Malware Removal Tools

[GroundZero]

Malware is any software program developed for the purpose of causing harm to a computer system and can be classified based on how it is executed, how it spreads, and/or what it does.

Classes of malicious software

Virus
Worms
Wabbit
Trojan
Backdoor
Spyware
Exploit
Rootkit
Key Logger
Dialers
Dialers
Browser Hijacker - Resets your homepage, or redirects you to another site while on the internet.


Spyware/Adware/Browser hijacker and Dialer removal

There is an overuse of the term virus nowadays, with many people thinking any problem with their pc is viri related. Infact its more likely for pcs to have adware related problems.

No one program will remove 100% of all malware, and infact even some which do claim to have removed certain strains, such as about blank, or CWS, are ineffective due to these having a randomly generated backup .dll, which can re-infect your pc exactly 24 hours after being removed.

The following software is probably among the best out there, and on a badly infected pc all will catch something which the others have missed.

HijackThis
Ad-aware
Microsoft antispyware, formerly Giant antispyware
Spybot search and destroy
spysweeper

For sneakier adware try the following programs which can often remove malware others can't, or can't even detect.
CWShredder
Adware-away


Tutorials for HijackThis, Spybot, and Ad-Aware can be found Here

Removal instructions for most common spyware/adware/malware parasites can be found Here

list of spyware removal programs to avoid is Here

How to prevent Spyware and Adware, and a guide to removing it should the worst happen Here


Virus Removal

Just like anti-spyware programs, there are all sorts of different Anti-Virus Programs about, the most common of which would be;

Norton Antivirus
Mcafee
AVG
Panda

Mcafee also make a standalone anti-virus scanner, called stinger, for certain viruses, which can remove around 60 or so of the more important ones.

I myself use Nod32 because it isn't as much of a resource hog as Norton, and has argueably the best heuristics detection, also the latest version 2.5, includes enhanced protection against spyware, adware, phishing and riskware and is one of only two security companies worldwide that have received Checkmark�s certification for anti-spyware.

Quote:

"NOD32 v2.5 is a unified anti-virus and anti-spyware solution with a single optimized engine that protects against all email and Internet threats through its ThreatSense technology. The pro-active system does not rely on known threats and acts like a �virtual malware researcher�, using multiple methods including emulation, advanced heuristics, and generic signatures to deliver comprehensive protection from evolving threats"

Online Virus Scan Links;

McAfee FreeScan
Trend Micro
Panda ActiveScan
BitDefender
RAV AntiVirus Online Virus Scan
eTrust Antivirus Web Scanner
Symantec security Check


Trojan Removal

A trojan is a program that is made up of two parts, the first part is called the client which is the part that a hacker uses to gain access into a victims computer. With the client, depending on the trojan, the hacker can have more control over the victims computer then the victim does.

The second part of a trojan is the server or host, this When executed opens up a port on the victims computer. Basically this is like leaving the back door open, when you leave your house. Anyone who knows where to look for this back door can access your personal computer.

Trojans are normally hidden in files that end in .exe so when you are downloading a file from the internet make sure it's from a reliable source.

Anti Trojan Elite can monitor any change of important registry keys and values

TDS (Trojan Defence Suite) is the only anti-trojan program that has free daily database updates and is the only anti-trojan program supported by a full-time team of dedicated internationally recognised anti-trojan professional


Firewall

a firewall will block unauthorised access to and from your PC. The most popular software firewalls at the moment are;

Sygate Personal Firewall
XP SP2 built in
Zone Alarm
Norton Personal Firewall
Black Ice

The Remote Procedure Call hole that msblaster and similar took advantage of can be blocked with a firewall, dont be alarmed if you notice a few alerts per day, port scanning is going on all the time and alerts of this nature are not necessarly someone trying to hack your PC.
These can usually be toned down or turned off so you dont see them.


Identifying Running Processes

The old favourite, and probably most used is the 3 finger salute, ctrl + alt + delete.
Typing services.msc in the start/run box also works, as does typing msconfig .

