How to clean a HELL from a PC

[ako]

I cleaned (actually my brother did with my help) during last weekend a PC which was awfully infected. Nothing could first be done when the system was running. The procedure was:

1. UBCD4Win boot cd + DrWeb Cure it (more that dozen trojans and other stuff)
2. Hitman Pro (rootkit and 3 trojans)
3. Malwabytes antimalware (2 trojans)
4. Prevx free (clean)

It was this time easy! No special tools needed
__________________

I wrote this to my list:

My proven free cleaning process for removing stubborn malware. I start with boot cd:s to kill most resistance before going to Windows.

1. Avira boot cd
2. UBCD4Win boot cd + DrWeb Cure it
3. Hitman Pro*
4. Malwabytes antimalware
5. Prevx free
6. Winpatrol

*) If you meet a malwate that blocks executables, try a Force Breach start of Hitman Pro (hold the left Ctrl-key until the man with the ladder appears while opening Hitman Pro). And in case the internet connection is broken or unavailable, start a Early Warning Scoring (EWS) scan by selecting it from the Next button. This will also reveal:
* The use of a local proxy server (an indication of malware redirecting or sniffing your web activity).
* Check and fix an invalid Winsock stack.
* Detect problems with NDIS (Network Driver Interface).
* Track down rootkits or other malware that are cloaked, perform suspicious activity or have many bad characteristcs (unethical construction and/or behavior).

[ako]

Added following:

# Avira boot cd
# UBCD4Win boot cd + DrWeb Cure it
# Hitman Pro*
# Malwabytes antimalware
# Prevx free
# Kaspersky online scanner
# Winpatrol (for manual analysis, HOSTS-file startups etc.)
# Verify the Integrity of Windows system files (sfc /scannow)
# Check for Windows/Microsoft updates.
# Empty the system restore.
# create new restore point.

[ako]

Sorry, the order was actually
1. UBCD4Win boot cd + DrWeb Cure it (more that dozen trojans and other stuff)
2. Malwabytes antimalware (2 trojans)
2. Hitman Pro (rootkit and 3 trojans)
4. Prevx free (clean)

[ako]

Final?:

Below a combat proven cleaning process for removing stubborn malware. (Start with boot cd:s to kill most resistance before going to Windows.)

1. Avira boot cd
2. UBCD4Win boot cd + DrWeb Cureit
3. Hitman Pro*
4. Malwabytes antimalware
5. Prevx free
6. Switch Windows firewall on.
7. Winpatrol (for manual analysis: HOSTS-file, startups etc.)
8. Uninstall old AV. Install new AV and scan with it.
9. CCleaner
10. Verify the Integrity of Windows system files (sfc /scannow)
11. Check for Windows/Microsoft updates.
12. Empty the system restore and create a new restore point. (XP, Vista/7)

*) If you meet a malwate that still blocks executables, try a "Force Breach" start of Hitman Pro (hold the left Ctrl-key until the man with the ladder appears while opening Hitman Pro). If you get UAC prompt you need to keep holding ctrl while you acknowledge the message. In case the internet connection is broken or unavailable, start a Early Warning Scoring (EWS) scan by selecting it from the Next button. This will also reveal: 1) The use of a local proxy server (an indication of malware redirecting or sniffing your web activity). 2) Check and fix an invalid Winsock stack. 3) Detect problems with NDIS (Network Driver Interface). 4) Track down rootkits or other malware that are cloaked, perform suspicious activity or have many bad characteristcs (unethical construction and/or behavior).

[Anupam]

Thanks for your experience and this thread Ako. I am sure it will be of help to others.

For online scanner, I would also consider Trend Micro HouseCall. I have used it twice or thrice to clean PCs, and it has really impressed me, with its detection and cleaning abilities. I haven't tried Kaspersky Online Scanner though.

I read about UBCD4Win, and noticed that it does not contain DrWebCureIt. So, did you slipstream DrWeb with UBCD boot CD?

Also, I like to always use the latest version of any software. So, how do you deal with situation where a new version of UBCD, or any other boot disk comes out. Do you make new CDs, and throw away the old ones? That's why I don't download these boot CDs, because I feel when I need them, I will download the latest version, and then use them. Any suggestions for this?

[ako]

For online scanner, I would also consider Trend Micro HouseCall. I have used it twice or thrice to clean PCs, and it has really impressed me, with its detection and cleaning abilities.

Nice to know!

I read about UBCD4Win, and noticed that it does not contain DrWebCureIt. So, did you slipstream DrWeb with UBCD boot CD?

Also, I like to always use the latest version of any software. So, how do you deal with situation where a new version of UBCD, or any other boot disk comes out. Do you make new CDs, and throw away the old ones? That's why I don't download these boot CDs, because I feel when I need them, I will download the latest version, and then use them. Any suggestions for this?

That's why I use portable versions with my 4(!) year old UBCD4Win. No need to slipstream. Eg. Cureit works as such. I just run it

Notice, that many AV boot cd:s can download the latest definitions.

[Anupam]

Quote:

Originally Posted by ako

That's why I use portable versions with my 4(!) year old UBCD4Win. No need to slipstream. Eg. Cureit works as such. I just run it

Aha! Thanks for that Ako.

[ako]

⇒ Malware detection/removal tools

Below a combat proven cleaning process for removing stubborn malware. (Start with boot cd:s to kill most resistance before going to Windows.)

1. AV boot cd - Avira/Kaspersky
2. UBCD4Win + DrWeb Cureit/Emsisoft Emergency*
3. Hitman Pro**
4. Malwarebytes antimalware
5. Prevx free + manual cleaning with UBCD4Win if needed
6. Switch Windows firewall on.
7. Winpatrol (for manual analysis: HOSTS-file, startups etc.)
8. Uninstall old AV. Install new AV and scan with it.
9. CCleaner
10. Verify the Integrity of Windows system files (sfc /scannow)
11. Check for Windows/Microsoft updates.
12. Check updates of other programs with Secunia sofware inspector
13. Empty the system restore and create a new restore point. (XP, Vista/7)
14. run chkdsk /r

*) Notice, that all these portable antimalware can be used with UBCD4Win boot cd.

**) If you meet a malware that still blocks executables, try a "Force Breach" start of Hitman Pro (hold the left Ctrl-key until the man with the ladder appears while opening Hitman Pro). If you get UAC prompt you need to keep holding ctrl while you acknowledge the message. In case the internet connection is broken or unavailable, start a Early Warning Scoring (EWS) scan by selecting it from the Next button. This will also reveal: 1) The use of a local proxy server (an indication of malware redirecting or sniffing your web activity). 2) Check and fix an invalid Winsock stack. 3) Detect problems with NDIS (Network Driver Interface). 4) Track down rootkits or other malware that are cloaked, perform suspicious activity or have many bad characteristcs (unethical construction and/or behavior).

[Av_Crazy]

I use sardu and hav integrated many tools with it namely
avira rescue cd
usbcd 4 win
dr web live cd
windows 7 repair cd
and others

[ako]

Quote:

Originally Posted by Av_Crazy

I use sardu and hav integrated many tools with it namely
avira rescue cd
usbcd 4 win
dr web live cd
windows 7 repair cd
and others

What is "windows 7 repair cd"?