Suggestion to have a malware section!

[donetao]

Thanks for your reply Draygoes. As I stated, I only used Combo fix a couple of times. Just to see how it worked. I usually don't have to go that far and get the PC cleaned up way before considering Combo Fix. I try to be careful when cleaning a PC. It's a lot different when you have the PC setting in front of you. Thanks again for your reply.
Celegorm can comment also. Always good to hear from more than one about these things!! My thoughts are always start with a root kit program. I personally like MBAM anti-root kit. MBAM has been around for ever and I trust them to Get-er-Done. After that, it doesn't make that much difference which program you use. Use the ones you have confidence in and have worked for you in the past!!
Those are my thoughts!

 

[cb600fshornet]

What would define a "trained member"? Limiting who can help someone with an issue tends to defeat the purpose of a forum and could delay the poster getting the help they need.

Not sure if he is or not but let's say Dragoes isn't trained and has no "in the field" experience doing PC repair as a real (not just for cash) job. He wouldn't necessarily be considered a trained member, where I with my years working at a repair shop would. That said I'd trust him to provide the poster with the help they needed to the very best of his ability and in the case of malware probably just as well if not better than I could based on possible first-hand experiences with what the poster is seeing.

Totally agree, if I had a virus I wanted removing I'd listen to Draygoes more than my local IT chaps. In a computer shop it's more cost effective and much quicker to convince the customer to have a full reinstall, plus you don't get complaints from the customer about little niggles afterwards. In that respect, IT guys in computer shops don't tend to know how to remove viruses effectively (including myself), we just wipe the PC...

 

[donetao]

Hi some times wiping and a full reinstall is the best. It sure can be much quicker.
If people would just create monthly back up images with a 3rd part program, a lot of those problems would not be a problem any more, but they won't do that no matter how much I preach about it!

 

[Trotter]

Here's my normal process for cleaning a computer.

1. Make an image of the hard drive. This covers my ass and gives me the option to restore it back like it was when I received it in the case the fecal material hits the fan.

2. Boot the computer into safe mode. This is a must. Safe mode will keep most processes from starting and lets you have a decent chance at cleaning up whatever infections are there.

3. Run RKill. RKill is a handy little program and can come in handy for shutting down something that was able to start in safe mode.

4. Run an updated Malwarebytes AntiMalware. I normally install MBAM and then run the manual update for it, and then scan.

5. Run Combofix.

6. Repeat steps 4 and 5.

7. Run Malwarebytes Anti-Rootkit.

8. If needed I run Unhide a few times.

9. Boot back into Windows and run TrendMicro's Housecall. Even if they already have an AV installed. Depending on the AV I may go ahead and remove it and install Bitdefender Free.

 

[donetao]

Hi! That looks like a good plan TrotterTech. Very similar to the way I suggested with a few more good suggestions added. I like the making a image and booting into safe mode suggestions.
What is number 8 (Run Unhide)???

 

[Trotter]

My list was developed over several years. It is based on one used by a friend who was an expert at malware removal and I added some things that I discovered as I went along.

Unhide is a neat little utility that can restore hidden files, icons, documents, etc. that some malware hides from the user. You can check it out and read up on it here:

Unhide.exe - A introduction as to what this program does - Anti-Virus and Anti-Malware Software

 

[donetao]

Hi! Unhide looks very interesting. I have never heard of it. If it does what is says it can do, that would be a great tool to have.
Thanks for the link!!

 

[Trotter]

It works but you sometimes have to run it a few times. I think it strips away a layer at a time and some malware buries it deeper. That's all metaphorical obviously, but that's the way I think of it.

 

[donetao]

Sounds good TrotterTech. I'll add it to my arsenal! I think sfc /scannow is like that.
It's recommended to run it and system repair at least 3 times before giving up on them. Probably gets a few at a time like this Unhide App.
Thanks for your reply!!

 

[setishock]

This started out to be a discussion on starting a cleaning forum and now has dissolved in to the real McCoy. This discussion needs to be moved out to the main forum somewhere.