Get our latest top picks
Subscribe to our Top Picks RSS Feed or enter your email address below to get the feed delivered to you by email:
|
Follow Gizmo |
 |
 |
 |
Register/Login
Top Rated
Gizmo's Freeware is Recruiting
We are looking for people with skills or interest in the following:
- Mobile Platform Reviews
- Rootkit Scanner and Remover
- Streaming Media Recorder
- Email Client
- Archive Manager Interested? Click here
How to Know If Your Computer Is Infected
These days malicious software is becoming an epidemic. It seems like it’s everywhere. Also, sadly, there's been a change in the way malware acts. It used to be that it would slow down your computer, or display annoying popups, but now malware is becoming increasingly discreet. You could be infected right now and not even know it. Also, sadly, it often seems as if the only way to make sure you’re not infected is to scan your computer with numerous anti-malware programs. Doing this can be time consuming and, while scanning, may even slow your computer to a crawl. Even after that you still can’t be sure you're clean. This is because scanners cannot recognize all new malware.
Because of these difficulties I have come up with a better method. This uses multiple programs, not to remove files, but just to analyze the computer. Each of these programs is very effective and easy to use. They are all portable applications and will not cause any conflicts on your computer because they are only running when you're using them. However, they do require an active internet connection to function properly. Don't worry, this guide will also help you to fix your internet connection in the event that it is not working. After you have already gone through the below process once, and had all files whitelisted, this approach is much faster, much more certain, and much easier than any other approach I've seen. No active malware can escape this process. However, inactive pieces of malware may not be flagged by this approach but may be found by other scanners. Rest assured that these are not direct threats to the safety of your computer and thus do not constitute a failure of this article.
I also want to stress that in order to make sure that your computer is not infected you must follow each step. None is meant to be used independently. Each depends on the others to account for different infection scenarios. Also, if any step shows definite evidence of an infection you should move directly to the section which explains How To Clean Infections From Computer. There is no reason to continue your investigation if your computer is already found to be infected.
Index
1. What To Do If Computer Is Unbootable
A) Use KillSwitch To Investigate Running Processes
C) Submit Unknown Files Which Are Probably Safe To Comodo For Whitelisting
A) Use Comodo Autoruns To Investigate Registry Entries
B) Analyze Comodo Autoruns Results
C) Submit Unknown Files Which Are Probably Safe To Comodo For Whitelisting
5. How To Clean Infections From Computer
1. What To Do If Computer Is Unbootable
Note that if your computer is able to boot into Windows you should skip directly to the next section. However, if your computer is not able to boot into Windows I would first advise that you follow the advice I give in this section of an article I wrote about How to Fix a Malware Infected Computer. It may be able to help make your computer bootable again. Then, once it's fixed, you can begin following the advice in the next section to see if your computer is infected.
Note that if the advice in that section of the other article is not able to fix your problems you should not follow part D in that article, but instead follow the advice given in this section of an article I wrote about How to Clean An Infected Computer. It's possible that the reason that your computer cannot boot is because of malware. Thus cleaning it may be the only way to get the computer running again.
2. Check for Rootkits
It's important to ensure that there are no active rootkits on your computer. To do this first scan your computer with Kaspersky TDSSKiller. It can be downloaded from this page. Note that if the file from that link is not working correctly try right-clicking on it and choosing to Save As. If even this doesn't work then you can instead download a zip file containing the same scanner from this page. At this same time download the zip file for Comodo Cleaning Essentials from this page. Make sure to select the correct version for your operating system. If you're not sure if your computer is running a 32 or 64 bit operating system then please see this FAQ. Note that if neither will not download correctly, or your internet connection is not working, you should download them on another computer and transfer them to the infected one via a flash drive. Make sure there were no other files on the flash drive. Be careful with the flash drive as the malware may actually infect it when you plug it into the computer. Thus, don't plug it into any other computers after transferring these programs.
