SEARCH

How-To Geek

What You Said: Malware Fighting Tips and Tricks

Earlier this week we asked you to share your favorite malware fighting tricks. Now we’re back to highlight some of the tips and tricks you shared.

Our Ask the Readers series gives our awesome and technologically literate readers a chance to show off their know-how. Today we’re rounding up some of the tips and tricks from Wednesday’s Ask the Reader post What Are Your Best Malware Fighting Tricks and highlighting them here.

Sandbox Your Browsing and File Sharing Activity

imageMultiple readers used software sandboxing as a tool for isolating harmful malware. Most used free Windows application Sandboxie and some used virtual machine applications like VMware and VirtualBox. Sandboxing your internet connected applications, especially web browsers and file sharing applications, create an extra layer between your operating system and malicious code.

Avoid Browsing as a Root User

While this tip applies across operating systems it’s most critical for Windows users. Most people (if not 99% of them) use Windows every day as an Administrator/root user. If malware finds its way onto the machine it’s simple for it to take over since the account it’s active on has full access to the machine. Second only to sandboxing your applications in popularity was restricting the user account and browsing only on limited access accounts instead of as an administrator.

Killing Processes to Enable Scanners to Remove Them

Malware infestations can be particularly pesky and their processes are tenacious. The most popular applications among HTG readers for slaying malware processes so that other applications could eradicate them were Rkill and TDSSKiller.

Reader Hammy84 said:

Start with a combination of rkill.com (the exe) to kill any running malicious processes, then up to date full scan with Malwarebytes Anti-Malware, followed by a full scan with Spybot S&D. Always good to do this in safe mode too to get a thorough search completed.

Using safe mode is definitely a good tip whenever possible, as a lot of spyware doesn’t load in safe mode.

Good Malware Defense is a Multi-Prong Strategy

Very few readers suggested anything short of a multi-prong defense against malware. One of the most popular combinations by far was Microsoft Security Essentials running every day + frequent scans with CCleaner (to clean out the non-malware crap you don’t want to waste your time scanning and dealing with) as well as scans with Malwarebyte’s Anti-Malware. For fighting off messy infections that were already full-blown, Combofix is one of the more popular deep-scan tools.

As an example of the multi-prong approach, reader Duckbrain wrote:

I was dealing with a particularly difficult one for a friend last night. Tried MalwareBytes, Safe Mode and cleaning all startup objects, and even ClamAV on Ubuntu. I finally got it by clicking and pressing keys until it froze and force-closed it. Then I used CCleaner to find the executable in the startup objects and deleted it by hand. Finally, I installed Microsoft Security Essentials to protect from attacks in the future.

Don’t forget to make sure you’ve got an up-to-date anti-virus software installed once you get everything clean. We recommend Microsoft Security Essentials.


For more tips and tricks, hit up the original post to see how your fellow readers deal with malware and what programs they roll out in the attack. Have a question you want to put before the How-To Geek audience? Shoot us an email at tips@howtogeek.com with “Ask the Readers” in the subject line and we’ll see what we can do.

Jason Fitzpatrick is warranty-voiding DIYer and all around geek. When he's not documenting mods and hacks he's doing his best to make sure a generation of college students graduate knowing they should put their pants on one leg at a time and go on to greatness, just like Bruce Dickinson. You can follow him on if you'd like.

  • Published 03/4/11

Comments (45)

  1. zhudock

    For the Multi-Prong Strategy, it should be noted that CCleaner is NOT a malware removal tool, it’s a temp space and history cleaner. A true multi prong setup could be running MSE every day and occasional scans with MalwareBytes Anti-Malware, Spybot, SUPERAntiSpyware and/or Adaware

  2. Jason Fitzpatrick

    @zhudock: Indeed, I updated the post to explain why you want to use CCleaner along side your malware scanners.

  3. Anon

    CCleaner is placebo… Cleaning the temp folder and cookies will give you around 500MB to 1.5GB space back. Ridiculous these days with hard drives of 1TB and more. ‘Fixing’ the registry is not only unnecessary, but can be dangerous.

    @zhudock
    Ad-Aware and Spybot S&D are crap.
    Malwarebyte’s is damn good for freeware.
    SUPERAntiSpyware sounds like bloatware/scam, but is actually one of the most capable software you mentioned!

