sweeper (it’s stopped other malware so far, failed on fake AV though)
Malwarebytes and superantispyware on hand for backup
Linux cd (normal user vs Superuser. Who wins?)
Linux usb drive (hey, redundancy here pays off)
Win7 Installation disc (More redundancy)
SSH. (aka remotely access computer via other mobile device. See linux/android)
Backup disc image.
Overkill, sure, but it can’t hurt to be too cautious on the internet.
There’s no kill like overkill.
Comments are closed on this post.
If you'd like to continue the discussion on this topic, you can do so at our forum.
Go to the Forum
OS X.
Nuff said.
A combination of rkill.com (the exe) to kill any running malicious processes. Up to date full scan with Malwarebytes Anti-Malware followed by a full scan with Spybot S&D. Usually cleans things up. Then a full scan after with antivirus obviously. Always good to do this in safe mode too to get a thorough search completed.
Rkill is useful if the malware won’t let you run your anti virus or removal software.
Sandboxie.
Microsoft Security Essecials. Haven’t had malware problem since I installed it.
Sandboxie FTW!!! Why Mircosoft doesn’t buy Tzuk’s tech,I’ll never know.
You guys at need to do an article on Sandboxie,if you haven’t already.
I use AVG and only go on sites I trust. Like HTG. I also do a google search on newly found websites.
Ubuntu linux.
Nuff said.
I use Malware Bytes and then Adaware Internet Security and then Avast, usually does the trick.
Sometimes if the system isn’t too infected you can do a System Restore and save yourself the time
MS’s EMET (Enhanced Mitigation Experience Toolkit)
The enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system. :)
Microsoft security essentials for round the clock protection, to clean out infested machines I use;
Malware bytes
House call
Super anti spyware
AVG rescue disc if it’s really bad?
BTW those who say I got a Mac and are immune from attacks, total rubbish, you been keeping score lately? Linux is also getting attacked!
@ Brian: Hahahahahahah! Oh wait, you’re serious, let me laugh even harder.
HAHAHAHHAHAHA!
Malwarebytes and stay off the PR0N.
ComboFix <— havent met a virus/trojan/malware that it cant destroy yet!! And you gotta love the 100% free price tag :D
+1 @ jon_hill987
I was dealing with a particularly difficult one for a friend last night. Tried MalwareBytes’, Safe Mode and cleaning all startup objects, and even ClamAV on Ubuntu. I finally got it by clicking and pressing keys until it froze and force-closed it. Then I used CCleaner to find the executable in the startup objects and deleted it by hand. Finally, I installed Microsoft Security Essentials to protect from attacks in the future. For the record, they had McAfee and they called them up before calling me. McAfee said they don’t cover scareware (which this was) they only cover viruses.
Combofix, as Irish_IT said. If Combofix can’t kill what plagues you, you might as well wipe the machine. =)
PS: Linux distros work great for prevention.
“Nuff said.”
For prevention, Adblocker Plus and Noscript, and Microsoft Windows Security Essentials.
For disinfection, connecting the infected drive to my own machine via USB and running multiple scans with Spybot S&D, Super Antispyware, Malwarebytes, and finally the aforementioned MSE.
Norton internet security, malwarebyte pro and web of trust.. sometimes hitman pro..
Used to be, careful browsing and email use was good enough. Have used Spybot S&D, which works magnificently, but all the permission boxes can be tedious, so i eventually went to Avast! Home Edition and MS Security Essentials, which worked great until just a few weeks ago when MSSE seemed to eat some 50+% of my CPU time – the two had finally started getting in each other’s way. Now i’ve fallen back to Avast! only, along with Web of Trust to cut down on accidentally clicking to bad placings, and an occasional scan using MBAM and/or MSSE to convince myself i’m clean.
For infected machines, i have a flash drive with every portable antivirus i can lay hands on. First, i make sure there’s nothing funky in the network proxy configuration in their browser. Next, check with MSCONFIG, to make sure no aliens are hiding for startup. Finally, I run the AVs on the target machine in safe mode one after the other – once infected, i’ve found there is no program that cleans everything up (except maybe ComboFix, which sometimes does damage, so i save that for the ones i’m about to format and reinstall on, as a last resort). I just run everything until i get at least four runs of any of the programs in a row with no infections. Then i run a couple more in normal mode.
With all the infection creating tool kits available to the criminals these days and the plethora of infections raining down, i’m considering going back to Spybot S&D as one of the most reliable ways to lock things down.
Windows steady state or Deep Freeze
@Freak and @Brian,
If you think that just by having Linux or OSX your not susceptible to malware your just kidding yourself. Although these operating systems don’t get infected as often as Windows, that just because the value to do so wasn’t as large as Windows. Malware is all about $$$ and with 90% + businesses using Windows they were targets, but now that Mac is making it’s way into the corporate environment that is going to change…Do your research and you will see that the threat landscape is changing for OSX.
As for Linux, true it’s inherently more secure, but these devices are used more as Typhoid Mary devices in that although they don’t get infected, they typically are used as hosts to launch malware.