Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login

Log In

A valid email is required.
Password is required.
Posted: 11/27/2011 4:58:40 PM EDT
[Last Edit: 12/21/2011 5:07:19 PM EDT by Brian12]
Hi everyone,

I would like to share my malware removal guide with all of you. It contains step by step instructions on how to remove malware from a computer. It's still a work in progress. I would appreciate any feedback.

This guide will help you clean your computer of malware. If you think your computer is infected with a virus or some other malicious software, you may want to use this guide. It contains instructions that, if done correctly and in order, will remove most malware infections on a Windows operating system. It highlights the tools and resources that are necessary to clean your system. Malware is a general term for any malicious software, including viruses, trojans, rootkits, spyware and adware.


Guide: http://www.selectrealsecurity.com/malware-removal-guide


Link Posted: 11/27/2011 6:17:50 PM EDT
add 'delete internet explorer's temp files cache.' wit the delete temp folder.

I've also seen things hide in the temp folder of the pseudo users 'Local system' and 'Network Services'.

also should have section to reset winsock to fix browser hijack type things.. for XP anyway

http://support.microsoft.com/kb/299357

Link Posted: 11/28/2011 3:04:41 AM EDT
Link Posted: 11/29/2011 3:09:06 PM EDT
Thanks.
Link Posted: 11/29/2011 3:25:48 PM EDT
Looks good. I've had great luck with Kaspersky Rescue Disc installed to a USB drive. Boot from that and let it run a scan, then reboot and let Malwarebytes do its thing.
Link Posted: 12/1/2011 7:44:42 AM EDT
I can save you a lot of work; Install Linux

Just kidding. Great job on the writeup. Most of the programs I've used at one time or another, but there were a few on your list that I wasn't aware of. Looks like I have some more documentation and programs to put into my bag of tricks. Thanks!
Link Posted: 12/2/2011 7:22:24 AM EDT
Nice job. I noticed that Ccleaner is in the article. When possible, I've run it before running Malwarebytes to I wouldn't waste time scanning un-needed temp files.
Link Posted: 12/4/2011 8:07:36 PM EDT
Brian12,

Your post could not have been timelier for me. By the way, Welcome to Arfcom.


I buy every other year the cheapest piece of crap laptop money can buy. Computers perform a few basic applications for me so I don't need much. Last purchase is what I'm typing on now. HP Mini, woo, hoo...

My idea of virus control is simple. If computer catches one use this. Remington Virus Destroyer, version 870.


Now, as you've guessed by now my computer skills ain't too savvy. Whatever got a hold of my mini shut it down, insisted I download it's version of malware and screamed like a big cat every five or so minutes. I couldn't load a program, free version of McAfee er nothin. I'd let my Norton prescription to computer slowdom go a few years ago.

So I go to town and buy the latest Kaspersky One, Universal Security and try to load. Worm ain't havin none of that. So I log onto my Android and look for this forum, finding this thread and tutorial. Had forgotten about safe mode. If it were not for tutorial I wouldn't have found it.

Geek squad wanted $199.00 to fix my $248.00 computer, yea right. If it weren't for having some photos newly loaded for a defensive carry thread not yet backed up to photobucket, version 870 Virus Destroyer would've been deployed.

Thanks to your thread I was able to get to safe mode, remember how to do system restore. Then load Kaspersky.

Thanks Brian.

david

___________________________________________________________________________________________________________________________________


All sounds (eyes rolling) simple to you guys but to me to me it was a huge deal. This OP deserves a place in tacked gateway thread or thumb tack.

Link Posted: 12/5/2011 1:13:37 PM EDT
Hi David,

I'm glad you found my guide useful. Thanks for the comments everyone.
Link Posted: 12/21/2011 5:09:39 PM EDT
Update:

- Added RogueKiller (Additional Detection/Removal Tools)
- Added Windows Defender Offline (formerly Standalone System Sweeper)
- Added Ultra Virus Killer (Additional Detection/Removal Tools)
- Added file sizes (Additional Detection/Removal Tools)
- Removed unnecessary links
Link Posted: 12/21/2011 7:01:28 PM EDT
Good list. When I first started in IT years ago I wish I would've run into a list like this.

I spent many a weeks trying to find the ideal virus removal program. Like you and many others, mbam has become my favorite.

