Malware and Virus RemovalApril 17th, 2014
- Posted By: Nick Shertzer
- Comments Off on Malware and Virus Removal
The best post-infection removal success rate can be had by using a Rescue CD / USB. Here are three that are free:
note: Avast! requires a full installation on an unaffected machine to download and create the ISO file. Bitdefender and Kaspersky will let you download ISO files directly to burn to disc or create a bootable USB drive. In addition, Bitdefender comes with Team Viewer for Linux pre-installed to allow easy remote desktop sharing for support.
The best real time protection for your business is the one that gives you a complete overview of your company network health. I have found these two products to be the best in terms of features and confidently recommend Webroot Secure Anywhere for their great support. Bitdefender does get the highest marks in online A/V tests. However, I have found their tech support completely underwhelming, often taking days to respond to phone calls.
The following is a round-up of many available free antivirus programs and malware removal tools.
::UPDATED:: 12/20/2013 Use Autoruns by Sysinternals to remove all start up traces once malware has been removed if receiving missing dll errors:
::UPDATED:: 10/11 added info regarding Avast, Malwarebytes, aswMBR, FixZeroAccess, and ComboFix
The first step to malware and virus removal is to never get infected in the first place. Start by installing a realtime AV scanner. (Important Note: only install ONE real time A/V scanner. Computer performance can be severely affected by running multiple file system scanners at once)
“AVAST Software leads the security software industry – protecting 165,963,809 active devices around the globe – by offering FREE antivirus software that makes no compromises in terms of protection. Available for Windows, Mac, and Android, our free security software solutions are dependable, fast, use few resources, and often outperform our competitors’ paid-for products.”
Bitdefender comes out on top of many AV test sites including winning “Best Performance” on AV-TEST.org. Bitdefender free has the added bonus of not nagging you to upgrade to the full version constantly. In the past, I have had an update completely bog down several computer systems to the point of being unusable. Uninstalling Bitdefender using their uninstall tool was the solution. Bitdefender was quick to pull the offending update, but the damage had already been done to their reputation for my clients. However, it is still considered the best in A/V due to its small footprint and comprehensive coverage protection.
AVG was the PC World editors pick for A/V as best in class (PC Mag.com Best Free Antivirus 2012) and still a strong choice for realtime protection.
Microsoft Security Essentials: The free AntiVirus software from Microsoft called Security Essentials is also a good choice.
MS Security can not be recommended as a comprehensive security solution.
Post Infection Removal
Run these scans after using a Rescue Disc to verify that your computer is in fact clean.
AdwCleaner is a program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer. By using AdwCleaner you can easily remove many of these types of programs for a better user experience on your computer and while browsing the web.
Download from BleepingComputer.com: http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
The best tried and true scanner to run is Malwarebytes Anti-malware. It is important to note that the free version of this app does not include a real time scanner. This means it will remove an infection from your PC, but there is no mechanism inherent with the app to keep the malware from installing on your machine in the first place. However, most infections can be removed by running a Quick Scan from SAFE MODE. Reboot your computer and hit F8 during startup to choose “Safe mode with networking”.
“manually copy the database from a working computer – database file is stored in the following locations.
* Windows XP and 2000:
C:Documents and SettingsAll UsersApplication DataMalwarebytesMalwarebytes’ Anti-Malwarerules.ref
* Windows Vista and Windows 7:
RKILL is a small app is designed to stop currently running known malware processes. This is nessecarry as some of the nastier viruses will disable several Windows components such as running EXE files. RKill comes in a variety of formats for this reason (EXE, COM, SCR)
Comodo Cleaning Essentials
A new addition to my PC cleaning arsenal is a free tool called Comodo Cleaning Essentials.
Powerful antivirus scanner capable ofremoving malware, rootkits, hidden files and malicious registry keys hidden deep within a system
HitmanPro is a second opinion scanner, designed to rescue your computer from malware (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as anti virus software, firewalls, etc.).
Download from SurfRight.nl: http://www.surfright.nl/en/hitmanpro
A free 30 day trial can be used to remove infections.
Microsoft Malicious Software Removal Tool:
SuperAntiSpyware Portable Scanner:
Microsoft Safety Scanner:
TDSSKiller (rootkit remover):
“ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program.
Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper.”
“aswMBR is a anti-rootkit scanner that searchs your computer for Rootkits that infect the Master Boot Record, or MBR, of your computer. This includes the TDL4/3, MBRoot (Sinowal), and Whistler rootkits. For this program to properly work it must first download the Avast virus definitions, so you will need an active Internet connection before using it.
A rootkit is a malware program that is designed to hide itself or other computer infections on your computer. These types of programs are typically harder to remove than generic malware, which is the reason that stand-alone utilities such as TDSSKiller have been developed.
When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe before you attempt to run it.”
A specific removal tool for Trojan.Zeroaccess and Trojan.Zeroaccess.B.
Symantec has a wide range of specific removal tools located here:
I often times have people ask how to keep from getting infected with crap ware . Many times the problem rides in on an unattended installer masquerading on a banner ad. Hackers tend to target the largest base and infecting banner ad companies such as ad.doubleclick.net must return the biggest results. I recommend running the latest version of Firefox with the AdBlock extension or Google Chrome with AdBlock Plus extension.
Firefox AdBlock Plus Extension:
Google Chrome AdBlock Extension:
Spybot Search and Destroy
Spybot has a real time scanner built in but it needs to be enabled to be effective. How to enable “TeaTimer”. Also, be sure to enable the built in browser “Immunization” feature.
This is an updated round up of security tools used for Windows PC cleanup and virus removal. The original post can be found here: http://www.nickshertzer.com/wordpress/?p=247