My virus removal procedure sheet..

norm1320 said:
It's always been my practice when I deal with an infected computer to immediately boot to safe mode and then run the various scanning/cleaning tools and manual steps from there. Any thoughts? Am I asking for trouble?
Click to expand...

That works OK with some scanners. But remember that MBAM is meant to run in regular mode. Not to say it will never find anything in safe mode (though I remember reading that someone had that result once - nothing found in safe mode).

I still see once in a while people listing running MBAM just in safe mode.

I've had instances where running MBAM in safe mode killed enough to allow me to go into regular mode and scan again, where it found more threats.


On a related note: Long story short I clicked on something (not a pop up) and something happened very quickly. lol I closed everything, and updated my AV right away. But, sure enough, here came a fake/rogue AV. It happened in seconds. Thinking now, I probably should have tried task.man or heck, even power shut down...but I think I was just kinda struck. And it called a LOT of friends to the party. I should have been quicker on unplugging the Ethernet cable. Amazed at the speed and amount of damage.
I made it a learning experience. I'm gonna hunt for rootkits, do more manual inspections. OS was just bombarded!

PS: Quick question. I have 2 OSs on 2 different HDDs - not dual boot. At time of infection, in BIOS boot sequence, only the HDD I was on was selected. The secondary was disabled - however, it can still be accessed from the OS which was attacked. Anyone think it may have been contaminated?
 
Last edited:
Honestly I am hesitating to even post anything but as I work in a computer store and the only reason we even remove virus's and fake av's and the like is because of the small amount I was able to figure out and learn I know my experience isn't the highest and I'm not the smartest or best computer tech ever and I know I probably seem like what i seen called a pizza tech even though im not really sure what that is some of the stuff you guys talk about makes me go huh sometimes cause i honestly don't understand everything even with having gone to school for what my school called networking and computer repair im trying to learn as much as i can but reading things like what @ncient geek posted saying using tools and the such makes me basically useless kinda makes me wonder if im doing my job well or not i think the system i came up with is pretty good i always try to improve it and make it better and i have noticed a few things in this post that i might want to try and add to it but a few other things i saw that i dont agree with are

1. Nuke and pave for all infections this isn't always possible with every computer system some people have special software they cant get back or settings or what not that cant be changed or easily replaced or replicated

2. About root kit finders and hunters most seem to be made only for x86 windows os's and lately many computers i see come with windows 7 x64 and windows vista x64 even on laptop tops and some root kit hunters have known compatibility issues with vista blacklight being one that i have seen

3. the system i came up with i would like to know what you guys think of the basic is this:

rkill if it will run otherwise safemode
combofix
malwarebytes
superantispyware
antivir free addition
followed by doing all windows updates java flash shockwave and adobe reader resetting internet explorer settings back to default in some cases dumping temp files and system restore most people that come into the store dont want to pay for av even though i suggest a few so usually we give them avg free so at least they have something i will also use high jack this and rootkit finders when i see that the computer is still not acting right or seems off and doctor web from time to time and the bootable dr web cd and the one made by antivir as well
 
Obe Budda said:
Honestly I am hesitating to even post anything but as I work in a computer store and the only reason we even remove virus's and fake av's and the like is because of the small amount I was able to figure out and learn I know my experience isn't the highest and I'm not the smartest or best computer tech ever and I know I probably seem like what i seen called a pizza tech even though im not really sure what that is some of the stuff you guys talk about makes me go huh sometimes cause i honestly don't understand everything even with having gone to school for what my school called networking and computer repair im trying to learn as much as i can but reading things like what @ncient geek posted saying using tools and the such makes me basically useless kinda makes me wonder if im doing my job well or not i think the system i came up with is pretty good i always try to improve it and make it better and i have noticed a few things in this post that i might want to try and add to it but a few other things i saw that i dont agree with are

1. Nuke and pave for all infections this isn't always possible with every computer system some people have special software they cant get back or settings or what not that cant be changed or easily replaced or replicated

