| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 97642 | 2009-02-22 20:21:00 | Whats your processing order for removing nasties? | fnphoto (2434) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 750362 | 2009-02-22 20:21:00 | Just wondering what proceedures other techs take to remove virus's etc from an infected machine. Mine normally goes like this : 1.turn off system restore 2.empty internet temp files, history & cookies 3. Scan & delete tmp, dmp, chk files. - Examine & Delete AV Quarranteened files. 4. Scan with Malewarebytes Anti- Malware 5. Install & scan with Avast if it doesn't have AVS installed. Otherwise use what AV is installed first. 6. Scan with CCleaner. 7. Scan, examine & correct with HIjack. If any bugs left I will then use Super Anti Spyware, Trojan Remover or proprietry Virus removal tools. Last choice - format. Seems to work 99.9% of the time |
fnphoto (2434) | ||
| 750363 | 2009-02-22 20:27:00 | Use #6 for #2 If # 1 - 6 dont remove it, connect it to another system as a slave (If IDE), and scan with a virus scanner And post the HJT log here |
Speedy Gonzales (78) | ||
| 750364 | 2009-02-22 20:55:00 | Mine: Turn off System Restore. Unhide Startup items and trim startup items. Hijackthis CCleaner Spybot, Malware Bytes,NOD32 etc - depending on PC I may run more than 1 at once, maybe in sfae mode, maybe slaved. ALthough if you have to slave Windows is probably damaged anyway. |
pctek (84) | ||
| 750365 | 2009-02-22 21:03:00 | Pretty similar here for me. But as PCTek said, if Windows won't load even in Safe Mode and you have to slave in another machine then likelyhood of being able to get it booting again is slim. Had one just last week that wouldn't load Windows even in safe mode. Slaved in another machine and ran NOD32 which found and removed 291 viruses/malware. Put the HDD back in original machine but still wouldn't boot. Even doing a repair install wouldn't get it running again so had to format and start again. |
CYaBro (73) | ||
| 750366 | 2009-02-22 23:15:00 | Use #6 for #2 If # 1 - 6 dont remove it, connect it to another system as a slave (If IDE), and scan with a virus scanner And post the HJT log here ..ah yes, quite right CCleaner makes a good job of cleaning up those useless files so running it second does make sense! |
fnphoto (2434) | ||
| 750367 | 2009-02-23 06:13:00 | Yes, it's better to remove that 4GB of temporary files first, than to bother scanning them with your antivirus programs and wasting time | Agent_24 (57) | ||
| 750368 | 2009-02-23 06:19:00 | I don't mess round with them, I open my cd pack and look for Kaspersky Rescue Disk Its a live linux distro and does only one thing (you guess) |
beama (111) | ||
| 750369 | 2009-02-23 06:24:00 | I usually disable system restore>RunCCleaner>Scan with mbam>run trojan remover>Spybot S&D>Spyware Terminator>HijackThis>Combofix>Avast!BARTCD>UBCD4Win Usually it gets to spyware terminator and the systems clean. And then I run pc decrapifier to uninstall unneeded programs and use defraggler for a quick defrag |
Blam (54) | ||
| 750370 | 2009-02-23 07:18:00 | I'll add a couple of steps that are so basic they may have been overlooked, or assumed as done already. Depending on the seeming malignancy of the problem(s), I'd include these bits (not pertaining to any order of things as you've already published: 1) Physically disconnect from the internet, and any other networks. My paranoia says simply selecting "Disable" in the network properties is inadequate - pull the plug on it! 2) Close ALL unneccessary aps shown in the taskbar and in Task Manager (except security aps) 3) Run all existing anti virus / anti malware / anti adware aps as they currently stand (without first updating them) 4) Using a computer that is believed to be less compromised, research each of the issues flagged by the aps in step 3, and plan the remedies, or carry them out manually if feasible. 5) Re-assess the 'malignancy', and if deemed worth the risk, re-connect to the net and update all security aps, or add any that are needed, then promptly disconnect from the net again. 6) Re-scan with updated security aps. 7) Try not to take the easy way out of posting a HijackThis report for others to work through - sort out your own mess if you are able. It's a very good learning experience. You should be able to determine the purpose of everything that is running, or called at startup by the time you finish this. Re-assess all programs that have been given permissions in your firewall. If available to you, increase your chances of staying clean by avoiding using Internet Explorer by using an independent product... at least until your problems are resolved. |
Paul.Cov (425) | ||
| 750371 | 2009-02-24 18:05:00 | Gee Paul.Cov ! You seem very pedantic ! and I think you would take 3 times as long to fix a pc as anyone else. 3. Run existing anti malware apps ! - what if they are crappy ones ? But I like your 7. try to work out the Hi-jack this log yourself before asking for help, as you will learn. |
Digby (677) | ||
| 1 2 | |||||