Malware cleaning tools thoughts

[ComputerPro]

Just wondered what everyone's thoughts are on running the following programs for malware cleaning. The pros and cons of each and if there are any others that should be included.

-rkill:
-ADW
-JRT
-comboFix

-MalwareBytes
-SAS
-HitmanPro

Thanks,

 

[NYJimbo]

SAS is dead to me. Too much noise about cookies and not real threats. Even though you don't mention it, TDSSKILLER is also heading towards the recycle bin pretty soon.

For hitmanpro I have been booting hitman pro kickstart, not sure if it is the same/worse/better than straight hitman during the normal runtime but it does fix a lot of nasties.

I would add Roguekiller and maybe play with Sophos virus removal tool.

Whatever you use, don't just download it once and update, download the "engine" at least once a month because these guys are always updating the core application as well as the databases.

 

[ComputerPro]

download

Thanks NYJimbo. We usually run them using D7 so hopefully the engines are current.

 

[ComputerPro]

addl stuff

What are your thoughts on reg cleanup like CCleaner reg fix option, then following up with AutoRuns to remove file not founds etc.

I know reg cleanup can be risky. Does anyone do it automatically as part of their cleanups?

 

[NOOB_TECH]

SAS moslty finds cookies. Like Jimbo said.

Combofix-is a last resort for me, and this is only used if all other tools have failed. I'm not sure who writes this program, I can't control what it does, and I don't know what it is doing.

Find me a technician that knows exaclty what combo fix does and then maybe I will trust this program.

Same goes for JRT, this tool just blows through the entire system, without giving you any type of control.

ADW cleaner is great! It does gives you control of what you are deleting.

Rogue Killer-This is a new tool for me. This tool holds alot of promise for me.
Just make sure you know what you are deleting.

Has anyone used aswMBR?

I have tried this tool a few times and it doesn't find anything.

 

[SilverLeaf]

.....snip.......

Has anyone used aswMBR?

I have tried this tool a few times and it doesn't find anything.

I use it frequently, but not to scan the whole system. If fact, I don't even let it download definitions. I just use it for a quick check of the MBR.

 

[SilverLeaf]

SAS is dead to me. Too much noise about cookies and not real threats. Even though you don't mention it, TDSSKILLER is also heading towards the recycle bin pretty soon.

For hitmanpro I have been booting hitman pro kickstart, not sure if it is the same/worse/better than straight hitman during the normal runtime but it does fix a lot of nasties.

I would add Roguekiller and maybe play with Sophos virus removal tool.

Whatever you use, don't just download it once and update, download the "engine" at least once a month because these guys are always updating the core application as well as the databases.

I still run TDSSKiller, mainly because its habit, and it only takes a few seconds. But yeah, I can't remember the last time it caught something. On several occasions it has alerted me to a leftover TDSS filesystem from a previous infection though....which, if nothing else, lets me know that at some point the machine was probably badly infected.

 

[Wezzel98765]

SAS moslty finds cookies. Like Jimbo said.

Combofix-is a last resort for me, and this is only used if all other tools have failed. I'm not sure who writes this program, I can't control what it does, and I don't know what it is doing.

Find me a technician that knows exaclty what combo fix does and then maybe I will trust this program.

Same goes for JRT, this tool just blows through the entire system, without giving you any type of control.

ADW cleaner is great! It does gives you control of what you are deleting.

Rogue Killer-This is a new tool for me. This tool holds alot of promise for me.
Just make sure you know what you are deleting.

Has anyone used aswMBR?

I have tried this tool a few times and it doesn't find anything.

JRT and combofix BOTH run a backup and system restore backup before doing any hard work.

I have had combofix render a system's network completely unusable before. Tried a repair installation, tried new service pack, tried new drivers, tried EVERYTHING!!!

Oh, except going to the pre combofix restore point... which fixed the issue

 

[joydivision]

A lot of these programs are not free for commercial use and can be very expensive.

I find ADW very effective in what it does. Malwarebytes is now too expensive so I don't bother with it.

I do use Combofix and I don't find it causes any problems.

SAS is now useless but I still run it simply because I have the licence.

Process Explorer and Autoruns is simply a must, they give you a very clear view of exactly what is going on.

TDDS Killer again not much use these days but still run it out of habit.

Hitman Pro is simply too expensive

 

[Tekguy]

I agree with the others that SAS isn't even close to Malwarebytes. TDSSKiller looks like it went through an overhaul recently with the download size being about twice as big & the new license agreements.

Hopefully that will translate to better detection rates because I'm about ready to stop using it myself. BTW, here's the download link for the new version of TDSSKiller. Not sure why Kaspersky doesn't just replace the old version with the new one instead of having 2 separate ones & telling you to download the newer version when you run the older version.

http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe

 

[bertie40]

I run adwcleaner and rogue killer as a duo, one after the other.

So sad about SAS. it used to level peg with MBAM, but I've seen it miss stuff too many times.