Kaspersky TDSSKiller will scan your computer for some of the most common types of rootkits. I've found it to have relatively few false positives and a very high detection rate. By the way, some scanners, including Comodo Cleaning Essentials, may detect this file as a dangerous file. It is not. This is a safe download link. If it is flagged as dangerous you can safely ignore the detection. As with every program in this article, I recommend that you do not quarantine any files using this program. A false positive on the wrong file could destroy your computer, even if you’re not infected.
To use this it open the file called TDSSKiller. Then select the option to “Start Scan”. This scan should take less than a minute. If it does find anything then it's likely that your computer is infected. Thus I would suggest that you skip to the last section in order to deal with this infection. However, if it does not find any rootkit activity then you should next check your computer with Comodo Cleaning Essentials.
Now select the option to do a smart scan with CCE. It will immediately begin downloading the most recent virus database, which may take a long time to complete. Once it has completed downloading, the scan will begin immediately. This will scan your computer for all types of malware. The scan should not take too long to complete. As before, I recommend that you do not quarantine any files using this program. One problem with this program is that I do find it to have a few false positives. Thus the best option, in order to be sure of the results from its scan, is to report any files detected as dangerous, which you believe may be safe, to Comodo for analysis.
Sadly there is no easy way to navigate to the files detected by the scan. You will have to manually navigate to the path indicated in the scan results in order to get to them. Note that if you do not want to investigate them right now you can select the option to ignore each detection. Then allow finish and restart your computer. Next time you open CCE you can go to "Tools" and choose "Browse logs". The detections you chose to ignore, along with their file paths, should be stored in the most recent log. To report the detected files as false positives you should go to this page. Then select false positive, upload the files in question, fill out the required information, and select submit. Comodo analysts will send you an email with the results of their analysis.
This program also scans for system changes which may have been caused by malware. These will also be shown with the results. If you did not make these changes yourself then this could possibly be evidence that there is malware on your computer. I would recommend letting CCE fix these items, but not anything else, and continuing with the rest of the article to see if there is any more evidence of infection. I would not consider unwanted system modifications to be definitive evidence of an infection.
After the scan is complete it will ask you to restart your computer. Allow it to restart. Do not open any unnecessary programs as this will make the next step simpler. Once again I will remind you to not quarantine any files with this program. Once it restarts it will pop up with the final results. If it did not find anything, and neither did any of the above methods, then you can continue on to the next step. However, if it did find infections, and Comodo analysts also found them to be malicious, then I would advise that you skip to the last section in order to clean the infections.
Also, if your internet connection was not working please check again to see if it is now working. If not then you should go to this section of my guide about How to Fix a Malware Infected Computer and follow the advice given to fix your internet connection. A working internet connection is required for the remaining steps of this guide.
3. Use KillSwitch
A) Use KillSwitch To Investigate Running Processes
If the above steps did not find any malware activity then you should again open Comodo Cleaning Essentials (CCE). However, this time you should go to "Tools" and select the option to "Open KillSwitch". KillSwitch which will immediately begin analyzing all of your running processes. This analysis should only take a minute or so. Without waiting for the analysis to complete you can go to “View” and select “Hide Safe Processes”. This will hide all processes that are verified to be safe by Comodo. The reason I asked you not to open any other programs in the above step is because malware will nearly always run on system startup, while many legitimate programs will not. Thus there will be fewer processes to examine.
Once the analysis is complete all that are left are those programs which are either believed to be dangerous or are not in Comodo's whitelist. The latter type is denoted as FLS.Unknown. Be aware that unknown does not mean dangerous. It only means that the file has not yet been whitelisted by Comodo.
If KillSwitch now shows that “There are no items to show”, then your computer passed this part of the tests. You can move on to part 3. However, if there are files remaining in the list then you should investigate them. In order to do this you first need to navigate to the files. To do this right click on the process in question and select “Jump to Folder”. This will open up the folder where the associated file is located and select the file as well.