Some programs which can identify whats running on your pc are;

HijackThis
a2hijackfree

or for realtime monitoring;

Regmon
Filemon

TCPView From Sysinternals can show exactly which programs are using which ports

list of software and websites that can/can't be trusted as far as spyware is concerned;
Spywarewarrior


Process name Identification

One you've found whats running, but if its something you're not too sure off, you can compare its name aaginst these lists to see if its a vital process or not.

http://www.spywareguide.com/product_list_full.php
http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://www.sysinfo.org/startuplist.php
http://www.liutilities.com/products/...rocesslibrary/
http://www.answersthatwork.com/Tasklist_pa...es/tasklist.htm
http://www.hijackfree.com/en/processlist/


Registrar lite from http://www.resplendence.com/docs/pp.dll may prove useful as it allows registry entries to be copied and pasted instead of typed.

[Jan Zizka]

Excellent guide Ground Zero..thanks for the info.

[GroundZero]

np, made it ages ago for my work site, then posted on our clan forum.

didn't even occur to me to post here until someone posted a problem with slow browsing

[DanTesla1]

I recently switched from Norton to NOD32 (for certain reasons....). Yeah, Norton is a HUGE resource hogger (went from 40 processes to 24 :/ ), and it's really small, unline the 500mb Norton.

I'm new to NOD32 and I'm trying to figure out how to utilize it the best. So far all i know how to do is scan... any tips for making sure all the viruses and stuff are gone?

[GroundZero]

The good thing about Nod, besides being smaller/faster/using less resources than norton, is that it also picks up things norton misses.

try it with a joke for example, like a moving cursor, or moving start button, it'll even detect and warn of joke viri.

Nod will check every file in use, and if you're running a normal malware program such as adaware, nod checks everyfile that it does while scanning your drive, so no real need to do a separate full nod scan unless you suspect something.

when running a manual scan you have the option to either scan, or clean

scan will check your drives and alert you if anythings found, so you can decide what to do

clean will also scan the drive, but will auto clean anything found

if just doing a scan problems show in red like;

File CDocuments and Settings\gz2k1\Desktop\iroffer appz 2\iroffer.exe is infected with trojan Win32/Iroffer.1401.O. NOD32 cannot clean this infiltration.

you can rightclick on the entry in the list and decide what to do with it, sometimes they can't be cleaned, in which case quarantineing or deleteing is your only option

the best method of deleting is always to delete on reboot, as often the file may already be running, or set as a service, in which case if deleted it'd just replace itself


after cleaning to be sure you can scan again, or check the directory and make sure the files been deleted.

or alternativly, in the case of sneaky files that rename themselves, try autorun from

www.sysinternals.com

it'll list every thing starting on startup, including anything thats attached itself to your wininit

[DanTesla1]

Thanks Zero, I'm deffinately going to check that out now... deleted like 15 viruses.... :/

Ever since I uninstalled Norton, my comp's gone to waste. :P

[Caslon]

Dusting off this thread.

I have a new system built from ground up with Vista. All is running ok. I've not hooked it up to the internet.

I spent a good 3 hours on the net looking and reviewing current Antivirus programs. One that will be for my new Vista system.

One that won't bog down my system...slow my net, make it impossible to completely uninstall.
The major Antivirus companies have a Vista "compatible" upgrade. None are
"certified" at this moment for Vista but are generally found to be ok.

Vista aside, many new editions of anti virus software are getting lots of bad user reviews. This is probably due to the ever increasing complexity of antivirus software (to keep up with attackers) and all the various systems that use Antivirus software.

I used Mcafee back in the days when you had to join a foruum to figure out how to install the latest virus protection (8 years ago). They got better.
More recently( 2003), I found Norton had on ok product.

Now I read more and more of these 2007 antivirus programs are causing more and more headaches.

After doing my net homework about the current crop of AV software, I settled on Kersparsky 6.0. Norton 2007 (Symantec) has sold out the job of coding to some 3rd party. Mcafee 2007 is a resource hog.

Let's see what Kersparsky 6.0 can do.
I've gotten the least negative user reviews about this program.

The guy invented the first AV program back in the days when surfing the net was a DOS affair. Besides..lol..the Russians (and Chinese) are getting damn good at attacking the net.

[hsimah]

Racist :P There are plenty of other people out there being cunts online.

For XP, I recommend NOD32. I don't know if it has Vista Support, but when it does for sure I shall use it.

[GroundZero]

Theres a vista version of Nod