What's your malware removal process?

1- Emsisoft Emergency Kit
2- HitmanPro
3- Zemana AM free

if after that, it isn't "clean", i used to use more "advanced and professional" tools like ComboFix

note, that i use those tools as quick method; if the infection is too severe, i format and reinstall the OS.
 
  1. Before anything else, check to ensure the HD is OK (HDs that are failing can cause all kinds of problems)
  2. Review the list of installed programs. Use Revo to uninstall the known PUPS and other crap s/w. Reboot
  3. RKill to terminate any running bad processes and allow further programs to run
  4. Junkware Removal Tool
  5. ADWcleaner (reboot afterwards)
  6. AutoRuns (review/clean the start-up list)
  7. If still problems: RogueKiller
  8. If still problems: UVK, Windows Repair Toolbox, TDSSKiller
I'll do a lot things before considering a N&P
 
glricht said:
  1. Before anything else, check to ensure the HD is OK (HDs that are failing can cause all kinds of problems)
  2. Review the list of installed programs. Use Revo to uninstall the known PUPS and other crap s/w. Reboot
  3. RKill to terminate any running bad processes and allow further programs to run
  4. Junkware Removal Tool
  5. ADWcleaner (reboot afterwards)
  6. AutoRuns (review/clean the start-up list)
  7. If still problems: RogueKiller
  8. If still problems: UVK, Windows Repair Toolbox, TDSSKiller
I'll do a lot things before considering a N&P
Click to expand...

In your procedure list any rootkit scan should be done between steps 1 and 2. I don't personally think TDSSKiller is a good rootkit scan but its fast and rootkits aren't a frequent issue these days but if there is a rootkit and you wait till step 8 you may very well have to do steps 2-8 again.
 
ComputerRepairTech said:
In your procedure list any rootkit scan should be done between steps 1 and 2. I don't personally think TDSSKiller is a good rootkit scan but its fast and rootkits aren't a frequent issue these days but if there is a rootkit and you wait till step 8 you may very well have to do steps 2-8 again.
Click to expand...
You're probably right. Because rootkits are so rare these days, I generally don't do TDSSKiller (not all that great anymore, but it's fast) and possibly MBAR, unless it's warranted. Granted, if a root kit was indeed found, I'd be obliged to the earlier scans again.
 
Buy a Mac.... Or install Linux..... LOL!!!

Seriously, though, it depends on what I am seeing. If it's a vague issue many times I'll just fire up KRD and scan the whole machine. But that can be time consuming. So I'll try to do some triage first. Many times it'll be more cr2p/adware than a traditional virus/root kit. So safe mode with networking and uninstalling software, clean up browser plugins etc. Once the manual stuff is done I'll run some automated tools like adwcleaner.

If it looks like a real virus I'll first manually clear out all temp/cache/prefetch locations. Then boot KRD, run some anti-root kit tools. There is no silver bullet in this activity.
 
My "go to tool" is WRT. It has dozens of useful tools available as well as the dozens I've put in the Custom Tools section.
If it is actually determined to be a "malware" infection and not a hardware and or software issue and depending on the severity of the infection:

Computer bootable.
1. Image HDD
2. Run PCHunter to check/terminate malicious processes.
3. Run CrystalDiskInfo or gSmartControl to make sure HDD is ok.
4. Run Bleachbit Portable and System Ninja Portable to clear gigs of junk that waste time in scanning.
5. Run GeekUninstaller Portable and remove anything that looks dodgy.
6. Manually brows files/file lists in C: drive and "AppData" folders to delete anything that looks dodgy. Disable/remove browser extensions.
7. Run Emsisoft Emergency Kit (from my Emsisoft USB stick) on FULL/Custom scan.
8. (Usually don't need anything else, but) using WRT (Windows Repair Toolbox) which has several antimalware programs available, I'll select one (usually Viper Rescue) and run it as a second opinion.
All my tools (even EEK & Fabs Autobackup) are contained within WRT and are selectable from the "Custom Tools" list.

Computer Non Bootable.