For files which are flagged as dangerous or suspicious, but which you believe may actually be safe, I would recommend that you report them as a false positive on this page. Just select false positive and fill out the required information. Comodo analysts will get back to you by email with the results of their analysis. In this way you can easily find out for sure if the files really are dangerous or not.
However, for those files which you think may be dangerous, but are only flagged as FLS.Unknown, you can check them yourself by following the methods discussed in my article about How to Tell if a File is Malicious. Also, if this verdict does in fact indicate that the files are likely safe, you can then submit them for addition to the Comodo Whitelist by following the advice given in part C.
For those files which are flagged as FLS.Unknown, but which you believe are probably safe, the most efficient way to analyze them is to submit them to Comodo for whitelisting. Instructions for how to submit programs, or individual files that belong to programs, can be found in this topic of the Comodo forum. Make sure you read through the first post entirely and follow all recommendations. This will ensure that your request is completed as quickly as possible. However, do note that in order to submit programs, or files, you do need to have an account on the Comodo forums. If you don't already have one then it's very easy to get one. There is an option to register on the top of any page on the Comodo forums. Also, if you cannot locate the folder indicated in the KillSwitch results that may be because some folders are hidden by default by Windows. To tell Windows to show you those folders please follow the advice on this page.
These submissions will be analyzed by Comodo staff and, if appropriate, added to the whitelist. However, do note that it may take the analysts days, or even a few weeks, to complete their analysis. This all depends on how many submissions they are also trying to analyze. If you feel that you cannot wait for their analysis then you also have the option of analyzing them manually by following the advice I give in How to Tell if a File is Malicious.
That said, the greatest advantage to the whitelisting approach is that you won't have to do any analysis of your own and the next time you check your computer the files will already be whitelisted and nothing will need to be done. In fact, you submit all the safe programs on your computer for whitelisting then, once they're whitelisted, the next time you scan with KillSwitch there should not be any more unknown processes for you to examine. Thus, it becomes an incredibly easy task to ensure that your computer is still clean of infections. In fact, my computer always shows a completely blank screen after selecting the option to “Hide Safe Processes”. This allows me to ensure that my system has passed this test in less than one minute. Please note that depending on your computer, and your internet connection speed, this time may vary. Once you're done with this part you can close KillSwitch.
4. Use Comodo Autoruns
A) Use Comodo Autoruns To Investigate Registry Entries
Now, through CCE, which should still be open, again go to the "Tools" menu. This time select the option to "Open Autorun Analyzer". This program will analyze the registry and show you the files associated with each item. Almost all malware will write to the registry. Thus, by scanning for all files associated with registry entries, this program can identify malware and unknown files, even if they aren't running. It may even be useful in identifying rootkits, although that is not its primary purpose. The downside to using this program is that it will potentially give you more files to check than the above methods. However, if you really want to be sure that your computer is clean then this step is also necessary. As before, do not delete/disable anything with this program as it can be very dangerous if used improperly. We are only using its analytical abilities. Please do not use it to try and clean up any infections or you could inadvertently harm your computer.
After Comodo Autoruns opens it will immediately begin compiling the list. This process could take a couple of minutes to complete. Without waiting for the list to finish being compiled you can go to “View” and select “Hide Safe Entries". Note that this option will now be pre-checked every subsequent time you run the program. Once the list is compiled Comodo Autoruns will automatically begin analyzing each entry. Wait until all entries have been analyzed. If this is the first time you have run this program, you should now close it and then open it again. I find that this often allows Comodo time to analyze some of the unknown files so that this time there will be less to check.
If Autoruns now shows that “There are no items to show” your computer passed this part of the tests. If it also passed all of the above steps then there is definitely no active malware on your computer.
If your computer passed all of the above steps, but you are experiencing problems with your computer, it's possible that the problem that you're experiencing is due to hardware or software issues. I would recommend that you first try searching online for symptoms similar to what your computer is suffering from to see if they match something other than malware. Also, an article I have written about How to Fix a Malware Infected Computer may be of use to you. It was written mainly to fix probelms due to malware, but the advice given should be able to fix many other types of software problems as well.
