Scrub Your PC Clean: Remove Malware in Four Easy Steps

19

Comments

+ Add a Comment
avatar

Inskipp

In the magazine, the link for combofix is not the official source of combofix.  When you run combofix, it specifically says to make sure you got it from the proper source:  http://www.bleepingcomputer.com/combofix/how-to-use-combofix.  On that page also are the warnings and instructions on its use.

Also, I use TDSSkiller from http://support.kaspersky.com/faq/?qid=208280684 to check for rootkits.  Many recent malware install variations of these, and some of them are extremely difficult to remove with 100% confidence.  Many times I’ve seen infections come back on systems that were not checked properly for rootkits.

On one of the comments above, someone asked why do you not clear the temp files before scanning.  Some of the rogue anti-virus malware programs actually hide your files and shortcuts, and sometimes they keep a backup copy in the temp files folder.  If you clear them first, it may be impossible to recover your desktop and start menu shortcuts later.

avatar

Nimrod

my machine is a porn server that i like to have shady hookers on and some times they use its water cooler as a toilet even tho its got brown and reed soars all over the case oh and also its only got 256 ram so how can i clean it please?

avatar

Nimrod

oh but the ram is FAST it has a cas latency of only 1 and i hurd that DDR3 has a 9 so does that make my scanner faster can some one please halp?

avatar

anonymousperson

If you are using the dev build of Chrome, you can enable click to play for plug-ins under the about:flags page. You have to then enable it under content settings. Don't know about other builds.

avatar

essjay22

  What ppl really need to do is start making backup images of their boot drives so NONE of the above will ever be required !! Use a good image program and image weekly so if you have any kind of problem, you can drop the image on your infected drive and be back up and running in about 10 minutes. That beats all kinds of running around trying various removals and scans which can take a *long* time.

Good article though, Thanks.

Long live combofix!

avatar

MarioJP

One thing I will admit these retail PC's have is the built in recovery partition!. So far i been lucky that this still works regardless how infected windows is. When using the recovery method MAKE SURE YOU SELECT DESTRUCTIVE MODE. I've noticed many techs oversee this A LOT!. Then they wonder why the virus is still there.

avatar

Blues22475

Usually when I get systems in that are infected here's what I do:

1. Start system in Safe Mode with Networking.
2. Install Malwarebytes Anti-Malware
3. Install SuperAntiSpyware
4. Install Ccleaner
5. Do a full scan with Malwarebytes in Safe Mode
6. Do a full scan with malwarebytes in Normal Mode (i.e. booting regualrly).
7. Run SuperAntiSpyware with a full scan and in "Full Boost" Mode.
8. Use Ccleaner to clean temp files. Done.

If it winds up worse, I use some tools like Hitman Pro or TDSS Killer. I very rarely run Combofix as it can be dangerous (thought it's better about CYA now). I very rarely use it unless I am 95% sure it'll fix an issue. This method has worked 95% of the time.

avatar

p309

Why do you not remove the temp files first? It can take much more time if you're scanning them along with everything else.

Also, if I may recommend that your steps include removal of all System Restore points, and set a new one when you're finished. You have a very good routine going there.

avatar

winmaster

"Make sure you’re at least sporting the latest version of one of the “Big Three:” Internet Explorer, Firefox, or Chrome. "

 

No love for Opera?

avatar

Morete

I've always used SuperAntiSpyware.  Nice product.  Now with their 5.0 version it actually uses separate cores of the processor for running three tasks at the same time.  No more bottlenecking.  Good going!  I've tried their "pro" version and I didn't notice any real-time protection like they advertise.  I still got the tracking cookies, etc.

Microsoft Security Essentials is the best free one out there as far as I'm concerned.  With the full scan, it gets them all. Unfortunately, their real-time protection does not seem to work either.

For paid versions, G-Data is my choice.  Kapersky is probably right up there too but I've never tried it.  The problem with these is that they are resource hogs and slow the system down way too much.

avatar

Engelsstaub

Microsoft Security Essentials is the way to be for Windows now, IMO. I have ESET on my PCs (excellent) and my Mac (useless/overwhelmingly pointless) right now but...

...I think MS really did the right thing by creating their own AV solution. You and they know it has to be decent because Redmond's rep is riding on it.

I'm generally happy with ESET but will likely not renew it. Paid AV on Windows is now for suckers IMO and Microsoft should be commended for their efforts.

I've used Malware Bytes for years on Windows. It's never found a thing. I don't think it sucks at finding them, I just think I suck at getting them ;)

avatar

mario_ramalho

I too have fallen victim of nasty malware. The kind that disables the Task Manager and System Restore, and spreads like wildfire. Spybot would pop up countless times with new files created by this monster, and nothing i had at the time would get rid of them. Eventually, after a couple of days of investigating, with the help of Spybot, if found the culprit file, but couldn't get anything to get rid of it, even in safe mode. I even ran MSCONFIG to see if it was there as a startup app, but there wasn't. Finally, i popped in a Ubuntu LiveCD, went into the folder where Spybot identified the malware file to be, and got rid of it. Then booted Windows in safe more and was able to get rid of the rest of the infestation.

avatar

don2041

I have a couple of older slow rigs so I use external drives to store all my data. I then can plug them into my speed machine to scan. Also this leaves less of a foot print on the boot drives on the slow machines so scans don.t take a week of sundays to complete.

avatar

MarioJP

This article gave me more antivirus program to try out. One thing I am curious is what if the machine is a HP running 512mb. These scans can take forever. When I work on the machine and find one of those machines with min specs. best alternate option is to pull the drive and use a much more faster machine. Makes data backups easier and virus scans much faster. Now of course if that option is not around best bet is to backup their data and reformat.

avatar

erniemink

I use SuperAntispyware (paid version of course), Malwarebytes (paid version of course), Spybot Search and Destroy with immunization and tea timer applied and running, Online Armor Paid Version Firewall, Paid Version of G-Data AntiVirus. You will not have any issues with all of this and you MUST keep ALL up to date including using Windows Update as well. And install Windows 7 (scrap XP)

avatar

MrBlueCheese

I thought the paid version of Malwarebytes and Armor paid version firewall would conflict? Also, wouldn't a paid version of Malwarebytes and G-Data AntiVirus have problems as well?

 

It seems to me that some of your programs will conflict and cause problems in terms of your security.

avatar

Blues22475

That's about what I am saying. You shouldn't really run two real-time anti-virus programs on your computer at the same time. Eventually you will run into issues such as your computer slowing to a crawl, or some issues with startup (just as a couple of examples I've seen already).

avatar

nealtse

I can reformt my boot hard drive and be un and running with all my apps and updates in half a day.  Or I can spend a week trawling malware removal forums and waiting for replies.  All of my documents and data files are already on another hard drive.  I'm going with the tried and true guarantee that you will not have that malware anymore.

avatar

MrBlueCheese

Reformatting the hard drive doesn't guarantee that there's no more malware. Its just the most effective solution for doing so.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.