  4. zhudock

    @Anon

    CCleaner doesn’t remove much for most experienced users, but I’ve run it against a friend’s machine and it removed nearly 3GB of data.

    I haven’t touched Ad-Aware in years and IMHO Spybot is a capable tool, but certainly not the best. These two simply seem to be the best recognized names by less experienced users.

    As for MBAM and SUPER, I agree.

  5. ga4a

    CCleaners capabilities can be really expanded if you create it’s own rules what to clean. Also CCleaner Enhancer can help you extend it some more. It’s a 10 click cleaning and startup, registry error removing and startup editing versus several run commands like msconfig and going through various folders removing data manually. Also it provides an easy way to remove cache and temporary data for not so experienced users who are experiencing problems with corrupted temporary data/cache data that makes them unable to browse certain flash and other files. It even provides cache removal from games like WoW if you are into mmorpg gaming so you don’t necessary have to create batch files to do that.

    No software capabilities can match human knowledge when it comes to how-tos, but come things are certainly much easier to do with help of these kind of apps. CCleaner is the best I’ve found yet. Actually whole Piriform app arsenal is quite useful for me. Defragmenter and CCleaner for sure.

  6. ga4a

    mentioned startup twice* ignore.

  7. asdf-chan

    Use a brain and you will not need any snake oil tools to “defend” your stupidity against any virus, trojan, maleware, ransomware, spyware, etc. Sandboxing is the stupidest shit ever, because everything is vulnerable, meaning that every single application on your system should run sandboxed if you think sandboxing makes you more secure. Avoid browsing as root … lol .. i would guess that 90% of the people here heard of the meaning root, but don’t really understand what it is.

  8. 6205

    Best protection is using your brain. No mallware will ever infect your computer if you will not give them durrin an atempt to execute admin privilegies..

  9. William

    @asdf-chan said “Sandboxing is the stupidest shit ever”
    Your comment is the stupidest ever…

  10. michael

    what about good old rebooting in safe mode? i have had a few tricky pieces of malware that would not let me run any form of virus/malware detection tools. simply starting the computer up in safe mode and looking for some suspicious startup items have allowed me to remove the primary part of the malware/virus. after that i restart the computer in normal mode and use a virus/malware detection tool to remove the leftover files

  11. gyffes

    Actually, the ‘better’ viruses/malwares won’t let you start up in safe mode.

    That’s when you need to startup with one of the various *nix discs, clean from there and then try the Win-specific programs mentioned above (another !! for SuperAntiSillyNameButGreatProduct).

    AVG actually makes a very good linux-based rescue disc: if you have networking, you’ll even be ableto update the AV definitions before you begin the (very long) cleaning process. I recommend it highly.

  12. oneshot719

    In my experience, while some of the best prevention is common sense, why do I not see any mention of preventing it at a network level first?
    For instance, Setup Untangle on your network to block viruses,spyware,and ads before it even hits a workstation. (http://tinyurl.com/4d5rjfy)

    Use OpenDNS as another layer of protection against malformed redirections and spyware. (http://tinyurl.com/657pydr)

    Now that you have that setup, use Adblock Plus (now on Chrome)

    If you get infected, I was surprised one fo the first tips was not to disconnect it from the network and internet to prevent it from “growing”.

  13. asdf-chan

    @William
    Read the full comment and you will see why it is stupid. Every application is vulnerable, so every application must run in a sandbox if you go with that logic, which is total bullcrap. A workaround for stupidity doesn’t mean stupidity itself is gone.

  14. Krysaenaar

    @asdf-chan

    Every application does run in a sandbox. The VM OS is isolated from the host OS it runs on, so if it gets infected then it is only the VM that is infected

    e.g. A VM of XP running in Win7.

  15. Digirati

    asdf-chan — According to your logic, ” i would guess that 90% of the people here heard of the meaning root, but don’t really understand what it is….” that would appear that you have “heard about” sandboxing, but don’t really know what it is. Sure, every app is vulnerable. But not every app is used to browse the web. Do you surf with MS Word? Or maybe the solitaire game? Hmmmmm.

  16. Digirati

    ROFL —- I’m going out on a limb here, but I feel pretty sure that asdf-chan is an MCSE !!!!! (Microsoft Certified Solitaire Expert.)

