+ Reply to Thread
Page 1 of 8 1 2 3 ... LastLast
Results 1 to 20 of 160
  1. #1
    Pandemonium
    Join Date
    Oct 2005
    Posts
    7,859
    BG Level
    8
    WoW Realm
    Cho'gall

    How to Remove Most Viruses and Malware

    I'll preface this by saying that for the nastiest viruses, the best course of action time and frustration wise is to just reformat the computer. However, most common viruses and malware that infect machines today are pretty easily taken care of.

    Preperation

    Depending on the infection, you may or may not have internet access. Even if you do, it's wise to pull the computer off your home network to reduce risk of it infecting other machines.

    If you have another machine, grab a small USB stick, and download the following applications to it:

    Combofix (Direct Download Link)
    Malware Bytes
    SuperAntiSpyware

    If possible, disable System Restore on all drives on the computer. Disconnect any external drives as well.

    Cleaning

    On your infected machine, turn it on and boot into safe mode. To do this, on most computers tap F8 during the initial boot screen and it should prompt you. If this doesn't work, check google for how to do it for your model.

    Once into safe mode, insert your USB stick and drag all 3 installation files to the desktop. if you haven't already, disable system restore.

    First, run Combofix. (Note: Some viruses will block you from running Combofix. Simply rename the executable to something like "Combo1" to get around this) You'll see a few warning messages, just click past them. Let it back up the registry. Don't install the Windows Recovery Console. You should then see the following screen while it scans:

    http://img.bleepingcomputer.com/comb...owing-stag.jpg

    If you see your desktop or taskbar blinking, this is normal. You might get the "Windows has started in safe mode" introductory message again, just click Yes so Combofix can continue scanning.

    Note: If you have a rootkit on your machine, Combofix will pause and list the files associated with the rootkit. It will then reboot to clear the infection. Typically there are still many leftover files after this, make sure you reboot into safe mode and start over from the beginning and run ComboFix again.

    Once Combofix has successfully finished scanning, it will generate a log for you. Reboot if it prompts you to, and go back into safe mode.

    Second, install and run MalwareBytes. This is straight forward, and will clean any left over files that ComboFix may have missed. Once that's complete and it's removed all files, reboot if it prompts you to.

    Lastly, run SuperAntiSpyware. You can skip this step if you think the first two steps cleaned the infection, but a little redundancy never hurts.

    Cleanup

    Reboot and log into Windows normally. Check to make sure that the symptoms you experienced before are gone. If they're not, make sure you had System Restore turned off, no CDs in your drive, no external drives, etc where the virus could have reinstalled itself.

    Download CCleaner and run it. This will clear all your temporary internet files and also clean out your registry so that any left-over entries are taken care of.

    Prevention

    Always have an up-to-date virus scanner and all your Windows Updates. Obviously paid antivirus solutions like Kapersky and Nod32 are the best, but a good free scanner like Avast! is better than nothing. Don't neglect Flash/Java/Quicktime updates either, as many things use exploits in those programs to infect your machine.

    Hope this helps.


    Sono edit: STOP USING AVG ITS SHIT

  2. #2

    thanks for this guide, it saved me last night ('-'*)

  3. #3
    Relic Weapons
    Join Date
    Aug 2008
    Posts
    296
    BG Level
    4
    FFXI Server
    Valefor

    Was having an issue last night where my comp would BSOD after loading windows. Followed these steps and it worked after the initial reboot, but now I can't even load windows. Combofix deleted windows/system32/system/config or something and I don't have my XP disk >.>

  4. #4
    Pandemonium
    Join Date
    Oct 2005
    Posts
    7,859
    BG Level
    8
    WoW Realm
    Cho'gall

    Quote Originally Posted by Fr34k View Post
    Was having an issue last night where my comp would BSOD after loading windows. Followed these steps and it worked after the initial reboot, but now I can't even load windows. Combofix deleted windows/system32/system/config or something and I don't have my XP disk >.>
    Can you get into safe mode?

  5. #5
    Relic Weapons
    Join Date
    Aug 2008
    Posts
    296
    BG Level
    4
    FFXI Server
    Valefor

    Lemme check.

    Edit: K when I tried to go into safe mode it prompted me to select a boot device. As soon as I selected my hard drive I got:

    Windows could not start because the following file is missing or corrupt:
    \WINDOWS\SYSTEM32\CONFIG\SYSTEM

    You can attempt to repair this file by starting Windows Setup using the original Setup CD-ROM.
    Select 'r' at the first screen to start repair.

    I noticed that Combofix deleted something in System 32, but then I rebooted to install and run Malware Bytes. This ran for like 20 mins then BSOD'd me. I decided to just try and load normally and it worked all night. Now this

  6. #6
    Pandemonium
    Join Date
    Oct 2005
    Posts
    7,859
    BG Level
    8
    WoW Realm
    Cho'gall

    Sounds like something corrupted the registry. Never seen Combofix do that, though. Your data is still intact, but you'll need to find a XP CD to restore a backup of the registry.

  7. #7
    Relic Weapons
    Join Date
    Aug 2008
    Posts
    296
    BG Level
    4
    FFXI Server
    Valefor

    Yea when I built this PC like 2 years ago, my neighbors boyfriend let me use his XP cd and key. They've since moved... Do you know off hand if I will need the same CD key or if I could bum a disk from one of the professors at my CC?

  8. #8
    Pandemonium
    Join Date
    Oct 2005
    Posts
    7,859
    BG Level
    8
    WoW Realm
    Cho'gall

    You should be able to use any disk. You don't need a key to access the recovery console that the CD lets you boot to.