B) Analyze Comodo Autoruns Results
However, if there are still entries left over you should begin analyzing them. However, note that there is currently a minor bug with Comodo Autoruns. This sometimes causes the program to flag files which are actually known safe as FLS.Unknown. Thus, I would advise that if you see many files flagged as unknown, which you believe should be flagged as safe, that you close Comodo Autoruns and then open it again to see if the files are still unknown. Also, note that making sure the virus database is fully up to date, by always running a Smart Scan with CCE just before checking with Comodo Autoruns, makes this problem much less rare.
To get to the files which these entries are associated with, right click on an entry and select “Jump to Folder”. This will open up the folder where the associated file is located and select the file as well. Also, with this program you will find that often a single file has numerous entries, which means that often there’s not nearly as much analysis to be done as there would seem to be.
Just as was done for KillSwitch, for files which are flagged as dangerous or suspicious, but which you believe may actually be safe, I would recommend that you report them as a false positive on this page. Just select false positive and fill out the required information. Comodo analysts will get back to you by email with the results of their analysis. In this way you can easily find out for sure if the files really are dangerous or not. Also, if you cannot locate the folder indicated in the results that may be because some folders are hidden by default by Windows. To tell Windows to show you those folders please follow the advice on this page.
However, for those files which you think may be dangerous, but are only flagged as FLS.Unknown, you can also check them yourself by following the methods discussed in my article about How to Tell if a File is Malicious. Also, if this verdict does in fact indicate that the files are likely safe, you can then submit them for addition to the Comodo Whitelist by following the advice given in part C.
C) Submit Unknown Files Which Are Probably Safe To Comodo For Whitelisting
For those files which are flagged as FLS.Unknown, but which you believe are probably safe, the most efficient way to analyze them is to submit them to Comodo for whitelisting. Instructions for how to submit programs, or individual files that belong to programs, can be found in this topic of the Comodo forum. Make sure you read through the first post entirely and follow all recommendations. This will ensure that your request is completed as quickly as possible. However, do note that in order to submit programs, or files, you need to have an account on the Comodo forums. If you don't already have one then it's very easy to get one. There is an option to register on the top of any page on the Comodo forums. Also, if you cannot locate the folder indicated in the Autoruns results that may be because some folders are hidden by default by Windows. To tell Windows to show you those folders please follow the advice on this page.
These submissions will be analyzed by Comodo staff and, if appropriate, added to the whitelist. However, do note that it may take the analysts days, or even a few weeks, to complete their analysis. This all depends on how many submissions they are also trying to analyze. In addition, if you feel that you cannot wait for the analysis of Comodo staff then you also have the option of analyzing them manually by following the advice I give in How to Tell if a File is Malicious.
That said, the greatest advantage to the whitelisting approach is that you won't have to do any analysis of your own and the next time you check your computer the files will already be whitelisted and nothing will need to be done. In fact, you submit all the safe programs on your computer for whitelisting then, once they're whitelisted, the next time you scan with Comodo Autoruns there should not be any more unknown processes for you to examine. Thus, it becomes an incredibly easy task to ensure that your computer is still clean of infections. In fact, my computer always shows a completely blank screen after selecting the option to “Hide Safe Entries”. This allows me to ensure that my system has passed this test in just a few minutes. Please note that depending on your computer, and your internet connection speed, this time may vary.
5. How To Clean Infections From Computer
If any of these methods does show that your computer is infected you should check out my article about How to Clean An Infected Computer. The advice in this article will allow you to remove almost any infection and get your computer back to working order.
If you have any problems, or are confused by my directions, please leave a comment below and I will try to help. Trust me, if you are having a problem then so are many others. I need to know this so that I can improve the article and make it usable for everyone. Also, and this is especially important, if you find a situation in which none of these methods shows evidence of an infection, but the system is definitely infected, please let me know. I have seen no evidence of this happening, but if I do receive proof of a bypass then I will need to rethink my strategy.