  17. vistamike

    @ga4a, absolutely. Piriform do a good job and they do it very well (xp, Vista and 7)
    I use Mbam and SAS without problems.
    And the article was concise and to the point

  18. xo99

    Please don’t step into the “false sense of security” trap of sandboxing. If malware manages to install a keylogger you’ve still lost the game …
    Sanboxing is ok, but you still need to take some countermeasures to protect yourself!

  19. Roger That Tech

    As a cmputer business owner I have found the most valuable tools to have when dealing with infected machines these days to be: Safe Mode (if you can), Msconfig to disable all startup,Combofix (if its an XP box) install and run Malwarebytes, and ESET’s excellent online scanner. then reboot and repeat. Occasionally this approach does not work. Then I like Kaspersky’s Rescue disk. Of course this has been S.O.P for the last couple months, so it is about due to be changed according to how the malware changes

  20. Steven Torrey

    Just reading the comments and responses gives greater insight into how the computer works and how to protect yourself on the computer. In the end, the best approach is a good pay for anti-virus program. I’m told from you people at How-to-Geek that Microsoft Security Essentials (free) is excellent but I like the thoroughness of the paid for program. And incidentally, Microsoft being the giant it is, ends up with a moral obligation to provide a free and excellent anti-virus program to protect the computer, since these viruses can be in the most innocuous website. But a paid anti-virus program , for the relatively small price–peace of mind. (Not shilling for the company–but I find AVG works for me. For those who need a hint at what anti-virus program to choose.)

  21. GraveDigger27

    I recommend installing a suite of free apps to prevent most infections. A good anti-virus program (AVG, Avast!, Avira Antivir or Microsoft Security Essentials) with a anti-spyware program (MalwareBytes or SuperAntiSpyware). If you’re running Windows XP or Vista you should improve your firewall with something like PCTools’ Free Firewall Plus, Comodo’s Firewall or ZoneAlarm’s free firewall (which I’m using on Windows 7 – ) – I prefer firewalls that aren’t too talky and aren’t prompting me for permissions all of the time. I like CCleaner to get rid of the crap that gathers on the computer but I’m careful about using registry scanners – too many of them are too aggressive and will screw up your system configuration.

    Download software only from trusted sites (Download.com, FileHippo.com or MajorGeeks.com) and make sure that you update your OS with all of the important updates. Be careful following links in e-mail messages and make sure you scan attachments before opening them. Practice safe computing and make sure that you have a recent backup of your system. External hard drives are really pretty cheap these days – I make periodic disk images of my entire hard drive using the free version of Macrium Reflect (after I’ve run a complete anti-virus/anti-spyware scan on my system) so I have a clean installation of the system that I can restore in a few hours if need be.

    I also keep a disk image of a freshly installed, activated and updated OS installation so I can reinstall my OS without having to go through the process of reinstalling the operating system (which is an upgrade version and needs an existing OS to install to), downloading all of the security updates and service patches, and reconfiguring my hardware. That way I can always have a clean system to try out if I want to switch any of the programs I use (such as office suites, security software or other apps).

    Or I could just install Linux…

  22. asdf-chan

    @Krysaenaar
    Right, when i want to look up stuff on the net i turn on my virtual machine. Maybe i should put a vm in the vm, so the vm that i actually use isnt getting infected. Wait, i should put the vm in a v-

    -yo dawg i heard you like sandbox so we put a sandbox in your sandboxed sandbox which is sandbox, so you can be secured by sandboxing while sandboxing the sandboxed sandbox that sandboxes the sandboxes.

    @Digirati
    True that you don’t surf the web with MS-Word, but still just because something is vulunerable doesn’t mean to stick it in a sandbox.

  23. Melinda010

    After reading this article and all of the comments, here is some perspective from a 57-year old, semi-geek-woman who does NOT work anywhere near the computer or security industry. I’d never heard of sandboxing before today.

    I run Vista, and use my laptop for websurfing & email, and also for a small business, so everything needs to be SAFE. I have always used the full, paid version of Norton, and am been pretty careful about what I open up. In addition, I run weekly scans with CCleaner and Malwarebytes.

    The consensus that I’m getting from all of this this is that I’m going to add Superantispyware to my weekly arsenal, keep up with the backups, and call it a day.

    My laptop is 1-1/2 years old, and I didn’t know to make a copy of the whole OS while it was new. I’ve learned that since, but still haven’t done anything about it. Is that a “better late than never” kind of thing, now that I have so many programs installed? I don’t think that I have anything with enough memory to copy the whole thing. What would make the most sense to buy to do that … that would be the easiest to use, but wouldn’t be too expensive?

