Jump to content


Photo

The Malware Removal Thread


  • Please log in to reply
18 replies to this topic

#1 MaryJo

MaryJo

    The life, the Universe and Everything

  • Hosted
  • 512 posts
  • Location:Venezuela
  •  why does everyone has more posts than me? spamwhores!

Posted 01 March 2008 - 11:36 PM

The purpose of this post is to list some of the most useful utilities to delete malwares, and other malicious and incredibly annoying stuff and the process used to get rid of such pests; well here’s what i use and what i do to kill ‘em!

1) Deactivate System Restore: I’ve never believed this is a useful feature, i’d rather buy a program that does this, like Norton Ghost or something like that

2) Ccleaner: this little program is quite useful because it has 2 features that i like a lot, which are clean cookies and other temp files and fix registry problems, and it’s free

3) HijackThis: Cool and useful stuff here, it does a full system scan, listing all running processes and shows a list of some of the most important registry entries used, and in all cases, we can identify the name of the infection by the registry name.

4) Task Manager Unlocker: made by me, simple tool that will repair the registry so CTRL+ALT+DEL will work again

5) Anti-Viral: This was made by me, it’s a simple script that will deactivate the running process of the virus, then will delete the files created by the virus and will create a registry repair file, which if clicked will reconfigure the registry so you can see Hidden Files in your system (.exe, .cmd, .com, etc) It’s currently under development, but already succesfully cleans the following list of virus (by proccess names):

amvo.exe, wscript.exe, LxrJD31s.exe, amvo0.dll, amvo1.dll, amvo2.dll, amvo3.dll, amvo4.dll, amvo5.dll, amvo6.dll, amvo7.dll, amvo8.dll, amvo9.dll, RavMonE.exe, winlagan.exe, rwoncbws.exe, kjj.exe, gfvwnhup.exe, rsysinit.exe, mmoc2.exe, mmhr3.exe, mmmega.exe, Fsd9mk4g.dll, rpcc.dll, WLCtrl32.dll, alofkmn.dll, bxlrvps.dll, RamBoot.dll, pmnlm.dll, hggfeda.dll, u.bat, u.vbe, s.vbe, xo8wr9.exe, auto.exe, h.cmd, juok3st.bat, awda2.exe, d.com, m1t8ta.com, 188qsm.bat, ekugb3.bat, oufddh.exe, LaunchU3.exe, d6fagcs8.cmd, gbiehbsb.dll, tio8x6.cmd, fooool.exe, 8ng8w.com, x.com, xn1i9x.com, gumkrhf.bat, d6fagcs8.cmd, 2ifetri.cmd, 3wcxx91.cmd, 80avp08.com, 0hct8ybw.bat, ShowBmp.exe, i.cmd, ylr.exe, dosocom.com, usdeiect.com, uxdeiect.com, nudeiect.com, n1deiect.com

6) AVG Free: might not be as much of a resource hog as Norton, but running alongside each other I find AVG always picks up and fixes more, and continues to do so after Norton demands you pay again.

7) Ad-Aware: I like it less with the new interface and the buggy downloader - why did they try to fix what wasn't broke?

8) Spybot: Search and Destroy: has lots of other nifty features like editing startup files and a secure shredder.

9) Super Antispyware: Don't be fooled by the site - this is legit. And its very powerful.

10) Very importantly; Opera, Safari, or Firefox: Secure browsers. Never underestimate IE's power to mess up your system as much as some poor developers CSS; most malware is from dodgy downloads or browser vulnerabilities. Safari is the most secure (I think), Opera has the most features by default and FF is the most customizable, though some plugins increase resource usage.

11) Sygate for firewall protection.

If you suspect infection or you know that your pc is infected, but you don’t know what name it has, use HijackThis and post it in this area, i might be able to help you, my anti-viral tool is easy to update, so you can receive a solution in short time, also if someone is willing to help me with new viruses coming up, please use this tool, it's called FindHidden, also made by me, it can discover stealthed files in your system. Oh, if you have a way of deleting malware, please share with all of us


BTW, here's an example of how you should post the logfile of HijacvkThis:

Logfile of HijackThis v1.99.1
Scan saved at 04:40:06 p.m., on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Unlocker\UnlockerAssistant.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\WinZip\WZQKPICK.EXE
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Archivos de programa\Windows Media Player\wmplayer.exe
F:\Utilidades AV\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\ARCHIV~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Archivos de programa\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O20 - Winlogon Notify: WBSrv - C:\Archivos de programa\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


 


#2 Jeeves

Jeeves

    I write the interwebz

  • Members
  • 4,156 posts
  •  Friendly neighborhood standards Nazi

Posted 02 March 2008 - 06:30 AM

Added AVG. Good thread, and good to see you're still about.
Nice job with the utilities :thumbsdownsmiley:

World Domination Status: 2.7%


#3 Ash

Ash

    Foxtrot Oscar.

  • Undead
  • 15,524 posts
  • Location:England
  • Projects:Robot Storm
  •  Keep calm and carry on.

