18 replies to this topic

[MaryJo]

The purpose of this post is to list some of the most useful utilities to delete malwares, and other malicious and incredibly annoying stuff and the process used to get rid of such pests; well here’s what i use and what i do to kill ‘em!

1) Deactivate System Restore: I’ve never believed this is a useful feature, i’d rather buy a program that does this, like Norton Ghost or something like that

2) Ccleaner: this little program is quite useful because it has 2 features that i like a lot, which are clean cookies and other temp files and fix registry problems, and it’s free

3) HijackThis: Cool and useful stuff here, it does a full system scan, listing all running processes and shows a list of some of the most important registry entries used, and in all cases, we can identify the name of the infection by the registry name.

4) Task Manager Unlocker: made by me, simple tool that will repair the registry so CTRL+ALT+DEL will work again

5) Anti-Viral: This was made by me, it’s a simple script that will deactivate the running process of the virus, then will delete the files created by the virus and will create a registry repair file, which if clicked will reconfigure the registry so you can see Hidden Files in your system (.exe, .cmd, .com, etc) It’s currently under development, but already succesfully cleans the following list of virus (by proccess names):

amvo.exe, wscript.exe, LxrJD31s.exe, amvo0.dll, amvo1.dll, amvo2.dll, amvo3.dll, amvo4.dll, amvo5.dll, amvo6.dll, amvo7.dll, amvo8.dll, amvo9.dll, RavMonE.exe, winlagan.exe, rwoncbws.exe, kjj.exe, gfvwnhup.exe, rsysinit.exe, mmoc2.exe, mmhr3.exe, mmmega.exe, Fsd9mk4g.dll, rpcc.dll, WLCtrl32.dll, alofkmn.dll, bxlrvps.dll, RamBoot.dll, pmnlm.dll, hggfeda.dll, u.bat, u.vbe, s.vbe, xo8wr9.exe, auto.exe, h.cmd, juok3st.bat, awda2.exe, d.com, m1t8ta.com, 188qsm.bat, ekugb3.bat, oufddh.exe, LaunchU3.exe, d6fagcs8.cmd, gbiehbsb.dll, tio8x6.cmd, fooool.exe, 8ng8w.com, x.com, xn1i9x.com, gumkrhf.bat, d6fagcs8.cmd, 2ifetri.cmd, 3wcxx91.cmd, 80avp08.com, 0hct8ybw.bat, ShowBmp.exe, i.cmd, ylr.exe, dosocom.com, usdeiect.com, uxdeiect.com, nudeiect.com, n1deiect.com

6) AVG Free: might not be as much of a resource hog as Norton, but running alongside each other I find AVG always picks up and fixes more, and continues to do so after Norton demands you pay again.

7) Ad-Aware: I like it less with the new interface and the buggy downloader - why did they try to fix what wasn't broke?

8) Spybot: Search and Destroy: has lots of other nifty features like editing startup files and a secure shredder.

9) Super Antispyware: Don't be fooled by the site - this is legit. And its very powerful.

10) Very importantly; Opera, Safari, or Firefox: Secure browsers. Never underestimate IE's power to mess up your system as much as some poor developers CSS; most malware is from dodgy downloads or browser vulnerabilities. Safari is the most secure (I think), Opera has the most features by default and FF is the most customizable, though some plugins increase resource usage.

11) Sygate for firewall protection.

If you suspect infection or you know that your pc is infected, but you don’t know what name it has, use HijackThis and post it in this area, i might be able to help you, my anti-viral tool is easy to update, so you can receive a solution in short time, also if someone is willing to help me with new viruses coming up, please use this tool, it's called FindHidden, also made by me, it can discover stealthed files in your system. Oh, if you have a way of deleting malware, please share with all of us


BTW, here's an example of how you should post the logfile of HijacvkThis:

Logfile of HijackThis v1.99.1
Scan saved at 04:40:06 p.m., on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Unlocker\UnlockerAssistant.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\WinZip\WZQKPICK.EXE
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Archivos de programa\Windows Media Player\wmplayer.exe
F:\Utilidades AV\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARCHIV~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Archivos de programa\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O20 - Winlogon Notify: WBSrv - C:\Archivos de programa\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[Jeeves]

Added AVG. Good thread, and good to see you're still about.
Nice job with the utilities

[Ash]

Add also:

http://www.lavasoftusa.com - Ad-Aware. I like it less with the new interface and the buggy downloader - why did they try to fix what wasn't broke?
http://www.safer-networking.org - Spybot: Search and Destroy - has lots of other nifty features like editing startup files and a secure shredder.
http://www.superantispyware.com - Super Antispyware. Don't be fooled by the site - this is legit. And its very powerful.