In addition, please help by rating this article. If you believe this article deserves anything less than 5 stars, please leave a comment below explaining how you think it can be improved or where you find fault. This article is written by me but fueled by the community. Thus your opinions and advice are not only much appreciated, but actually necessary in order for this article to grow and improve.
If you found this article useful then perhaps you'd like to check out some of my others.
How to Clean An Infected Computer
How to Fix a Malware Infected Computer
How to Harden Your Browser Against Malware and Privacy Concerns
How to Install Comodo Firewall
How to Protect Your Online Privacy
How to Report Dangerous Websites
How to Report Malware or False Positives to Multiple Antivirus Vendors
How to Tell if a File is Malicious
How to Tell If A Website Is Dangerous
This software category is maintained by volunteer editor Chiron. Registered members can contact the editor with any comments or suggestions they might have by clicking here.
- Article type:
- Login or register to post comments
Printer-friendly version
Comments
Thanks for your reply. I was getting ready to post again because I figured something out. You can select "ignore" from the scan results by clicking on "clean." If you do that the results will still show up in the log (linked under tools). I'm about to send those results to Comodo.
BTW most of my initial results were false positives, so you're right about that. I'd already run the quick scan and it came out clean. I was still concerned because I'd run a "complimentary scan" of another product that showed registry errors. That's why I ran the custom scan in both normal mode and safe mode. (I realize now it took so long because I didn't unselect the hard drives.)
Thank you very much for letting me know about that. I was not aware that they would be stored in the logs. I've once again updated the article. If you find that there's anything else which you believe could be improved please feel free to let me know.
Thank you very much.
I think these instructions need to be updated. When I didn't push "apply" after the Comodo scan was done, the results disappeared. They didn't appear again at the restart and they don't appear in the logs. I'm frustrated because it took hours to finish the custom scan I did and now I'll have to do it all over again. I remember where some of the files are, but not all of them. If I'd known they were just disappear, I could have written them down before closing the program.
I'm also wondering if it's as dangerous to quarantine files as to delete them. I had run an earlier scan before reading this article and did push "apply." That quarantined the files but didn't delete them. Is this a new feature of the program, or were you referring to quarantining files in your article?
Thanks for pointing this out. If you've run into trouble I'm sure many others have as well. I've updated the article to make it more apparent that the scan results are not stored in a log and should thus be investigated while the results are still shown in the CCE window.
Also, I'm sorry about the trouble you had making the custom scan. However, my article recommends running a smart scan, which with everything else recommended should be sufficient.
In terms of quarantining files as compared to deleting them, you are correct. This was a mistake on my part as CCE does try to quarantine the files. This is better than deleting them as if you find out later that it was a mistake and the files are actually not dangerous you can restore them from quarantine. That way no harm has been done.
Thank you very much for your questions. They were very helpful. Please let me know if you have any other questions or comments about the article.
Thanks.
I will agree with chiron
Thanks for this article, it clearly explains what to do. I am concerned by the results however. I had no glaring issues on my computer, I just wanted to make sure that it was clean. I followed all the steps and everything can out clean until I got to the Autorun analyzer.Even though I ran it twice after I did the cleaner I got 1347 hits(without the safe entries). Only(!)31 are listed and of those only two are red. Am I supposed to check all of those on the Comodo site? could I have so much malware without noticing problems on my PC?
Thanks!
Okay so I tried to upload my files to Comodo, there were only about 15. Most were normal and I will report them as false positives. A few were unknown and I sent the to be analyzed. A few files however don't seem to exist! I can't find them on my searches or according to their path - what does that mean?
Can you please make a new topic in the forum and send me a link to it through the contact form?
It is very difficult to assist you with this through the comments. It is really better suited to the forum.
Thanks.
Great article as usual Chiron. Is it worthwhile doing a full scan with CCE, or is it unnecessary if all your other steps are followed?
