d7xTech Forums

[jessebarto]

would anyone consider sharing their malware cleanup procedure? im looking for way to enhance mine.

[vmhs]

ok.

first thing, is backup. do this before anything else.
depending on what the problem is, you have many ways to go.

When I get an infected machine, I will go to d7II malware tab

select: Killemall, duninstaller, revo uninstaller, delete temp/internet files, a few scanners (based on experience and what i think is the problem) and click run auto mode.

very simplified but should get you an idea.

[laplandz]

sure...

safemode with lan
install d7ii - set autologon, do audit & screenshot system info
backup reg hives, create restore point (to make sure it works), purge all restore points, then re-create one.
auto-profile the malware tab:
most but not all of the pre-removal tab
then run these... Ccleaner auto, MBAR, TDSSKiller, adw cleaner, combifix (read the log), JRT, hitman pro, rogue killer, GMER, super anti spyware, malwarebytes v2, tweaking aio repair.
I'll then reset browser settings
use Ccleaner to delete browser extensions and scheduled tasks & visual aide for installed nasties
would have ran dUninstaller in pre-removal but will run geek uninstaller and/or revo depending on what ccleaner showed. If system is really bad i may also do stinger and emsisoft.
open each browser and check homepage, add-ons, extensions, etc.

-- When happy system is clean --

run a ninite installer for run-times, adobe reader, sumatraPDF, codecs, auslogics & MalwareBytesV2 (d7ii version gets deleted on end session).
install unchecky, adblocker for installed browsers and full install of Ccleaner (again d7ii version gets deleted). will also install our dSS app AfterCare.
will leave ninite installer for classic shell if win8/.1 on desktop for customer if not already installed.

complete Win updates via wsus server (WSUS offline good choice if server unavailable).
will check event viewer for errors and act accordingly.

other things get done on a customised per customer basis, but generally the above gets done on most machines.

[jessebarto]

Great ideas. Do you guys run your malware scanners in auto mode or manual. I tend to have scanners not work or they want to run at the same time. Specifically super anti spyware,combo fix, and spybot. Also my emsisoft and sophos tends to mark d7ii.exe as a threat.

[und3rtak3r]

Number one.. Backup.. Depending on the client/job either User Profile or Image the drive or both

Why? More so with Notebooks.. have had the HDD's fail during the the removal/cleanup process.. This is despite the following step giving the all clear..

Number 2: HDD SMART check.. .. Truly this can give you clues to potential heartache.... Earlier this year I had a run of Toshiba notebooks that had the HDD fail (heads) 7 in a week!

then follow the preferred procedure for the clients issue.. BTW.. having the Image for the drive is also very helpful if you manage to hose the OS during the malware removal procedure (if you can afford that waste of time).

[EagleTech]

@laplandz

Doesn't Combofix use Gmer? Also, when you install adblockers do you have an all at once installer, or just open and install each individually?

Thanks!

[hubzone37]

I basic run the same but,
One of the first programs is Crystal Disk.... a quick check can save time thinking a infection is making the system slow.

[FredClaus]

I agree with everyone else here who has done the backup first. You never want to start messing with a machine unless you have a way to get it back to tthe way it was before, in case you mess it up.

I then run three malware scanners.

MalwareBytes
Super Antispyware (normally just finds tracking cookies, but it's ther so I give it a shot)
Rouge Killer

Once I run those, I test out the browser to see if there are any other issues. If not, I'm 99% confident that the issues are gone. Just for good measure I may run Adware Cleaner as well from time to time.