However, I have run into many severe rootkits recently that TDSS and MBAM haven't been able to tackle, and combofix has been the only solution. I'd suggest adding it to your list.

Bravo
Link Posted: 12/23/2011 10:12:33 AM EDT
Hi bassboy,

Thanks for the suggestion.
Link Posted: 12/24/2011 2:59:48 AM EDT
Not a bad document, but your "Note 1" is really the only thing necessary.

I *HATE HATE HATE HATE* seeing people say, "Oh, I ran malwarebytes and now my computer is clean!" It's not. You just don't know what malware you're running now, and your computer is probably part of a bot farm.

Anyway, that's the advice I give everyone who comes in here with "I got a virus, what do I do". Wipe and reload, it's the only way to be sure. Or switch to Unix, preferably packaged with a Mac.

Link Posted: 12/25/2011 7:44:30 PM EDT
Hi Josh,

You make an excellent point. Thanks.
Link Posted: 12/28/2011 10:59:49 AM EDT
Update:

- Added instructions on how to fix the Registry (Preparation for Removal)
- Changed Malwarebytes download link
- Added note about manually updating Malwarebytes (Step 2)
- Updated HitmanPro (3.6)
- Removed F-Secure Online Scanner
- Added Bitdefender Bootkit Removal Tool (Additional Detection/Removal Tools)
Link Posted: 12/29/2011 6:39:16 PM EDT
OK, I'm following the instructions, but how do I fix this:

Link Posted: 12/29/2011 6:59:17 PM EDT


OST.

Link Posted: 12/29/2011 7:23:15 PM EDT
Hi txgp17,

Right-click the FixNCR.reg file and click Merge.
Link Posted: 12/30/2011 7:42:20 AM EDT
Originally Posted By Brian12:
Hi txgp17,

Right-click the FixNCR.reg file and click Merge.
I don't have "Merge" as an option. I'm running MS XP Home Edition 2002 SP3.
Link Posted: 12/30/2011 7:47:14 AM EDT

Originally Posted By txgp17:
Originally Posted By Brian12:
Hi txgp17,

Right-click the FixNCR.reg file and click Merge.
I don't have "Merge" as an option. I'm running MS XP Home Edition 2002 SP3.



By default Windows should know what to do with a .reg file, but you can do it manually.

Go to Start -> Run and type "regedit" and hit <Enter>.

Go to the File menu, select Import, and then locate and double click the .reg file.
Link Posted: 12/30/2011 7:50:07 AM EDT
[Last Edit: 12/30/2011 7:50:19 AM EDT by BushBoar]
ETA: doubletap
Link Posted: 12/30/2011 9:12:55 AM EDT
[Last Edit: 12/30/2011 9:13:30 AM EDT by Brian12]
Follow the steps provided by BushBoar. It should work.
Link Posted: 12/30/2011 11:22:47 AM EDT
'Hiren's boot cd' is a good one to throw on your keychain for almost one-stop-shopping for most comp repair. Boots into linux, windows, and some custom shit.
Link Posted: 12/30/2011 8:51:53 PM EDT
Originally Posted By BushBoar:
Originally Posted By txgp17:
Originally Posted By Brian12:
Hi txgp17,

Right-click the FixNCR.reg file and click Merge.
I don't have "Merge" as an option. I'm running MS XP Home Edition 2002 SP3.



By default Windows should know what to do with a .reg file, but you can do it manually.

Go to Start -> Run and type "regedit" and hit <Enter>.

Go to the File menu, select Import, and then locate and double click the .reg file.
That didn't seem to change anything, it still asks which program I want to use to open the file.
Link Posted: 12/31/2011 1:33:26 AM EDT
[Last Edit: 12/31/2011 1:34:12 AM EDT by cruze5]
Link Posted: 12/31/2011 11:36:41 AM EDT
Originally Posted By cruze5:
Next time please open your own thread
Posted: 12/5/2011 12:25:41 PM EST - Trojan / browser hijack problem, unable to remove, please help
Link Posted: 1/7/2012 10:47:42 AM EDT
[Last Edit: 1/7/2012 10:50:10 AM EDT by Brian12]
Update:

