Malware Removal Proedure

Discuss Malware removal, techniques, trends, etc. and repairing Windows after removal.
Forum rules
1. Try to give more than you take, when possible.
2. Don't be a prick.

Malware Removal Proedure

Postby jessebarto » Thu Aug 28, 2014 5:57 pm

would anyone consider sharing their malware cleanup procedure? im looking for way to enhance mine.
jessebarto
 
Posts: 70
Joined: Fri May 10, 2013 12:46 pm

Re: Malware Removal Proedure

Postby vmhs » Thu Aug 28, 2014 6:34 pm

ok.

first thing, is backup. do this before anything else.
depending on what the problem is, you have many ways to go.

When I get an infected machine, I will go to d7II malware tab

select: Killemall, duninstaller, revo uninstaller, delete temp/internet files, a few scanners (based on experience and what i think is the problem) and click run auto mode.

very simplified but should get you an idea.
vmhs
 
Posts: 180
Joined: Sat Jun 21, 2014 5:05 am

Re: Malware Removal Proedure

Postby laplandz » Thu Aug 28, 2014 7:07 pm

sure...

safemode with lan
install d7ii - set autologon, do audit & screenshot system info
backup reg hives, create restore point (to make sure it works), purge all restore points, then re-create one.
auto-profile the malware tab:
most but not all of the pre-removal tab
then run these... Ccleaner auto, MBAR, TDSSKiller, adw cleaner, combifix (read the log), JRT, hitman pro, rogue killer, GMER, super anti spyware, malwarebytes v2, tweaking aio repair.
I'll then reset browser settings
use Ccleaner to delete browser extensions and scheduled tasks & visual aide for installed nasties
would have ran dUninstaller in pre-removal but will run geek uninstaller and/or revo depending on what ccleaner showed. If system is really bad i may also do stinger and emsisoft.
open each browser and check homepage, add-ons, extensions, etc.

-- When happy system is clean --

run a ninite installer for run-times, adobe reader, sumatraPDF, codecs, auslogics & MalwareBytesV2 (d7ii version gets deleted on end session).
install unchecky, adblocker for installed browsers and full install of Ccleaner (again d7ii version gets deleted). will also install our dSS app AfterCare.
will leave ninite installer for classic shell if win8/.1 on desktop for customer if not already installed.

complete Win updates via wsus server (WSUS offline good choice if server unavailable).
will check event viewer for errors and act accordingly.

other things get done on a customised per customer basis, but generally the above gets done on most machines.
.. ...
I can walk on water, but I can’t perform miracles.
laplandz
 
Posts: 299
Joined: Tue Nov 05, 2013 5:43 pm
Location: England

Re: Malware Removal Proedure

Postby jessebarto » Thu Aug 28, 2014 10:10 pm

Great ideas. Do you guys run your malware scanners in auto mode or manual. I tend to have scanners not work or they want to run at the same time. Specifically super anti spyware,combo fix, and spybot. Also my emsisoft and sophos tends to mark d7ii.exe as a threat.
jessebarto
 
Posts: 70
Joined: Fri May 10, 2013 12:46 pm

Re: Malware Removal Proedure

Postby und3rtak3r » Sat Aug 30, 2014 10:43 am

Number one.. Backup.. Depending on the client/job either User Profile or Image the drive or both

Why? More so with Notebooks.. have had the HDD's fail during the the removal/cleanup process.. This is despite the following step giving the all clear..

Number 2: HDD SMART check.. .. Truly this can give you clues to potential heartache.... Earlier this year I had a run of Toshiba notebooks that had the HDD fail (heads) 7 in a week!

then follow the preferred procedure for the clients issue.. BTW.. having the Image for the drive is also very helpful if you manage to hose the OS during the malware removal procedure (if you can afford that waste of time).
The TechGuru4U
RTFM D7 here
RTFM D7II here
RTFM dSupportSuite Here


You may call me Glenn
User avatar
und3rtak3r
 
Posts: 306
Joined: Mon Mar 18, 2013 8:05 pm

Re: Malware Removal Proedure

Postby EagleTech » Wed Sep 10, 2014 7:16 pm

@laplandz

Doesn't Combofix use Gmer? Also, when you install adblockers do you have an all at once installer, or just open and install each individually?

Thanks!
User avatar
EagleTech
 
Posts: 159
Joined: Thu Mar 21, 2013 6:15 pm
Location: IL, USA

Re: Malware Removal Proedure

Postby hubzone37 » Sat Sep 13, 2014 10:15 pm

I basic run the same but,
One of the first programs is Crystal Disk.... a quick check can save time thinking a infection is making the system slow.
User avatar
hubzone37
 
Posts: 32
Joined: Sat Feb 09, 2013 5:36 pm

Re: Malware Removal Proedure

Postby FredClaus » Wed Feb 13, 2019 1:35 pm

I agree with everyone else here who has done the backup first. You never want to start messing with a machine unless you have a way to get it back to tthe way it was before, in case you mess it up.

I then run three malware scanners.

MalwareBytes
Super Antispyware (normally just finds tracking cookies, but it's ther so I give it a shot)
Rouge Killer

Once I run those, I test out the browser to see if there are any other issues. If not, I'm 99% confident that the issues are gone. Just for good measure I may run Adware Cleaner as well from time to time.
FredClaus
Forum Moderator
 
Posts: 65
Joined: Mon Nov 12, 2018 7:12 pm


Return to Malware Removal