  24. Ed Stewart

    Run Linux, problem solved!! The new Unity desktop is great..

  25. sevntl

    Eset Nod32, Superantispyware, CCleaner and Safemode. and I’m Good. for about 4 years and 8 computers. Really.

  26. Burton

    For Melinda010:

    Smart lady, using Norton, no need for all the freebe methods above. Two things you can do now. Go here: http://www.howtogeek.com/howto/4241/how-to-create-a-system-image-in-windows-7/ for info on how to create a system image of your hard disc which will include the operating system and all installed programs. Purchase Norton Utilities to clean-up your discs, repair your registry, manage prograns that try to run on start up and manage the services which run at startup also.

  27. Tony4554

    @Melinda010
    It’s never too late to make an image of your system. I recommend running an imaging program once a week(better daily, especially if you are not running a daily data backup program.) and keep 4 weekly backup images on an external drive at all times. I create an initial image with all the programs installed and save that as your Master clean backup of the entire drive. Make sure that the hidden partitions are marked to be backed up in the process also. I install Norton Ghost on just about all of my clients computers and servers. There are several programs out there but I install Ghost and Acronis the most. They are imaging programs and fairly easy to install and use. I do not know the size of your hard drive, so I will only guess at a safe recommendation size of between 1.0 and 1.5 TBs. Total cost for app and drive from Newegg.com [ software - $50 and Drive - $80 ]. It will be your best insurance purchase. As the saying goes “It’s not if your drive crashes but WHEN” A data backup program to an external drive is great to save data only. With an imaging program EVERYTHING can be imaged to a crashed drives replacement in a matter of a couple hours. Operating system, data and programs are back up and running at the point the last image was made. So much more can be added here but this article isn’t focusing on imaging.

  28. Phil Lewin

    I’m fighting with a browser hijacker called Tazinga and have been running Malwarebytes, Superantispyware,ad-aware, Windows defender and spybot search and destroy. I have free avg anti-virus and paid zone alarm firewall and…. can’t get rid of the damn thing.

    From the above I will try safe mode. In msconfig I have been trying to ID anything is startup that is a problem with, unfortunately, no success.

    Anyone have anything on this specific problem (Tazinga).

    TIA Phil

  29. Ken Larsen

    Phil Lewin – One thing you didn’t mention that I do with tough infections is to turn off System Restore before starting in safe mode and then running Malwarebytes.

  30. sportsaddict

    Mine has no antivirus program.Just deleted my Windows Vista and installed UBUNTU.

  31. sean

    I don’t need no antivirus…

    I got a HUGE Pit Bull Terrier.

    No malware is foolish enough to try and get past her.

  32. ken

    What I would say is: Use your free anti this anti that no harm in that, just don’t pay for it. Also nothing wrong in sandboxing it does help as long as you know what your doing.

    Just make sure you have your ERD disk and all is well in the world.

    Those of you that have gone to Ubuntu…don’t lie you still use MS I know you do cos you can’t do without it.

  33. cityboy3

    ALL you have to get ( after ) you clean your computer is Microsoft Security Essentials. I been using it for 2yrs. now and zero problems

  34. cityboy3

    O yeah have a nice day!

  35. Melinda010

    Tony4554,

    Thank you so much for taking the time to reply to my post. It was VERY helpful. In 20-plus years, I’ve never had a total crash or a serious malware infection (knocking on wood); but – like you said – it’s more of a matter of “when”. I know that these days are not the time to let your (my) guard down, especially since I have added a business into the mix now.

    Two more questions: If I were to pick one of the “imaging programs” that you wrote about, would Ghost be better than Acronis, and should I still do regular backups with a program like Macrium Reflect? I’ve been reading cnet reviews on all of them, and it makes my brain hurt! For every good review, there is a bad review for every program that I’ve looked at. Then I’m left with – which one to trust. It makes sense to me to use Ghost, since I already run Norton. Do you agree, or doesn’t that matter?

    Honestly, I don’t know if I’ll keep up with it if I have too many things to do, so I need to keep it as simple as possible, with as much being automated as possible after the initial set-up. I do have a Seagate external drive, but don’t keep it hooked up all of the time (to be able to automate backups) because – even though I mostly use my laptop as a PC, with printer, speakers, mouse, etc. hooked up to it – I frequently unplug everything from the laptop to move it to the couch or the patio. Also, I don’t think there’s enough space on the Seagate to put the whole image, including the operating system and all. I guess that I will need to go shopping. Uff-da! The price that you quoted is lower than what I expected, so THAT’S a good thing. Thank you for that recommendation, too.