It recently gave a green light to a system, despite having an FBI type virus.
Regarding this virus, I tried hitman pro boot disc, but that didn't work for me.

I still use d7's hitman pro in conjunction with the adw/rk duo mentioned above.

I always run autoruns, because it does a good scan.... And admittedly because it looks good in front of the customer.

 

[Rocco]

A lot of these programs are not free for commercial use and can be very expensive.

I find ADW very effective in what it does. Malwarebytes is now too expensive so I don't bother with it.

I do use Combofix and I don't find it causes any problems.

SAS is now useless but I still run it simply because I have the licence.

Process Explorer and Autoruns is simply a must, they give you a very clear view of exactly what is going on.

TDDS Killer again not much use these days but still run it out of habit.

Hitman Pro is simply too expensive

Am I missing something on Malwarebytes? Maybe I am misusing the license. The free version I install on all machines, on behalf of the clients. I explain to the customer what it does and the benefits of the paid version vs the free version. I do not resale it, because frankly they do not allow new vendors to resale it directly through them. But if the client seems remotely interested in paying for it, I install the Malwarebytes Pro trial. I use their contact details on every download I do from the website, instead of using the version I have on my thumb drive. This is true unless for any reason I have to use chameleon.

So am I using Malwarebytes in a commercial sense? What are others thoughts on this, since Joydivision thinks its too expensive. I don't pay for it at all, so maybe I am misusing it, and if I am, I will stop. But what do others think and do?

 

[joydivision]

If you're using it remove viruses on customers computers for payment then that is commercial use. I guess if you're installing it for private customers use then it is a bit of a grey area.

 

[Bubbajoe]

JRT and combofix BOTH run a backup and system restore backup before doing any hard work....

IIRC, JRT only backs up the registry and does not create a restore point. I don't like JRT simply for the fact that it gives the user zero control.

... Malwarebytes is now too expensive so I don't bother with it.

$10 is too expensive for MBAM Pro? http://www.ecrater.com/p/18555742/malwarebytes-anti-malware-pro-lifetime Factor in $10 to your fee and install it for customer.

SAS is now useless but I still run it simply because I have the licence(

I agree with the others that SAS isn't even close to Malwarebytes....

...So sad about SAS. it used to level peg with MBAM, but I've seen it miss stuff too many times...

I regularly run side by side tests of MBAM Pro and SAS (Technician's edition). They still seem to be on par with each other. Do they both catch everything? No, and neither ever will.

 

[joydivision]

Sadly it costs a lot more than $10 in the UK. The commercial licence for MWB is around £400 a year.

 

[Megacannon]

I've used MBAM quite successfully to remove many viruses. It's been my go-to virus removal tool It just doesn't seem to miss much and it scans pretty quick. I've had poor luck with Vipre and Kaspersky despite having heard good things about both. But, I've only used those two a handful of times. If there are any techs that swear by them, I'd like to know.

 

[PCX]

I've used MBAM quite successfully to remove many viruses. It's been my go-to virus removal tool It just doesn't seem to miss much and it scans pretty quick. I've had poor luck with Vipre and Kaspersky despite having heard good things about both. But, I've only used those two a handful of times. If there are any techs that swear by them, I'd like to know.

Kaspersky is not meant to be a virus removal tool, it purpose is to protect against viruses. That said, we will often times use it to scan hard drive externally and as a clean up tool at the end of a virus removal since we usually sell it to just about every customer. As for what we use, in this order typically

TDSSKiller: Although, the only reason why we still use it is because it is quick, not because it is particularly useful. It will likely be eliminated from our checklist soon.

MBAR: Takes WAY too long? Any better alternatives?

MBAM: short scan first in S. Mode and then again in N. Mode

ComboFix: Every time. I have not had any issues in the thousands of virus removals that we have done in the last few years

Hitman Pro

ADW

Kaspersky

CCleaner

Then we finish up with chkdsk /f, sfc /scannow and then we migrate their data and settings from their original account to a new account to eliminate troubleshooting account specific issues.

SAS is pretty much trash now. Never tried JRT, I guess I got a new tool to try out this week.

 

[ComputerPro]

PCX. Do you ever have any issues with data paths or software not working when migrating so many profiles? Also, do you use fabs or just a raw copy?

 

[PCX]

PCX. Do you ever have any issues with data paths or software not working when migrating so many profiles? Also, do you use fabs or just a raw copy?

In the new account, we gain permissions to the original accounts data and the move it over, merging folders and skipping system files. We then use Fabs to get anything else that might have been left behind as well as the settings and preferences. The only issue we really have is with iTunes. Sometimes you are required to search for a few of the songs to adjust the library to the new location --other than that, not really. The benefit we receive from the account migration process far outweighs the few times we have to make adjustments. The only piece of advice I can give you is to be careful with business machines and if you are ever in doubt, duplicate the account and only delete the original account once you have confirmed that everything works properly in the new account.

 

[redmon]

Of all of you running hitman pro, what version of the license are you using. It seemed a bit expensive to factor into e every cleaning