Strongly recommend to client to backup and reformat. Saves problems later on. If they choose not to go with N & P...
Option 1:
1. Image drive.
2. Boot with AVG Rescue, Bitdefender Rescue or KAV and run a full scan.
If computer boots afterwards,
3. run Emsisoft Emergency Kit (from my EEK stick) as second opinion.
4. Cleanup follows.


Option 2:
1. Image HDD
2. Boot Linux "Live CD" and run gSmartControl. Check that all hardware is working as normal. (After all it may not be a malware infection) Manually browse files and folder lists for anything that looks dodgy. Download and run Bleachbit to remove rubbish files.
If malware traces are found,
3. Boot WindowsPE .
4. Run PCHUnter to terminate malicious processes.
5. Run Emsisoft Emergency Kit (from my Emsisoft USB stick) on FULL/Custom scan.

If computer boots after this, I run WRT and select one of the available "second opinion" scanners and run it.
6. Run Bleachbit Portable and System Ninja Portable.
7. Normal cleanup follows

If the computer still doesn't boot I'll discuss further options with he client.

Edit: I forgot to mention that I reset the hosts file on every computer as well.
 
Last edited:
Markverhyden said:
Buy a Mac.... Or install Linux..... LOL!!!

Seriously, though, it depends on what I am seeing. If it's a vague issue many times I'll just fire up KRD and scan the whole machine. But that can be time consuming. So I'll try to do some triage first. Many times it'll be more cr2p/adware than a traditional virus/root kit. So safe mode with networking and uninstalling software, clean up browser plugins etc. Once the manual stuff is done I'll run some automated tools like adwcleaner.

If it looks like a real virus I'll first manually clear out all temp/cache/prefetch locations. Then boot KRD, run some anti-root kit tools. There is no silver bullet in this activity.
Click to expand...
Mac's get malware too! lol
 
glricht said:
  1. Before anything else, check to ensure the HD is OK (HDs that are failing can cause all kinds of problems)
Click to expand...

+1 on testing the HD. I now fully test the HD on every PC that comes through the door. Wasted to much time over the years working on a computer only to find out the HD was dying. I don't charge anything extra for that either, but customers seem to appreciate knowing it was tested. I even list it on the Quick Books receipt as a service that performed.
 
Last edited:
I don't have an exact "scientific" method, but here is essentially what happens:

1.) Run basic diagnostics to ensure nothing will interrupt the job at hand.

2.) Boot to my Offline Device Servicing environment. Backup Registry! Run Autoruns in offline mode, plus run a few scanners. When a system is offline a virus is nothing but a file which can be deleted.

3.) Boot into Windows and finish cleanup. If the system won't boot or has errors, I give myself about an hour to try and resolve. If that doesn't work it's time for backup & reload.

Some infections are worse than others. I find that malware can actually be worse than a typical virus because it tries to tap into so many Windows functions such as search, explorer etc., that removing it is a pain and sometimes when it's removed vital components of Windows stop working.
 
Barcelona said:
Personally, I prefer PCHunter.
Click to expand...
Oh nice, havent seen that one before, I will test it out asap.

Edit: "A strong ability of PC Hunter is its ability to detect and unload rootkits even while they are active. This makes it possible to remove certain malware when other methods do not work."

I wonder what scenario that would possibly be worth doing.....oh wait how old is this tool?
 
Last edited:
glricht said:
That's what AutoRuns allows you to do (plus a whole lot more).
Click to expand...

I know, I know... ;)
As a side note, I'm seeing a lot of corrupted tasks on W7 machines lately (caused by a failed / canceled W10 upgrade)...
So I like to check everything is OK in the tasks scheduler ;)
 
You must log in or register to reply here.

Similar threads

britechguy
Clone Disk or System Image for porting an existing system to a new drive - What's your preference, and why?
Replies
11
Views
1K
xrobwx71
xrobwx71
BulletSponge
Techsuite vs. Malwarebytes TechBench
Replies
10
Views
2K
AlexCa
AlexCa
HCHTech
Alerts!
Replies
10
Views
1K
Sky-Knight
Sky-Knight
britechguy
What's going on here? [Samsung Galaxy S24]
Replies
18
Views
2K
GTP
GTP
Steves_Computer_Repair_PA
Need advice
Replies
5
Views
1K
Kendrick
Kendrick
Back
Top