Posted 02 March 2008 - 08:09 AM

Add also:

http://www.lavasoftusa.com - Ad-Aware. I like it less with the new interface and the buggy downloader - why did they try to fix what wasn't broke?
http://www.safer-networking.org - Spybot: Search and Destroy - has lots of other nifty features like editing startup files and a secure shredder.
http://www.superantispyware.com - Super Antispyware. Don't be fooled by the site - this is legit. And its very powerful.

Oh, and www.mozilla.org/firefox - essential, really. That or opera. And http://www.download....4-10049526.html sygate for firewall protection.

#4 Jeeves

Jeeves

    I write the interwebz

  • Members
  • 4,156 posts
  •  Friendly neighborhood standards Nazi

Posted 03 March 2008 - 07:20 AM

Or Safari, even if it clashes with everything else in windows (hey, just because Apple harrass every man and his dog about following their Aqua GUI guidelines doesn't mean they should set a good example by paying any attention to native windows GUI). List updated

World Domination Status: 2.7%


#5 GodSun666

GodSun666

    Marching Trough The Eternal Fields Of Chaos!

  • Banned
  • 1,439 posts
  • Location:The Netherland @ Nod HQ!
  • Projects:Fast Fun And Crazy for Red Alert 3

Posted 01 March 2009 - 03:04 PM

Tune up utilities - Awesome thingy if you are lazy and want to tune your windows
Diskeeper - A good defragment tool
Deffragler - a good FREE defragment tool

These are my apps to contribute ^^
для матери Россия! Советский Союз победит! Америка может облизывать мои яйца
Posted Image
Posted Image

#6 Ash

Ash

    Foxtrot Oscar.

  • Undead
  • 15,524 posts
  • Location:England
  • Projects:Robot Storm
  •  Keep calm and carry on.

Posted 28 April 2009 - 10:51 PM

http://www.malwarebytes.org/ - Malwarebytes Anti-Malware. A brilliant tool that can, if run in safe mode, crush even the foulest of malwares. It replaced my Ad-aware and runs alongside AVG Internet Security, Spybot S&D and SUPERAntiSpyware to keep my system clean.

#7 Rafv Nin IV

Rafv Nin IV

    Vermin of Revora

  • Members
  • 1,224 posts
  • Projects:RPG Frontier

Posted 28 April 2009 - 11:19 PM

I find that the secure shredder in Spybot S&D is the best thing around if something sneaks past your filters. I had an instance where none of my anti-viruses were getting rid of the problem (I was running AVG and Avast) because they weren't getting files that remade the files that caused the problems. It took me a few hours, but I went through my C: drive and found every file created on or after the day I got the infection, loaded them all into the secure shredder and deleted them all at the same time. Presto! Problem solved.

Posted Image


#8 GodSun666

GodSun666

    Marching Trough The Eternal Fields Of Chaos!

  • Banned
  • 1,439 posts
  • Location:The Netherland @ Nod HQ!
  • Projects:Fast Fun And Crazy for Red Alert 3

Posted 22 May 2009 - 02:18 PM

I might have some other utilities that are really handy also really handy in use with Hijack this or other program



CWS shreder (Coolwebsearch shredder) http://us.trendmicro...nal/CWShredder/

Antivir Avira - A really good antivirus scaner updates everyday! http://www.avira.com/

Defraggler - an good free defragtation tool www.defraggler.com

Combofix - Good with hijack this http://download.blee...Bs/ComboFix.exe

VundoFix - removes the Vundoo Virus http://vundofix.atribune.org/

Note :

Combofix is an advanced program it only work with Windows XP Idk if it works with vista. it is a really STRONG uttility! and should ONLY be used as a last option!

Vundofix is for the Vundo virus only!

CWS shredder is for cool web search!

Edited by godsun, 22 May 2009 - 02:21 PM.

для матери Россия! Советский Союз победит! Америка может облизывать мои яйца
Posted Image
Posted Image

#9 Beowulf

Beowulf

    Unknown Superstar

  • Advisors
  • 7,214 posts
  • Location:Equestria
  • Projects:Red Alert X, YR: TG Redux, AR
  •  Resident Ponyfag

Posted 23 May 2009 - 02:11 PM

The CWShredder is a moot download now as Malwarebytes' Anti-Malware and Spybot crush it without fail.
Combofix and Vundo are half moot, especially if you use avast and do a boot scan. Crushed anything those fix with it so many times, it's a damn blessing to have.

Edited by Beowulf, 23 May 2009 - 02:12 PM.

NZ.org | NZ Gaming | RP
Skype: doctordestiny891
MSN: genkosygin@hotmail.com
Steam


#10 GodSun666

GodSun666

    Marching Trough The Eternal Fields Of Chaos!

  • Banned
  • 1,439 posts
  • Location:The Netherland @ Nod HQ!
  • Projects:Fast Fun And Crazy for Red Alert 3

Posted 25 May 2009 - 11:15 AM

Well, i geus its time to get over to Avast i hear so many great things about it ;)! Thanks for the info.
для матери Россия! Советский Союз победит! Америка может облизывать мои яйца
Posted Image
Posted Image

#11 Beowulf

Beowulf

    Unknown Superstar

  • Advisors
  • 7,214 posts
  • Location:Equestria
  • Projects:Red Alert X, YR: TG Redux, AR
  •  Resident Ponyfag

Posted 25 May 2009 - 07:46 PM

Naw. Avira is still much better for active, everyday protection. avast! is a tad to CPU hungry for my tastes.