Oh, and www.mozilla.org/firefox - essential, really. That or opera. And http://www.download....4-10049526.html sygate for firewall protection.

[Jeeves]

Or Safari, even if it clashes with everything else in windows (hey, just because Apple harrass every man and his dog about following their Aqua GUI guidelines doesn't mean they should set a good example by paying any attention to native windows GUI). List updated

[GodSun666]

Tune up utilities - Awesome thingy if you are lazy and want to tune your windows
Diskeeper - A good defragment tool
Deffragler - a good FREE defragment tool

These are my apps to contribute ^^

[Ash]

http://www.malwarebytes.org/ - Malwarebytes Anti-Malware. A brilliant tool that can, if run in safe mode, crush even the foulest of malwares. It replaced my Ad-aware and runs alongside AVG Internet Security, Spybot S&D and SUPERAntiSpyware to keep my system clean.

[Rafv Nin IV]

I find that the secure shredder in Spybot S&D is the best thing around if something sneaks past your filters. I had an instance where none of my anti-viruses were getting rid of the problem (I was running AVG and Avast) because they weren't getting files that remade the files that caused the problems. It took me a few hours, but I went through my C: drive and found every file created on or after the day I got the infection, loaded them all into the secure shredder and deleted them all at the same time. Presto! Problem solved.

[GodSun666]

I might have some other utilities that are really handy also really handy in use with Hijack this or other program



CWS shreder (Coolwebsearch shredder) http://us.trendmicro...nal/CWShredder/

Antivir Avira - A really good antivirus scaner updates everyday! http://www.avira.com/

Defraggler - an good free defragtation tool www.defraggler.com

Combofix - Good with hijack this http://download.blee...Bs/ComboFix.exe

VundoFix - removes the Vundoo Virus http://vundofix.atribune.org/

Note :

Combofix is an advanced program it only work with Windows XP Idk if it works with vista. it is a really STRONG uttility! and should ONLY be used as a last option!

Vundofix is for the Vundo virus only!

CWS shredder is for cool web search!

Edited by godsun, 22 May 2009 - 02:21 PM.

[Beowulf]

The CWShredder is a moot download now as Malwarebytes' Anti-Malware and Spybot crush it without fail.
Combofix and Vundo are half moot, especially if you use avast and do a boot scan. Crushed anything those fix with it so many times, it's a damn blessing to have.

Edited by Beowulf, 23 May 2009 - 02:12 PM.

[GodSun666]

Well, i geus its time to get over to Avast i hear so many great things about it ! Thanks for the info.

[Beowulf]

Naw. Avira is still much better for active, everyday protection. avast! is a tad to CPU hungry for my tastes.

[GodSun666]

I don't like CPU hungry Apps. I have an outdated Pentium 4 3.0 GHZ

[Bereneth Túrien]

That's better than my (probably newer) Celeron 1.6 GHZ.

But I'm getting a dual-core 2.2 GHZ in a couple days - I just have to wait for it to get here.

And I'd like to suggest ZoneAlarm Free as a firewall solution.

Edited by Arborlon Elf, 29 August 2009 - 03:12 AM.

[Bart]

Nooooooo not ZoneAlarm. It's unnecessary bloat. Windows firewall suffices. Heck, I don't even really know what a firewall is good for on a home pc that's not running any services.
ZoneAlarm tends to block stuff even if you tell it not to....even if you shut it down. My father could not use Firefox for months, until I uninstalled ZoneAlarm.

[Bereneth Túrien]

ZA's always worked fine for me as long as I remember to not only add program exceptions but allowed IPs as well (for networks). The main reason I use it over Windows Firewall is that it monitors both incoming and outgoing connections. That's where Windows firewall lacks the extra security.

[Beowulf]

Router, hardware firewall, enable. Software firewalls are lame and the Windows Firewall is USELESS.

[Bereneth Túrien]

Router, hardware firewall, enable. Software firewalls are lame and the Windows Firewall is USELESS.

And that's probably the best way to go.

[Beowulf]

It's protected me for years and I see no reason to double up on protection since I have it inbuilt on my hardware. I'll never use a software firewall again if I can help it and it will never be ZoneAlarm. That piece of shit firewall almost ruined my Windows 98SE PC.

[Phil]

Probably I'm a little too paranoid, but I prefer to know that nothing gets in even while I'm in a public network. Iptables for the win