I noticed that the Malware tutorial is severely out of date, so I thought I would make my own. You can add or counter as you deem fit.
For some background, I've been doing malware removal since 1994. I used to have my own extensive collection of virii (ok, for the "outsiders" it's viruses. lol) and distributed them via dialup BBS. They were capable of wiping out BIOS', formatting harddrives, etc. As such I have a fairly indepth knowledge of what these things are capable of. I have been doing spyware removal since it was first introduced. 90% of my current business is residential clients that are infected with up to 12,000 instances of malware.
With that said.
The tools needed to fight these threats are ever changing. As the creators become more devious, they render older tools obsolete. It is a highly competitive market. Whereas Norton used to hold the crown for virus removal, they are now for the larger part ineffective against today's threats. Etc.
There is a simple procedure to remove threats. Following the following steps precisely will greatly improve your chances of success and will dramatically decrease the amount of effort you expend.
1) In normal mode download Prevx1.
http://www.prevx.com/
Install it. Use the online updater to install the latest signature files.
In normal mode run a FULL system scan.
Remove any threats that it finds.
2) Download and install Ewido.
http://www.ewido.net/
Install it. Use the online updater to install the latest definitions.
Reboot into Safe Mode with Networking
Run a FULL system scan.
Remove any threats that it finds.
3) While in Safe Mode with Networking, download SmitFraudFix.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Execute the tool.
4) While in Safe Mode with Networking download Autoruns.
http://www.microsoft.com/technet/sysinternals/utilities/Autoruns.mspx
Run it
Click on Options.
Select Include Empty Locations
Select Verify Code Signatures
Select Hide Microsoft Entries
Click through the tabs and select the things that shouldn't be there. To verify that they shouldn't be there, enter the name of the file into Google and check the descriptions on various security sites such as Liutilities and BleepingComputer.
When in doubt, do NOT delete it, rather post the item here for scrutiny.
5) While in Safe Mode with Networking, do an online virusscan.
http://www.pandasoftware.com/products/activescan
Ensure that all threats have been removed.
6) Finally, should problems still remain, download HijackThis
http://www.spywareinfo.com/~merijn/programs.php
Do a scan and save the log.
Post the log here for analysis.
Following these steps will provide a thorough cleaning of your machine. The HJT log will point out any remaining threats that can be assessed and cleaned on a case by case basis.
To protect yourself against further infections, ensure that you have Avast! which monitors your computer on numerous fronts, including webpages, Prevx1 which includes real time monitoring, and Spybot S&D Teatimer which will protect your Registry from unauthorized modifications.
Good luck and happy computing.
For some background, I've been doing malware removal since 1994. I used to have my own extensive collection of virii (ok, for the "outsiders" it's viruses. lol) and distributed them via dialup BBS. They were capable of wiping out BIOS', formatting harddrives, etc. As such I have a fairly indepth knowledge of what these things are capable of. I have been doing spyware removal since it was first introduced. 90% of my current business is residential clients that are infected with up to 12,000 instances of malware.
With that said.
The tools needed to fight these threats are ever changing. As the creators become more devious, they render older tools obsolete. It is a highly competitive market. Whereas Norton used to hold the crown for virus removal, they are now for the larger part ineffective against today's threats. Etc.
There is a simple procedure to remove threats. Following the following steps precisely will greatly improve your chances of success and will dramatically decrease the amount of effort you expend.
1) In normal mode download Prevx1.
http://www.prevx.com/
Install it. Use the online updater to install the latest signature files.
In normal mode run a FULL system scan.
Remove any threats that it finds.
2) Download and install Ewido.
http://www.ewido.net/
Install it. Use the online updater to install the latest definitions.
Reboot into Safe Mode with Networking
Run a FULL system scan.
Remove any threats that it finds.
3) While in Safe Mode with Networking, download SmitFraudFix.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Execute the tool.
4) While in Safe Mode with Networking download Autoruns.
http://www.microsoft.com/technet/sysinternals/utilities/Autoruns.mspx
Run it
Click on Options.
Select Include Empty Locations
Select Verify Code Signatures
Select Hide Microsoft Entries
Click through the tabs and select the things that shouldn't be there. To verify that they shouldn't be there, enter the name of the file into Google and check the descriptions on various security sites such as Liutilities and BleepingComputer.
When in doubt, do NOT delete it, rather post the item here for scrutiny.
5) While in Safe Mode with Networking, do an online virusscan.
http://www.pandasoftware.com/products/activescan
Ensure that all threats have been removed.
6) Finally, should problems still remain, download HijackThis
http://www.spywareinfo.com/~merijn/programs.php
Do a scan and save the log.
Post the log here for analysis.
Following these steps will provide a thorough cleaning of your machine. The HJT log will point out any remaining threats that can be assessed and cleaned on a case by case basis.
To protect yourself against further infections, ensure that you have Avast! which monitors your computer on numerous fronts, including webpages, Prevx1 which includes real time monitoring, and Spybot S&D Teatimer which will protect your Registry from unauthorized modifications.
Good luck and happy computing.