NZ.org | NZ Gaming | RP
Skype: doctordestiny891
MSN: genkosygin@hotmail.com
Steam


#12 GodSun666

GodSun666

    Marching Trough The Eternal Fields Of Chaos!

  • Banned
  • 1,439 posts
  • Location:The Netherland @ Nod HQ!
  • Projects:Fast Fun And Crazy for Red Alert 3

Posted 25 May 2009 - 10:07 PM

I don't like CPU hungry Apps. I have an outdated Pentium 4 3.0 GHZ :dry:
для матери Россия! Советский Союз победит! Америка может облизывать мои яйца
Posted Image
Posted Image

#13 Bereneth Túrien

Bereneth Túrien

    Ni degilbor

  • Members
  • 414 posts
  • Location:Michigan, USA
  • Projects:Working on my own mod.
  •  Former advisor.

Posted 29 August 2009 - 03:11 AM

That's better than my (probably newer) Celeron 1.6 GHZ.

But I'm getting a dual-core 2.2 GHZ in a couple days - I just have to wait for it to get here.

And I'd like to suggest ZoneAlarm Free as a firewall solution.

Edited by Arborlon Elf, 29 August 2009 - 03:12 AM.

I used to be {AE}Manveru, if that rings a bell.


#14 Bart

Bart

  • Network Leaders
  • 8,517 posts
  • Location:The Netherlands
  • Division:Revora
  • Job:Network Leader

Posted 29 August 2009 - 10:49 AM

Nooooooo not ZoneAlarm. It's unnecessary bloat. Windows firewall suffices. Heck, I don't even really know what a firewall is good for on a home pc that's not running any services.
ZoneAlarm tends to block stuff even if you tell it not to....even if you shut it down. My father could not use Firefox for months, until I uninstalled ZoneAlarm.
bartvh | Join me, make your signature small!
Einstein: "We can’t solve problems by using the same kind of thinking we used when we created them."

#15 Bereneth Túrien

Bereneth Túrien

    Ni degilbor

  • Members
  • 414 posts
  • Location:Michigan, USA
  • Projects:Working on my own mod.
  •  Former advisor.

Posted 29 August 2009 - 04:18 PM

ZA's always worked fine for me as long as I remember to not only add program exceptions but allowed IPs as well (for networks). The main reason I use it over Windows Firewall is that it monitors both incoming and outgoing connections. That's where Windows firewall lacks the extra security.

I used to be {AE}Manveru, if that rings a bell.


#16 Beowulf

Beowulf

    Unknown Superstar

  • Advisors
  • 7,214 posts
  • Location:Equestria
  • Projects:Red Alert X, YR: TG Redux, AR
  •  Resident Ponyfag

Posted 29 August 2009 - 08:02 PM

Router, hardware firewall, enable. Software firewalls are lame and the Windows Firewall is USELESS.

NZ.org | NZ Gaming | RP
Skype: doctordestiny891
MSN: genkosygin@hotmail.com
Steam


#17 Bereneth Túrien

Bereneth Túrien

    Ni degilbor

  • Members
  • 414 posts
  • Location:Michigan, USA
  • Projects:Working on my own mod.
  •  Former advisor.

Posted 29 August 2009 - 08:06 PM

Router, hardware firewall, enable. Software firewalls are lame and the Windows Firewall is USELESS.


And that's probably the best way to go.

I used to be {AE}Manveru, if that rings a bell.


#18 Beowulf

Beowulf

    Unknown Superstar

  • Advisors
  • 7,214 posts
  • Location:Equestria
  • Projects:Red Alert X, YR: TG Redux, AR
  •  Resident Ponyfag

Posted 30 August 2009 - 08:58 PM

It's protected me for years and I see no reason to double up on protection since I have it inbuilt on my hardware. I'll never use a software firewall again if I can help it and it will never be ZoneAlarm. That piece of shit firewall almost ruined my Windows 98SE PC.

NZ.org | NZ Gaming | RP
Skype: doctordestiny891
MSN: genkosygin@hotmail.com
Steam


#19 Phil

Phil

    Force Majeure

  • Network Leaders
  • 7,951 posts
  • Location:Switzerland
  • Projects:Revora, C&C:Online
  •  Thought Police
  • Division:Revora
  • Job:Network Leader
  • Donated
  • Association

Posted 30 August 2009 - 10:02 PM

Probably I'm a little too paranoid, but I prefer to know that nothing gets in even while I'm in a public network. Iptables for the win :crazed:

revorapresident.jpg
My Political Compass

Sieben Elefanten hatte Herr Dschin
Und da war dann noch der achte.
Sieben waren wild und der achte war zahm
Und der achte war's, der sie bewachte.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users