Prefered MO when tackling Adware/spyware infections

[Calx]

The more I settle into the Forum I am starting to wonder how differently we all go about cleaning up PCs that are full of spyware/crapware, popups.. you know what I mean.. your computer has 30000 registry errors..blah blah

My general method is install MBAM and Spybot S&D
Run a rootkit check.
Install Avast!Free if they don't have anything better.
Clean up and reset Browsers.
Run All-in-one windows repair tool if things like windows firewall turned off.
Run windows update.

Am I missing a trick ? Should I be doing anything else?
What do you do?

 

[Martyn]

Things change over time but the current crapware can mainly be dealt with Adware Cleaner plus browser resets and Malwarebytes. JRT as well. Had a couple lately with black screen with moving cursor. Just did one Friday with 6 accounts, 2 as admin infected. Ran task manager and got to D7 command line and executed Killemall which got the desktop up then ran the usual to clean up.

 

[altrenda]

Assuming the hard drive is OK ( a big assumption)
If it's really a mess I will make a quick image.

Then, not always in this order
Boot with hitman pro Kickstart, run hitman pro
JRT
adwCleaner
RogueKiller
MBAM
Tweaking AIO to make sure everything is back in place
manual check of all browsers
Autoruns
Process Explorer for a look for anything I might have missed.

Sometimes Combofix

I gave up on Spybot years ago, wasn't that effective and I found these tools faster and more complete.

 

[Dave 1973]

I usually start with ADW cleaner because it doesn't take too long to run and it cleans up a lot of common adware. That helps the
other tools run better. On some machines I have to start in safe mode.
If the machine has Poweliks I run the ESET Poweliks remover first.

Next I usually follow this order:

MBAM
JRT
TDSSKILLER
Rouge Killer

If there are internet connection problems I run NetAdapter Repair http://www.bleepingcomputer.com/download/netadapter-repair-all-in-one/ and ESET services repair.


On machines with a lot of adware I run Zoek. I use FRST and Autoruns to check the registry. I also use FRST to check for policy changes
and proxy changes.

My last step is to reset the browsers.

 

[glennd]

i guess we all have our favourite tools and procedures. There's a few common tools we all like. I have a paper form for every job that spells out the procedures and lets me make notes and tick off each step as it's completed.

i reckon there must be some procedures in the technibble toolkit, anyone?

First thing I do is shut down any preinstalled anti-virus, chiefly because AVG deletes AdwareCleaner from my usb tool kit but also because it really slows down the whole process.

altrenda, what's a "quick image" ?

 

[FremontPC]

glennd -

A disk image, just in case the drive is going bad or you make a misstep, you can restore from the image and attack the problem from a different angle.

 

[citizensmith]

First thing I do is shut down any preinstalled anti-virus, chiefly because AVG deletes AdwareCleaner from my usb tool kit

USB with write-protect > imation swivel

Around $15 http://www.ebay.com/itm/Imation-16G...318?pt=LH_DefaultDomain_0&hash=item46237bc3be

 

[Ed_Zipper]

Our Normal Process...
SafeMode

1. Rkill
2. TDSSKiller
3. Combofix.
4. adwcleaner
5. rouge killer
6. hitman
7. mbam
8. eset online scanner
9. spybot
10. super anti spyware
11. Emsisoft Security

Regular Mode

1. JRT
2. Sfc / Scannow
3. Empty Java Files through control panel
4. etcc... I am at home and have an Ambien in me. I will finish tomorrow.

 

[Calx]

I usually start with ADW cleaner because it doesn't take too long to run and it cleans up a lot of common adware. That helps the
other tools run better. On some machines I have to start in safe mode.
If the machine has Poweliks I run the ESET Poweliks remover first.

Next I usually follow this order:

MBAM
JRT
TDSSKILLER
Rouge Killer

If there are internet connection problems I run NetAdapter Repair http://www.bleepingcomputer.com/download/netadapter-repair-all-in-one/ and ESET services repair.