    Best regards, Melinda

  36. Darklord

    Melinda,

    If you have not had any serious issues in 20+ years then you already have a good idea about what your doing right and wrong. Most malware comes from sites most people in their right mind don’t go to anyway, and allot of drive-by malware is blocked by a decent firewall or antivirus, and also by most of the browsers.

    Even so,allot of legit sites are being infected as well but common sense takes over if you are asked to install a program or download you did not ask for, but like I said most of this crap is blocked by antivirus or your browser..etc.

    It’s not a fact that everyone is going to get some form of serious infection, this is like saying every human is going to get a life threatening disease. On the other hand there is also malware that does not show any signs of intrusion, or very little, but this leads back to common sense knowing who is using your computer and how secure is that computer. Like say password protected and encryption/tracking software for laptops.

    The biggest worries for most infection comes from kids and people that file share, or just do things that are just as risky out of cyberspace as it is in.

    If your computer is for work primarily, then it’s kind of a no brainer to back the drive up daily, but for the average home user that’s not inclined to do anything to crazy bi-weekly or monthly is fine.

    As for which back-up program, the first thing I do when considering any new software is to check the company forum for issues and then do a google search for problems with the software and your hardware. The other thing to think about is features, if you know you won’t use half or most of the features on any given program then that’s not the one for you.

    I’m partial to Acronis for their support. Over the years any issue I’ve had is almost always answered in 24 or less and with excellent follow up support, plus try and decide is a nice feature in Home Backup for Acronis.

  37. Oneshot719

    For those interested in cloning, keep in mind it’s included in some versions of windows 7.
    For others use a free program called clonezilla
    Google it and it’s simple and free

  38. Melinda010

    Darklord, Yes, my common sense meter has worked pretty well up to this point, but I still need to get that full system snapshot backed up, and do a better job of getting weekly incremental backups done. I’m sure that I represent 90% of the computer-using world in that. Thanks for your input. It helped to put some things in much appreciated perspective.

  39. lionhearted43

    @ cityboy3 wow MSE has been out 2 years damn time flys….lol

    I myself use MSE malwarebytes and ccleaner (cc for junk)

  40. Dan

    The linuxtards just don’t get it. We would rather settle for the remote possibility of getting infected in Windows over using Linux for anything. The difference in user experience is just that stark. And I’m saying this even though I use both OSes.

  41. Sparky

    speccy tells me what I have…
    MSSE protects me for free…
    ghostery keeps me from evil…
    redirect remover keeps me from trouble
    carbonite promises to indemnify me to square one when I get jacked

  42. DavidK

    Melinda010

    Although this seems to be off topic for malware and virus removal, I will throw my two cents worth in and recommend “Macrium Reflect” for imaging your Vista machine. Over the years I have used “Powerquest/PQI, Ghost, Acronis and many others. Although all of these products are very good, the bottom line is you want something that is easy to use and will give you the capability of a full/differential/incremental image/backup. I have the purchased version of Macrium Reflect and although it adds a few features and is relatively inexpensive, the free version does an excellent job. I highly recommend Macrium Reflect.

    DavidK

  43. Chad

    Could someone provide legitimate download site for ccleaner? No 3rd party downloads.

  44. Melinda010

    Chad, Here’s a link for cCleaner:

    http://www.piriform.com/ccleaner

    David, Thank you for your two cents about Macrium Reflect. Actually, that’s the one that I had kind of decided on, based on a couple of other comments here, so I appreciate having another positive review from you on the free version.

    I didn’t get the time to finish up my backup projects last weekend … and now I’m short an hour! Bets on whether I’ll get it all done today or not will be handled by my bookie, Snarkie the Shark.

  45. NCPhantom

    It seems CCleaner is getting the short end of the stick here. CCleaner is not an anti- malware program obviously – but running it frequently does remove temporary internet files which, in most cases, is where the malware/viruses/adware, etc. originate on the PC. If you want to be thorough about ensuring all remnants of the “nasties” are gone, use CCleaner frequently!

Enter Your Email Here to Get Access for Free:

Go check your email!