2. About root kit finders and hunters most seem to be made only for x86 windows os's and lately many computers i see come with windows 7 x64 and windows vista x64 even on laptop tops and some root kit hunters have known compatibility issues with vista blacklight being one that i have seen

3. the system i came up with i would like to know what you guys think of the basic is this:

rkill if it will run otherwise safemode
combofix
malwarebytes
superantispyware
antivir free addition
followed by doing all windows updates java flash shockwave and adobe reader resetting internet explorer settings back to default in some cases dumping temp files and system restore most people that come into the store dont want to pay for av even though i suggest a few so usually we give them avg free so at least they have something i will also use high jack this and rootkit finders when i see that the computer is still not acting right or seems off and doctor web from time to time and the bootable dr web cd and the one made by antivir as well
Click to expand...

Dude, I don't mean to be a pain, but the lack of punctuation in your post made my eyes hurt. :o
 
goldmercury said:
The best tip I can tell is use a eSATA toaster device to backup the data - this cuts out a lot of time backing up customer's data and restoring compared to USB.
Click to expand...

Really? I was conversing with Scott Mueller on a forum about this and he said that the esata on toasters went through an interface rendering it no faster than USB2.
 
Obe Budda said:
Honestly I am hesitating to even post anything but as I work in a computer store and the only reason we even remove virus's and fake av's and the like is because of the small amount I was able to figure out and learn I know my experience isn't the highest and I'm not the smartest or best computer tech ever and I know I probably seem like what i seen called a pizza tech even though im not really sure what that is some of the stuff you guys talk about makes me go huh sometimes cause i honestly don't understand everything even with having gone to school for what my school called networking and computer repair im trying to learn as much as i can but reading things like what @ncient geek posted saying using tools and the such makes me basically useless kinda makes me wonder if im doing my job well or not i think the system i came up with is pretty good i always try to improve it and make it better and i have noticed a few things in this post that i might want to try and add to it but a few other things i saw that i dont agree with are
Click to expand...

I think you win the award for "Longest Rambling Sentence Ever Composed". However it's not something to be proud of. Still, I will notify WikiPedia and Guinness to see if there is any money in it.
 
Obe Budda said:
3. the system i came up with i would like to know what you guys think of the basic is this:

rkill if it will run otherwise safemode
combofix
malwarebytes
superantispyware
antivir free addition
followed by doing all windows updates java flash shockwave and adobe reader resetting internet explorer settings back to default in some cases dumping temp files and system restore most people that come into the store dont want to pay for av even though i suggest a few so usually we give them avg free so at least they have something i will also use high jack this and rootkit finders when i see that the computer is still not acting right or seems off and doctor web from time to time and the bootable dr web cd and the one made by antivir as well
Click to expand...

Malwarebytes is not intended to be run in Safe Mode. I don't know if SuperAntiSpyware explicitly states the same.

I think all most here are saying is get familiar with manual removal, which is faster anyway in a lot of cases to get the system back to operable, then use the scans for cleanup.

Know where to look in the registry for startups and what to look for that would be considered suspicious (.exe's running from the user Temp folder, or new .dll's in the system32 folder, or running processes with names that are long random strings...). AutoRuns and Process Explorer are nice for handling some of these, but regedit and Explorer can handle most of the low hanging fruit.
 
I know about malwarebytes in safe mode. If i do use it in safe mode I normal would run it again after i got the computer to a usable state.
 
@ncient geek said:
Yes, absolutely. You are missing ALL of the more interesting malware and rootkits as well as several of the newer fake antivirus software crap. You definately got to read up.

None of the better stuff will show up in Process Explorer
Only the really crappy stuff will show in Autoruns
Malwarebytes has been a goner for a couple of months now (unfortunately). It was never REALLY good, but a helpful tool all the while.