On machines with a lot of adware I run Zoek. I use FRST and Autoruns to check the registry. I also use FRST to check for policy changes
and proxy changes.

My last step is to reset the browsers.

In my ignorance whats are FRST and Autoruns? I googled but don't want to download the wrong exe!!

 

[glennd]

glennd -

A disk image, just in case the drive is going bad or you make a misstep, you can restore from the image and attack the problem from a different angle.

lol, i know what a disk image is. how do you do a "quick" image? on a good disk, it can take hours.

 

[glennd]

USB with write-protect > imation swivel

Around $15 http://www.ebay.com/itm/Imation-16G...318?pt=LH_DefaultDomain_0&hash=item46237bc3be

tnx. it will cost me around $32 but still worth getting. Interesting, i can see the little slide switch on the photo but there's no mention of it in the description.

 

[citizensmith]

You could msg the vendor to check. Just checked imation site - Only Silver & charcoal swivels had r/w switch. And they don't nake them mo more http://support.imation.com/article/AA-01817/0/Flash-Drives-with-Write-Protect-Switch.html Guess i need to buy any I see.

There;s always Kanguru - http://www.ebay.com/itm/NEW-Kanguru...822?pt=LH_DefaultDomain_0&hash=item259e4608ae I know Bertie has used these.

Or a zalman.

 

[Eagle21]

lol, i know what a disk image is. how do you do a "quick" image? on a good disk, it can take hours.

I agree. "Quick image" is an oxymoron, like Donald Duck and military intelligence.

 

[glennd]

In my ignorance whats are FRST and Autoruns? I googled but don't want to download the wrong exe!!

www.sysinternals.com is a whole suite of tools, one of which is autoruns. It brings together in one display all the various autorun locations within windows. It's also included in the GeGeekToolkit, that little download will keep you amused for hours
http://www.gegeek.com/
I presume FRST refers to Farbar Recovery Scanner, also in GegeekToolkit. Haven't seen this one before, must have a look.

 

[TechPJC]

I no longer use Spybot S&D...

Apart from the Tools listed above, I also use:

HerdProtect Portable
and
Zemana Anti-Malware Portable

 

[Dave 1973]

In my ignorance whats are FRST and Autoruns? I googled but don't want to download the wrong exe!!

FRST= Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

I am still learning how to use it.

Autoruns by Sys Internals https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx?f=255&MSPPError=-2147217396

Autoruns is used to check the registry for startup items.

 

[cypress]

I can't remember the last time I used Spy Bot S&D.

I use JRT and then proceed to Adwcleaner. Just my personal preference. Another program I will use especially if I have a feeling something is in the background that I don't know about is rKill. After that I will run MBAM and so forth.

Getting an image is a good precaution to do and after testing out AOEMI on a couple machines I am really liking it.

 

[Galdorf]

I find Zoek finds more and also cleans after using the above tools sometimes they still have ads popping up that is when i use Zoek.
https://www.technibble.com/forums/threads/ads-by-blockandsurf.60532/#post-466877

 

[nlinecomputers]

Assuming the hard drive is OK ( a big assumption)
If it's really a mess I will make a quick image.

Then, not always in this order
Boot with hitman pro Kickstart, run hitman pro
JRT
adwCleaner
RogueKiller
MBAM
Tweaking AIO to make sure everything is back in place
manual check of all browsers
Autoruns
Process Explorer for a look for anything I might have missed.

Sometimes Combofix

I gave up on Spybot years ago, wasn't that effective and I found these tools faster and more complete.

That is pretty much my routine but I always run rkill as the first item and I DON'T use JRT as it stupidly erases the event logs and that really kills very useful info. And Tweaking AIO is optional for me. It can break things sometimes....

 

[Calx]

My gawd! You are all making me feel like I only do half a job EEEK!!!!!