Thank you.
If you wish you can do a full scan with CCE. That would certainly be even more powerful in terms of rootkit detection.
That said, the reason I do not include that in this article is that so far nobody has informed me that their computer was infected, but that my article did not detect it. Thus, I believe that a full scan with CCE would be unnecessary. However, if you are seeing signs you believe could be indicative of infection it's not a bad idea to do a full scan.
Please let me know if I have fully answered your question.
Thanks.
Thanks for the reply. As far as I know I'm not infected, apart from CCE flagging my mvps hosts file as a threat, which I'm sure it isn't, so I won't bother with the full scan.
That's good to hear.
Please feel free to let me know if you have any other questions.
Thanks.
It might be helpful if At the end of your article "How to Know If Your Computer Is Infected"you had a short outline of the steps to take. A person could study the information, print out the outline then do the steps while checking them off.
I like your approach to the problem very much and perhaps I am asking too much but it seemed like a good idea.
Jack
I'm not sure that is a good idea.
It may certainly be helpful for many people, but my concern is that if I were to add something like that some people may instead just try to use that shorter checklist (likely because they would prefer to not read through the entire article). Of course, the danger to that is that if my instructions are not followed correctly people could misinterpret the results or perhaps even harm their computers.
Thus, I believe it is best to leave the article the way it is. For your purposes perhaps the best thing to do would be to print out the entire article and then check off the section titles after you finish following all advice in the section.
Hopefully my reply has been helpful. However, if you still have any questions please feel free to ask.
Thanks.
I agree with Chiron. The need for speed is the main reason a lot of folks get infected in the first place. Unfortunately there are no shortcuts to staying malware free, or removing it. MC - Site Manager.
Hey Chiron,
Your article was well written and pretty informative!
I followed your article and did everything suggested(System is Clean) but I am concerned about having ran the TDSSkiller (downloaded the exe file from Kaspersky) from the downloads folder whereas it is recommended to load TDSSkiller directly to the desktop(Sources: Cnet TDSSkiller page and some security forums.) and run it from there.
Well now shall I delete TDSSkiller from downloads and again download it from kaspersky.com directly to my desktop???
Thank you.
I checked Kaspersky's support page and it did not mention anything about it having to be run from the desktop. Since it's not mentioned as a requirement on the official support page I wouldn't worry about it. I'm pretty sure it will run just fine.
However, just to be sure, can you please post me some links to those forum topics so I can investigate this further?
Thank you.
1) http://www.bleepingcomputer.com/forums/topic456741.html/page__view__findpost__p__2729794
2) http://www.bleepingcomputer.com/forums/topic284553.html
3) Check out the Cnet page too if you'd like to.
Thank you. It appears that TDSSKiller will run perfectly fine from either the desktop or a folder. I read through most of the topic on the bleepingcomputer forum and found this reply:
http://www.bleepingcomputer.com/forums/topic284553.html/page__view__find...
This explains that they only advised them to unzip it to the desktop because that is what the run command in their specific instructions required. They were not aware of any reason it would have to be run from the desktop.
Thus, since I do not see anyone advising that it needs to be run from the desktop, other than because that is what their specific instructions require, and there is no mention of it in the Kaspersky support files, I believe it is okay to run it from essentially any folder.
Please let me know if you have any other questions.
Thanks.
Thank you for the awesome article,and i will be thankful if u replied to that very long queries of me as a beginner please.
i am running windows 7 and i have a problem with the internet connection, it is almost creeping with numerous d/c, internet company told me to test it as follows :to close every thing depends on the internet and to use a wire to connect to the router instead of wireless connection, then asked me to to go to windows menu, select All programs then select Accessories and then command prompt ant to write this word "netstat" then asked me how many active connections state is word "Established" they were 5, then she told me that i have a spyware though my wireless is password protected.
sadly spyware doctor scan but not removes for free, it detected 6 spyware and 163 infection!!!!!!!!!!! None of the free anti malware programs i used later showed a similar number of malware on my pc. Also many of my friends told me that it is not real infections that the program producers try to force you to pay for it and some times it even harm ur pc it self to get t buy the programe, but others claimed that huge number of infections is because spyware doctor is the best.