- Changed the link to backup instructions
- Added Windows Repair by Tweaking.com (Fix Post-Disinfection Problems)
- Removed TaskManager.xls
- Added Process Hacker (Additional Detection/Removal Tools)
- Removed unnecessary links

http://www.selectrealsecurity.com/malware-removal-guide
Link Posted: 1/7/2012 1:53:28 PM EDT
to import a .reg file when .exe are hijacked, broken and explorer is wonky.

start task manager (ctrl+shift+esc) and pray IT is not broken also.

file->new

change selection box to all files (*.*) find the .reg file you want to merge, right click on it and you can select merge from the popup menu.
Link Posted: 1/8/2012 3:00:26 AM EDT
Link Posted: 1/8/2012 8:36:40 AM EDT
I didn't know I had a message. I sent a message back.
Link Posted: 1/13/2012 11:26:46 AM EDT
Update:

- Removed unnecessary notes (Step 2)
- Revised instructions for running SuperAntiSpyware (Step 2)
- Removed tutorial links (Step 2)
- Changed the order of steps in After the Removal Process
- Added instructions on how to Repair Windows Update and Firewall (Fix Post-Disinfection Problems)
Link Posted: 1/22/2012 12:00:27 PM EDT
[Last Edit: 1/22/2012 12:02:19 PM EDT by Brian12]
Update:

- Added a Comments and Reviews page (under the title)
- Created a PDF version of the guide (under the title)
- Added a link about disconnecting your Internet connection (Step 2)
- Added a link to Malwarebytes randomly named installer (Step 2)
- Combined steps: Get Expert Analysis and Further Help

I also created a Google+ page. https://plus.google.com/106459453799715716104/posts Please follow me.
Link Posted: 1/26/2012 9:07:49 PM EDT
Brian,

You are awesome!!!!!

I have been living with web browser redirects for months. Been cutting and pasteing in order to use the net for so long that I forgot what regular hyperlinks on Google were like. Your simple instructions helped me to clean up the computer, Super anti spyware cleared off a trojan, and I was able to use the program to reset the hosts file. The laptop works great now.

Thank you so much. The assholes who write the damn viruses and mal ware never know who they are hurting. Im telling you that you just really helped me.
Link Posted: 2/6/2012 2:52:59 PM EDT
[Last Edit: 2/6/2012 2:53:58 PM EDT by Brian12]
Hi JeepinSoldier,

I'm glad that my guide helped you!

Update:

- Added a new image (Introduction)
- Added a new page: Fix Internet Connection after Malware Removal (Removal Process)
- Added an important note - RKill (Step 2)
- Removed Malwarebytes offline database installer (isn't updated often)
- Removed SuperAntiSpyware (Step 2)
- Changed a few links
- Updated the PDF version
Link Posted: 2/9/2012 10:56:05 AM EDT
Hi everyone,

Recently, I've been getting questions about my recent update (particularly the part about removing SuperAntiSpyware). I would like share the reasons why I removed SAS.

I removed SuperAntiSpyware for the following main reasons:

1. SuperAntiSpyware has the lowest malware detection rates compared to Malwarebytes and HitmanPro.
2. The fact that HitmanPro uses 4 antivirus engines to detect malware.
3. Malwarebytes and HitmanPro provide adequate malware removal when used together.

SuperAntiSpyware is still an excellent product, and I will definitely keep an eye on it.

Brian
Link Posted: 3/3/2012 12:50:00 PM EDT
Update (1.1):

- Added a version number
- Added an important note about the time (Introduction)
- Revised the Fix Executable Files section (Preparation for Removal)
- Added an important note about broken Internet connection (Removal Process)
- Revised the Repair Windows Update and Firewall section (URLs)
- Updated file sizes (AV Rescue CDs)
- Added a few new links
Link Posted: 3/30/2012 6:32:35 PM EDT
Update:

- Added a last updated date
- Revised the introduction
- Created a new page: http://www.selectrealsecurity.com/stop-malicious-processes
- Replaced FixNCR.reg with RKill
- Moved Safe Mode to the Preparation section
- Removed aswMBR
- Updated the PDF version
Link Posted: 4/9/2012 12:31:21 PM EDT
Update:

- Revised the introduction
- Added an important note about the USB autorun file (Preparation for Removal)
- The guide is now officially copyrighted (added copyright notice).
- Changed the subheadings
- Revised page: Stop Malicious Processes and Fix EXE Files
- Revised Step 3
- Changed a few links
- Updated the PDF version
Top Top