Manual Malware Removal Guide
- Thread starter ComputerClinic
- Start date
This is a reasonable counter. So if it's more like the difference between a cold and cancer -- don't treat every sniffle like a critical disease -- , what are the warning signs that really set you off where you wouldn't attempt a repair.
Incidentally, I do manual cleaning most of the time. I'm just curious about the considerations others make in approaching the same problems.
ComputerClinic
New Member
- Reaction score
- 4
Thanks for all the feedback. I updated my OP a little to include some of the suggestions given.
There's never a time when I won't ATTEMPT a repair. I would at least get as far as ComboFix and if that won't work after a couple of scans then I would give up (although that hasn't happened since I started this method). Another scenario where I might do a fresh install would be if the machine had been infected for many months and the client continued to use the computer. In this case sorting by date doesn't help much and there are usually hundreds of malware files scattered throughout the HDD across multiple time periods. Even then, I would still do what I can manually and then run ComboFix and MBAM.
There's never a time when I won't ATTEMPT a repair. I would at least get as far as ComboFix and if that won't work after a couple of scans then I would give up (although that hasn't happened since I started this method). Another scenario where I might do a fresh install would be if the machine had been infected for many months and the client continued to use the computer. In this case sorting by date doesn't help much and there are usually hundreds of malware files scattered throughout the HDD across multiple time periods. Even then, I would still do what I can manually and then run ComboFix and MBAM.
BigFrog_Computing
Member
- Reaction score
- 1
- Location
- Calgary, AB, Canada
How about:
6b) Remove old Java and do Windows Updates.
Some compromised files might be overwritten with the newer versions by windows update. Plus known exploits are being patched making it harder for
the spyware to dig in. Then again, this can forever.....especially on old crappy P4s, netbooks, etc.
6b) Remove old Java and do Windows Updates.
Some compromised files might be overwritten with the newer versions by windows update. Plus known exploits are being patched making it harder for
the spyware to dig in. Then again, this can forever.....especially on old crappy P4s, netbooks, etc.
All Systems Go
New Member
- Reaction score
- 0
I do pretty much of the same approach, first disabling System Restore... but the ones that I have been coming across, basically disables all functionality of Malwarebytes, Task Manager, Regedit etc.
I've found that booting into save mode running Regedit and navigating to both
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
&
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
and search for a bogus file name (ie:nrsdofzfr.exe)
After verifying that it is in fact malware and deleting, you can reboot and run your favorite utilities (I usually use a few different ones, just to cover myself)
seanh
New Member
- Reaction score
- 0
- Location
- Southern California
Wow, 1st post here and its on a rather heated topic
Ive just joined this site today, saw the guide section and was intrigued. I didnt expect this much of a debate over this topic. It seems this is a topic in which every tech has his own opinion on what works best.
Personally I love finding guides like this. It gives me a opportunity to see what works well for others and what others are doing to resolve this situation. I like the manual approach for a couple reasons. 1) I am a tech, I like fixing stuff. Its kinda why I got into this field. However from a efficiency standpoint if Im spending 5 hours fixing a infection when the box could have been reloaded in 2-3 hours its a poor use of my time. 2) I find occasions where I CANNOT dump and reload for whatever reason and HAVE to clean it. In those situations if the tech were solely reliant on tools and did not develop the skills to manually remove the infection he would be unable to resolve the issue. I feel that by manually removing infections it does build up that skill and it is necessary in some situations. Im not saying that scans are not useful. Just that they should be one of the many tools utilized. I must say to the OP that this guide is quite good. I image I will be spending a good portion of my next few days testing out some of the tools you have brought up.
However I must add one question. One of my preferred tools is Hijackthis. I have used it for quite a few years and am rather proficient in it. Does anyone still use it? Or has is there something else that you have found that is better?
Ive just joined this site today, saw the guide section and was intrigued. I didnt expect this much of a debate over this topic. It seems this is a topic in which every tech has his own opinion on what works best.
Personally I love finding guides like this. It gives me a opportunity to see what works well for others and what others are doing to resolve this situation. I like the manual approach for a couple reasons. 1) I am a tech, I like fixing stuff. Its kinda why I got into this field. However from a efficiency standpoint if Im spending 5 hours fixing a infection when the box could have been reloaded in 2-3 hours its a poor use of my time. 2) I find occasions where I CANNOT dump and reload for whatever reason and HAVE to clean it. In those situations if the tech were solely reliant on tools and did not develop the skills to manually remove the infection he would be unable to resolve the issue. I feel that by manually removing infections it does build up that skill and it is necessary in some situations. Im not saying that scans are not useful. Just that they should be one of the many tools utilized. I must say to the OP that this guide is quite good. I image I will be spending a good portion of my next few days testing out some of the tools you have brought up.
However I must add one question. One of my preferred tools is Hijackthis. I have used it for quite a few years and am rather proficient in it. Does anyone still use it? Or has is there something else that you have found that is better?
cvanhoof
New Member
- Reaction score
- 4
- Location
- Belgium/Antwerp
Great post! Thanks for sharing this 
Altster
Well-Known Member
- Reaction score
- 1,393
- Location
- Indianapolis, Indiana, USA
As a suggestion to all of this, any booting / re-booting that you do may I suggest you do it in safe mode w/networking? That way if need be, you can always update your tools without interference from memory-resident issues affecting the updates.
According to most other users here you should FIRSTLY make an image / clone of the drive before you attempt any repairs. If only to cover your @$$ in the event of major hardware / software failure(s) or other reasoning(s).
ComputerRepairTech
Well-Known Member
- Reaction score
- 804
- Location
- Columbia, SC
In my opinion the info in this post is out of date, out of order, highly inefficient and should not be used.
amktechsolutions
New Member
- Reaction score
- 3
- Location
- Yorktown Heights, NY
Very informative post, will definitely save this one for future reference
Similar threads
[REQUEST]
Is this SSD bad?
