Which tools do you use to scan for malware when performing diagnostics / tune up

Encrypted Existence

Encrypted Existence

Well-Known Member
Reaction score
87
Hello all. I would like to know which tools you are currently using to check for the presence of malware when the system is not obviously infected. For instance, a customer brings you a machine for a tune up or some issue other than malware and you want to be sure the system is not infected. I am currently using mbam and hitman pro. What are you guys using? Thanks.
 
Last edited:
Junkware Removal Tool
Adware Cleaner
Toolbar Cleanr

Those 3 ^ can be downloaded from www.bleepingcomputer.com

I love the Junkware Removal Tool the most.

Besides that I will use Malware Bytes, Eset Online Scanner, Sophos Virus Removal Scanner, TDSSKiller, RKiller
 
Is it ADWcleaner? ....one of those tools did a bit of "resetting" that I wasn't prepared for - like setting the wallpaper back to default windows, changing the homepage and other stuff. I gotta look thorough those options before running the program blindly. :rolleyes:
 
Trusted IT Solutions said:
Hello all. I would like to know which tools you are currently using to check for the presence of malware when the system is not obviously infected. For instance, a customer brings you a machine for a tune up or some issue other than malware and you want to be sure the system is not infected. I am currently using mbam and hitman pro. What are you guys using? Thanks.
Click to expand...

I would slave it and use KIS or BitDefender AND Mbam

If in the OS itself I would use Hitman Pro

J
 
JRT, AdwCleaner, and MBAM. Usually hits it pretty good if we are doing a tuneup or some other computer repair. Especially when troubleshooting and no clear issue cause exists, we will hit it with these to see if that solves it. Sometimes it does, sometimes not. Rare cases though we need to do this as part of a troubleshooting step.
 
All machines get this regardless of obvious infection or not.
In this order:

Image the drive

KillEmAll
Delete Temp
Delete Temp Internet
Empty Recycle Bin
TDSS RootKit Removal Tool
HitManPro
MBAM

And then to update:
WSUS offline update
PatchMyPC
 
Last edited:
atlanticjim said:
All machines get this regardless of obvious infection or not.
In this order:

KillEmAll
Delete Temp
Delete Temp Internet
Empty Recycle Bin
TDSS RootKit Removal Tool
HitManPro
MBAM

And then to update:
WSUS offline update
PatchMyPC
Click to expand...

Do you do a clone the drive first Jim? The reason I say it is that I have had malware move files to the temp folder then it would get deleted with your method. I tend to let D7 later on remove the temp stuff, also I like to see where the viruses were originally. I clone drives first always, I like to be safe although it does slow me down. Other than that I use the same tools.
 
Thanks for the replies. I will def be adding the junkware removal utilities to my process. As far as rootkit detection utilities, TDSSkiller is pretty obsolete these days. I plan to give the bitdefender rootkit utility a go as well as MBAMR. Any other suggestions as far as rootkits are concerned?
 
Last edited:
One of the 1st things I do, is look at the logs/events of their present anti-virus or Malware program.

Then that determines how aggressive I get using most of the tools noted.

If recent infections shown, I almost always get "hits" running Malwarebytes and Hitman Pro.

Then let customer know what I've found and do a thorough cleaning and updates if approved.
 
Martyn said:
Do you do a clone the drive first Jim? The reason I say it is that I have had malware move files to the temp folder then it would get deleted with your method. I tend to let D7 later on remove the temp stuff, also I like to see where the viruses were originally. I clone drives first always, I like to be safe although it does slow me down. Other than that I use the same tools.
Click to expand...

Yes, I do image the drive first.

(original post edited to include this)
 
Tools come and go. TDSSKILLER used to be a great tool but now it rarely finds anything.

Roguekiller is the new hot tool, but how long that lasts is anyones guess.

We have to constantly update our methods, that's why I will go to majorgeeks at least one a week and scan the first page or two to see whats new or updated.
 
atlanticjim said:
This I did not know, what are you using for rootkit detection/removal?
Click to expand...

I'm using malware bytes antirootkit as my rootkit scanner, they seem to be really keeping up with updates and removing extra elements and reversing damage.

I get the feeling they are going to be releasing like some sort of suite rather than just adding it to malware bytes but I could be mistaken.
 
HFultzjr said:
Although I agree TDSSkiller rarely finds anything, I don't discard it.

The 30 seconds or so it takes to run is minimal and who knows, maybe they will get their act back together.
Click to expand...

I agree.....and every now and then, TDSSKiller may surprise you and actually find something you weren't expecting. If nothing else, it sometimes shows the existence of a TDSS filesystem.....indicating a previous infection, giving you a little more background on the history of the machine.
 
To check for the presences of viruses, we use Malwarebytes in safe mode, then regular mode. If no viruses show up in the results, we will double check with Hitman Pro, which usually yields no results, but sometimes it will show remnants of past infections, which is good to know if you are troubleshooting an issue.
 
You must log in or register to reply here.

Similar threads

Diggs
Old frustrations with New Outlook
2
Replies
20
Views
2K
John Kennedy
John Kennedy
Phillip Manning
What do people use for office PC cases?
Replies
14
Views
874
Sky-Knight
Sky-Knight
Appletax
[SOLVED] Can't remove fake BSOD that might use mshta.exe
Replies
5
Views
431
NviGate Systems
NviGate Systems
thecomputerguy
Punishing clients for their transgressions.
Replies
6
Views
428
sapphirescales
sapphirescales
britechguy
ListHotKeys - VBS to PS1 conversion - Why doesn't the latter give me the pop-up?
Replies
0
Views
171
britechguy
britechguy
Back
Top