Funny, I have been reading quite a lot of garbage about malware removal, especially manual removal, recently on Technibble. I hope this will change quickly. I get the creeps when I hear people talking about manual malware removal and the methods employed. I would immediately fire any one of my technicians if they went about malware removal in this manner. Read up people, and stop posting crap !! There are people here who are going to take you seriously and who are going to f... up their business.
Click to expand...

Agree'd you are missing alot
 
All these people agreeing that the information shared in this thread will 'miss alot'...

... Come on then, tell us your procedure?
 
I have read throguh this thread and also other threads and guides to using MBAM and I know it is always best to run it logged in normally and not in safe mode. Is this because saf mode does not load all files and start all processes that are found in normal mode? Thus causing MBAM to miss things that would be blatantly obvious in normal mode? Or am I totally missing the reason it is not recommended to be run in safe mode?

Thanks,

Alex
 
Byte-Able said:
I have read throguh this thread and also other threads and guides to using MBAM and I know it is always best to run it logged in normally and not in safe mode. Is this because saf mode does not load all files and start all processes that are found in normal mode? Thus causing MBAM to miss things that would be blatantly obvious in normal mode? Or am I totally missing the reason it is not recommended to be run in safe mode?

Thanks,

Alex
Click to expand...
In an interview I heard one of the MalwareBytes guys describe it something like, they use similar techniques as the virus writers do to defeat them, so they need all the services and resources available to them to fully realize the apps potential.

I'm sure someone can provide a more exact quote or technical information, but that should be pretty close.
 
@ncient geek said:
Yes, absolutely. You are missing ALL of the more interesting malware and rootkits as well as several of the newer fake antivirus software crap. You definately got to read up.
. . .
I get the creeps when I hear people talking about manual malware removal and the methods employed. I would immediately fire any one of my technicians if they went about malware removal in this manner. Read up people, and stop posting crap !! There are people here who are going to take you seriously and who are going to f... up their business.
Click to expand...

I realize this thread is old but that is OK considering I am addressing this post to @ncient geek. ;)

If you are going to scold people for reading Technibble and tell them they have got to "read up", the least you can do is reveal to the ignorant the holy grail source of information to read. Help them out so they will not "post crap" but instead apply their rich skills they learned from reading up at the secret sites. I am assuming you are not intending that they "read up" a Malware Removal for Dummies book, or MajorGeeks, or Technet. It may be tough but sometimes lowering yourself to the level of the little people to help them out can be rewarding.

I did learn something reading this thread which is that no one has a secret weapon except for a few you have a custom script which is probably more valuable than their entire net worth if it really works so good. I did learn about Trinity Rescue Kit which I had never heard of before.
 
Last edited:
pkmoazzam said:
lol, by the way. what nuke & pave means? sorry for asking. is that the software?
Click to expand...

Reformat and reload everything. :eek:
It is a simple fix for controlled computers such as in a corporate environment but that is about it. Most home users and even small businesses have no backups; many programs, games, and utilities installed from downloads but no copy on CD/DVD; and finally no list of their passwords and license key codes. Most of my customers would be outrageous if I did that to their computer. I probably nuke & pave one or two PC's a year. Places like Best Buy do it frequently because it is quick and they do not care about their customers' lost programs and e-mail accounts.
 
You must log in or register to reply here.

Similar threads

Appletax
[TIP] Manually Resize Recovery Partition in Win 10 so Updates Do Not Fail
Replies
5
Views
511
Appletax
Appletax
Appletax
[SOLVED] Can't remove fake BSOD that might use mshta.exe
Replies
5
Views
263
NviGate Systems
NviGate Systems
Rigo
Flaky browsers especially on new tabs
2
Replies
26
Views
2K
GTP
GTP
YeOldeStonecat
script help...for WaveBrowser removal
Replies
1
Views
824
YeOldeStonecat
YeOldeStonecat
YeOldeStonecat
FLASH uninstall script
Replies
2
Views
877
Sky-Knight
Sky-Knight
Back
Top