I then used both EIS and MSE each found one infection the one detecte by EIS was trojan. i have deleted the infected files, and uninstalled the program EIS because it started detecting program and system files as infected and then report me that they were falsely detected and then neither me or the program couldn't restore them as they need an admin permission.
i did all the steps in this article also in all articles of How To Clean Infections From Computer, How to Tell if a File is Malicious and How to Fix a Malware Infected Computer reported all false positive files (5 files) to comodo malware analysis with no response, they passed all the steps ok except that they are unknown in Comodo File Intelligence and using Comodo Valkyrie it was normal static, undetected by both Camas & CAV verdict but with unknown Advanced Heuristics.
the command prompt still give the big number of active connections which shows stat as "established"!!!!!!!!
i want to know about spyware doctor scan result if it it true or not, and if it is necessary to format my pc? specially that my pc is clean from the 4 articles point of view except the false unknown part.
OR i should delete the false unknown files detected by comodo( they are which running my bluetooth )??
And about the way of testing using command prompt is it accurate? i mean if i closed every window depends on the internet what about updates?
should i use more free anti spyware like super antispyware, and if these type of program harm the comuter the way i mentioned with EIS.
Thanks and regards
Sadly the comments section of this article is not the best place to solve these problems. Please start a new topic in the Gizmo's forums.
We can then discuss this there (although please contact me through the contact form at the bottom of this article to remind me to check the forum. Sorry, otherwise I might forget).
Thank you.
no matter what i try my pc will not respond i can get internet through internet explorer but not through aol alone i can even pkay any icon on my desktop ie card games etc everything is blocked by a virus calling system progressive protection and keeps asking for payment in dollars please help
Please try following the advice I give in my article about How to Clean An Infected Computer:
http://www.techsupportalert.com/content/how-clean-infected-computer.htm
Specifically I would recommend first following the advice I give in the section about making a bootable disk. Make sure you create this on a different computer. Cleaning using a bootable disk should be able to clean this malware from your computer.
I downloaded the CCE program. I unzipped the folder. I clicked on run and I heard a ping sound and nothing happened. I tried the KillSwitch and it did the same thing. This program would not run on my windows 7. Then I went back and double check which program I downloaded. I discovered I downloaded the windows 32 bit instead of the windows 64 bit. Once I downloaded the correct version it opened up and scanned my computer without any problems. Fortunately, there was no threats detected with either Comodo or Kaspersky TDSSKiller.
Thanks so much for this forum. I passed this on to some friends.
I just want to make sure that you did indeed also follow the steps which asked you to use these programs to locate unknown files. Did you then analyze any unknown files which were found to ensure that they were not malicious?
This is a very important part of this process. You must manually check any files which are flagged as FLS.Unknown by either KillSwitch or Autoruns.
I did not have a need to analyze any files for there were no infected files found. I followed every step that you gave. I missed not one and the result from both software was "no infected files found".
I've very happy to hear that. I was hoping that with the vast improvements Comodo continues to make to their whitelist that the procedures I advise would become easier and easier.
It appears that is exactly what is happening.
Thanks for the feedback.
This article helped me to clean my PC,and I'm very glad,but some softwares are not accessible,e.g CCE and TdssKiller.
What do you mean when you say that they are not accessible? Do you mean that they are too difficult for everyday use, that you were not able to download them,...?
I know it's probably annoying to have people respond with WOW and the like, but I don't have sufficient alternative vocabulary to describe how simple this was to use for someone like myself who has limited experience beyond that of a consumer level home user. It's often frustrating and baffling for me when I try to follow explanations offered for computer issues. Kudos and thanks.
Will be reading the other articles you have provided as I am able to digest them.