    This article contains step-by-step directions for restoring the registry.

  9. #9
    Relic Weapons
    Join Date
    Aug 2008
    Posts
    296
    BG Level
    4
    FFXI Server
    Valefor

    Right on, thank you good sir. I'll see if I can cop a disk tomorrow and get this straightened out. Once I CAN boot windows, should I run all of the programs listed here in normal mode just to make sure everything is clean?

  10. #10
    Pandemonium
    Join Date
    Oct 2005
    Posts
    7,859
    BG Level
    8
    WoW Realm
    Cho'gall

    Honestly, it may be faster for you to just extract your data and use the disk to reformat your hard drive. It would likely save time and eliminate the possibility of the virus coming back. Just throwing that out there.

    But yeah, I would definitely run more scans once you get back into windows.

  11. #11
    Sea Torques
    Join Date
    Nov 2007
    Posts
    548
    BG Level
    5
    FFXI Server
    Cerberus

    I just ran Combofix and Malware in safe mode, but now I cant get on the internet? My connection shows me as connected, and I can get on pokerstars online, but everything else shows me not being connected (msn, firefox, FFXI, etc). Any simple way to fix this?

  12. #12
    Melee Summoner
    Join Date
    Oct 2009
    Posts
    27
    BG Level
    1
    FFXI Server
    Phoenix

    Thank you for this guide, my laptop exploded a few days ago and I've been using my old desktop of questionable integrity to get by. Hopefully this will clean it up some.

  13. #13

    k,

    Running windows xp media center
    Having a virus comming up spamming me with website for porn.
    Wont let me open up task manger, my anti virus, chrome... well anything sept for IE and IE.

    There is a blue shild with grey strips on the icons to the bottom right of the screen and it's a malware for antivirsu softwear it says and it comes up with some bullshit scan and says i need to buy something to get it clean.

    I more then likely got this off a torrent on BT junkie.

    Is there anyway to clear this rather then reformating the harddrive?

    also sorry about my spelling im very tired

  14. #14
    Pandemonium
    Join Date
    Oct 2005
    Posts
    7,859
    BG Level
    8
    WoW Realm
    Cho'gall

    Quote Originally Posted by Ace-o-fire View Post
    k,

    Running windows xp media center
    Having a virus comming up spamming me with website for porn.
    Wont let me open up task manger, my anti virus, chrome... well anything sept for IE and IE.

    There is a blue shild with grey strips on the icons to the bottom right of the screen and it's a malware for antivirsu softwear it says and it comes up with some bullshit scan and says i need to buy something to get it clean.

    I more then likely got this off a torrent on BT junkie.

    Is there anyway to clear this rather then reformating the harddrive?

    also sorry about my spelling im very tired
    Not to be rude, but did you read the post? Try running combofix in safe mode. You may need to rename the executable before it works.

  15. #15
    Old Merits
    Join Date
    Nov 2007
    Posts
    1,007
    BG Level
    6
    FFXI Server
    Asura

    I tried ComboFix about 4 days ago and the download links were broken. The page shows it being 3 MB in size now, and I'm getting a 160 KB or a 1.2 MB file to download which says it isn't completely downloaded when I try to run it. Do you have an older working version to post?

  16. #16
    alsohawks

    ALL YOU YOUNG HACKEY
    PLAYERS OUT THERE

    Join Date
    Jul 2009
    Posts
    5,960
    BG Level
    8

    I experienced the same thing from the link listed in the OP (1.1MB) and the first link (bleepingcomputer) listed on this page: http://www.bleepingcomputer.com/comb...o-use-combofix

    The second link there, from forospyware, however, completed with 3.65MB. ESET also reports the first link's combofix.exe as having a bad checksum.

    Upon executing the first link denotes having corrupt files and closes automatically while the 2nd link reports as being a BETA version not meant for use on a live machine and recommends exiting as such.

  17. #17
    Pandemonium
    Join Date
    Oct 2005
    Posts
    7,859
    BG Level
    8
    WoW Realm
    Cho'gall

    Combofix is sometime taken down if issues arise. They always repost it eventually, so if the link is broken, check back in a few days. As of today all the links work.

  18. #18
    Relic Horn
    Join Date
    Dec 2008
    Posts
    3,361
    BG Level
    7
    FFXI Server
    Quetzalcoatl

    I will have to try this soon, thanks dude

  19. #19
    RIDE ARMOR
    Join Date
    Feb 2010
    Posts
    11
    BG Level
    1
    FFXI Server
    Shiva

    I've found in my personal experience that it's easier to reinstall than it is to try and remove things. A reinstall will take you about an hour and you'll have a fresh system to play with.

  20. #20
    Old Merits
    Join Date
    Nov 2007
    Posts
    1,007
    BG Level
    6
    FFXI Server
    Asura

    Yes, but setting up all your applications and drivers again can take several more hours. If I reinstall from scratch without using a backup image, it takes me about two days to have my computer back up to my usable standards, considering I have to sleep and work during those two days. I try to keep my modular programs and settings for my non-modular programs, as well as installers for everything backed up on other hard drives, so a drive is dedicated to just having the OS on it, and it takes a while. Making an image of a working install for all your hardware drivers and applications you consider basic necessities will make your life much easier.

+ Reply to Thread
Page 1 of 8 1 2 3 ... LastLast

Similar Threads

  1. Replies: 22
    Last Post: 2008-12-06, 21:22