The Official Malware/Antivirus Thread - Need help or general advice? Read this first!

[irishjayhawk]

For preventative measures, I believe these should be mentioned:

Lavasoft's AdAware
Spybot Search and Destroy
Spywareblaster

It's been a while since I've actively used those, but they were gold back in the day. Ran the first two at 3am once a week. Updated the third one once a month (You can purchase autoupdates for $10).

[Bearcat]

Quote:

Originally Posted by irishjayhawk

For preventative measures, I believe these should be mentioned:

Lavasoft's AdAware
Spybot Search and Destroy
Spywareblaster

It's been a while since I've actively used those, but they were gold back in the day. Ran the first two at 3am once a week. Updated the third one once a month (You can purchase autoupdates for $10).

I had forgotten about AdAware.. I used to use AdAware, Spybot, and malwarebytes all the time. I've read Spybot is no longer one of the highly recommended tools, but I'll look into those 3 some more.

I'll probably expand on the preventive stuff... the EliteKiller link provides links to reviews of scanners, and the readme of the rogue kit provides links to online scanners, so it's a challenge to not repeat stuff and keep the post fairly concise.

[thecoffeeguy]

Quote:

Originally Posted by Bearcat

This thread provides information on malware removal, links to malware removal tools, and recommendations & links to anti-virus software. The intention of this thread is to provide quick and accurate support for malware-related issues and questions.

Many people here are willing to provide assistance if you're having computer problems, and this thread is not meant to discourage people from asking for help.... but, please read the information provided first, or else there's a good chance you'll be sent here, here, or here . We aren't Geek Squad, so while we won't grossly overcharge you for information and advice, we also aren't responsible for anything you do to your computer.

Also, feel free to make suggestions on the content of this post, and I'll try to keep it up to date.

Research

A lot of information can be found at this EliteKiller link, including...

• Links to recommended malware scanning & removal tools, including the Rogue Removal Kit (which includes combofix), malwarebytes (aka MBAM), and Hitman Pro.
• A link to HiJackThis, which creates a log of registry entries, running services, etc; that can be posted here for additional support.
• Reviews, recommendations, and links to antivirus software, on-demand scanners, and online scanners.
• Information on firewalls and unsecured networks, as well as malware/virus prevention.

Malware removal

If you think your computer is infected, the EliteKiller link provides a thorough solution. Simply put...




The Rogue Removal Kit is is a zipped file that includes malwarebytes, CCleaner (a registry cleaner that will also delete temporary files), Combofix, Hitman Pro, and HiJackThis (HiJackThis is optional, see below). The instructions guide you through running these tools in Safe Mode With Networking; then running malwarebytes and an online scanner in Normal Mode.

Some people don't recommend running Combofix unless you're fairly certain you need to use it, but I've never heard of people having major problems with it. Here's a list of symptoms to Vundo infections, which may help determine if you need to run Combofix. You can also look here to see instructions with screenshots on how to use Combofix.

My two cents on downloading anti-malware software...

• Download it from another computer if possible, or from Safe Mode With Networking on the infected machine.
• The elitekiller article mentions downloading the software to a USB drive. Do not download the software to a USB drive on the infected machine if you're not in Safe Mode, or else you risk infecting the USB drive and other computers you connect the drive to in the future.

To get into Safe Mode With Networking, press F8 every couple of seconds while the computer is starting (before the Windows splash screen). If you see the Windows splash screen, you will need to try again. The safe thing to do is log into Windows, restart, and try pressing F8 several times before seeing the Windows splash screen. Alternatively, my advice that falls into the category of “what I'd do if it was my own computer, but wouldn't tell someone to do it if I worked in tech support” would be, if you didn't get into Safe Mode the first time and you're at the Windows splash screen, hold down the power button until the computer turns off. When you start the computer again, it should automatically ask you if you want to go into Safe Mode With Networking.

If you get a Blue Screen of Death after selecting Safe Mode With Networking, read the following posts on how to fix it:
http://blog.didierstevens.com/2006/06/22/save-safeboot/
http://blog.didierstevens.com/2006/0...ring-safeboot/
http://blog.didierstevens.com/2007/0...th-a-reg-file/


Still infected, or just want to make sure everything is okay?

HiJackThis is a tool that will create a log file that can be analyzed by geeks to see what is running on your computer. Install and run HiJackThis (preferably in Safe Mode With Networking), and select 'Do a system scan and save a log file'. You can then copy/paste the output to this thread, and with any luck, someone will stop by and let you know what you can delete. You can then checkmark the items in HiJackThis and click 'Fixed checked'.

Good write up. Well done.

I will see what I can come up with as well.

I have a few ideas of stuff that we can add and future items coming out that will help with malware crap.

Quote:

Originally Posted by irishjayhawk

For preventative measures, I believe these should be mentioned:

Lavasoft's AdAware
Spybot Search and Destroy
Spywareblaster

It's been a while since I've actively used those, but they were gold back in the day. Ran the first two at 3am once a week. Updated the third one once a month (You can purchase autoupdates for $10).

I am not a fan of any of the above. AdAware and Spybot used to be pretty good, probably the best to use at one time. However, many other tools have surpassed these.

I still believe hijack this is still one of the better tools to use to find malware and crap. Removing it, is another thing.

[DaFace]

Quote:

Originally Posted by thecoffeeguy

Good write up. Well done.

I will see what I can come up with as well.

I have a few ideas of stuff that we can add and future items coming out that will help with malware crap.



I am not a fan of any of the above. AdAware and Spybot used to be pretty good, probably the best to use at one time. However, many other tools have surpassed these.

I still believe hijack this is still one of the better tools to use to find malware and crap. Removing it, is another thing.

Agreed.
Posted via Mobile Device

[BryanBusby]

Quote:

Originally Posted by thecoffeeguy

Good write up. Well done.

I will see what I can come up with as well.

I have a few ideas of stuff that we can add and future items coming out that will help with malware crap.



I am not a fan of any of the above. AdAware and Spybot used to be pretty good, probably the best to use at one time. However, many other tools have surpassed these.

I still believe hijack this is still one of the better tools to use to find malware and crap. Removing it, is another thing.

I'm not a fan of adaware at all any longer. Last time I installed it on a system, it was a system resource whore.

If you have a legit copy of Windows installed, I strongly recommend using Microsoft Security Essentials. Not only is it pretty damn good, easy on system resources, it's FREE.

http://www.microsoft.com/security_essentials/