| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 139248 | 2015-04-01 07:53:00 | Virus popup checklist | Tbird650 (6754) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1397818 | 2015-04-05 23:08:00 | No need to run all of those scans. Get a copy of process explorer and autoruns. You should be able to see where they are running and where from and delete them manually.Thanks for the pointer on the options. I tested Autoruns on my PC. Again it's one I haven't used in some time. I was amazed what there was for entries and while it created some confusion, hopefully malware/crapware would be more obvious targets for removal. Either way it's a great tool to replace scans or follow up as a double check after scan/s. Boot to safe mode with networking... F8 before splash screen at boot. Virus scan, download Malwarebytes Combofix, JRT & AdwareCleaner from Bleeping computer Disable any suspect startup programs, entries, etc Ccleaner, MSconfig Cleanup temp files Ccleaner or TFC Registry clean up Ccleaner Delete folders belonging to popup (in program files). Edited registry of popup entries (by name). Delete system restore points. Ccleaner Empty recycle bin. Reset IE (or swap browser) Uninstall unwelcome/unwanted (dealspro, luckyshopper etc) programs Ccleaner, or with revo Check IE shortcuts for address extensions. Check internet settings for proxies. Check the DNS ,at a cmd prompt ipconfig /all Check scheduled tasks Hijackthis rootkit scanner, tdsskiller Check 'Manage add-ons' is clear of unwanted entries. Check modem and windows firewall settings. Check System Restore is 'on'. Update Windows, Java Update resident Antiivirus Optional: Autoruns or Process Explorer to replace scans or peer review the scan work. |
Tbird650 (6754) | ||
| 1397819 | 2015-04-05 23:22:00 | Either way it's a great tool to replace scans or follow up as a double check after scan/s. Bugger that, it may get some but not all. The one I was doing the other day there was over 19K entries -- Stuff going through all the reg and folders, let the programs do it. Just doing another one, and so far hitmanpro has detected over 3K entries, no way I'm manually removing all those. I'll stick to doing scans and making sure everything possible is removed thanks. People who take shortcuts often get pissed of customers because they never did the job right the first time. |
wainuitech (129) | ||
| 1397820 | 2015-04-06 00:24:00 | Thanks Wainui, that put a great perspective on the magnitude of the task! Personally I'd run scans then do follow up manual checks like browsing through with Autoruns. I do like the ability to be able to actually view the items, then I can decide whether they should or shouldn't be there. BTW, over the phone I asked the owner of the infected machine to tell me the DNS. He quoted 192.168.20.1. I think this would point to the router IP. Is this normal? It would have been set up by installers for Trustpower ISP. |
Tbird650 (6754) | ||
| 1397821 | 2015-04-06 18:53:00 | Had one in the workshop the other day that had pop up adds in internet explorer only. One of my techs had thrown everything at it, scans with malware bytes, combofix, adw etc, but these pop ups were still there. He had spent a long time on it. Took me about 5 minutes with process explorer and autoruns to find it and remove. |
CYaBro (73) | ||
| 1397822 | 2015-04-06 20:56:00 | Process explorer may get rid of some of the problems but it wont clean out all the reg entries, or detect some hidden locations. The one that I cleaned out, hitmanpro located the hidden file which was reoccurring but nothing else could remove it, even process explorer didn't see it, and when looking at where it was meant to be it didn't even show after enabling show hidden and system protected files. At the end of the day you use what ever combo of tools you need to clean them. Saying you only need process explorer is only half doing the job. |
wainuitech (129) | ||
| 1397823 | 2015-04-06 21:45:00 | Process Explorer won't get rid of any problems, it just one of the tools to use to track down the root cause of an infection, which you then get rid of yourself manually. Once you are sure that the infection isn't being triggered anymore then certainly run some scans to get rid of the leftovers. |
CYaBro (73) | ||
| 1397824 | 2015-04-06 21:46:00 | The writers of the junk/virus/popups etc are getting sneakier and sneakier as we go along. There's nothing like being thorough and at any time the game can evolve to a new level. Actually I find it sad that folk could believe that they can truly benefit from causing hurt and harm to others. Has the list developed to its' fullest potential possible? How about order? Any further tweaks? Boot to safe mode with networking... F8 before splash screen at boot. Virus scan, download Malwarebytes Combofix, JRT & AdwareCleaner from Bleeping computer Disable any suspect startup programs, entries, etc Ccleaner, MSconfig Cleanup temp files Ccleaner or TFC Registry clean up Ccleaner Delete folders belonging to popup (in program files). Edited registry of popup entries (by name). Delete system restore points. Ccleaner Empty recycle bin. Reset IE (or swap browser) Uninstall unwelcome/unwanted (dealspro, luckyshopper etc) programs Ccleaner, or with revo Check IE shortcuts for address extensions. Check internet settings for proxies. Check the DNS ,at a cmd prompt ipconfig /all Check scheduled tasks Hijackthis rootkit scanner, tdsskiller Check 'Manage add-ons' is clear of unwanted entries. Check modem and windows firewall settings. Check System Restore is 'on'. Update Windows, Java Update resident Antiivirus Optional: Autoruns or Process Explorer to peer review the work. |
Tbird650 (6754) | ||
| 1397825 | 2015-04-06 22:18:00 | Process Explorer won't get rid of any problems, it just one of the tools to use to track down the root cause of an infection, which you then get rid of yourself manually. Once you are sure that the infection isn't being triggered anymore then certainly run some scans to get rid of the leftovers. That's what you should have written in post #10 :p That post reads different. ;) Its a combination of software to clean :) The one that I had problems with had showed the exact same name and location as a legit system file, sneaky blighter |
wainuitech (129) | ||
| 1397826 | 2015-04-06 22:24:00 | That's what you should have written in post #10 :p That post reads different. ;) Its a combination of software to clean :) The one that I had problems with had showed the exact same name and location as a legit system file, sneaky blighter Me speak bad england! |
CYaBro (73) | ||
| 1397827 | 2015-04-06 22:52:00 | Me speak bad england!:D :lol: Hope thats being said with the same accent from the people that call from Microsoft Support saying your pc is infected :xmouth: At least you know what you're doing --- notice all the infections in eventvwr :D |
wainuitech (129) | ||
| 1 2 | |||||