The Conservative Cave

The Help Desk => Computer Related Discussions & Questions => Topic started by: Godot showed up on July 30, 2010, 09:37:21 AM

Title: More Advice Needed & Recommendations
Post by: Godot showed up on July 30, 2010, 09:37:21 AM
I have to say Spybot is worthless now. Over 1,100,000 detections and it finds nothing--when I know my computer was badly hit. It's been some time since the core program has been updated.

Mbam is good, but superantispyware did bupkiss for me.

But none of these, including Avast, will get rid of some of the nastier rootkit viruses all by themselves.

I know some other progs I can recommend but I'm at work--I can't remember their names, except one, Combofix. Although you're not supposed to run it without direction from an expert, I did so (I believe its default settings are set to do no harm), and I think it DID remove the main virus that had hit me; that is, even before I got directions from geekstogo.com, the redirect had stopped--just after I ran Combofix (I rebooted, too, so it wasn't a case of the virus being removed only to reinfect on reboot). After that, what I needed was help repairing the registry errors the virus had caused, and Mbam and Avast were then able to get rid of the trojans that the rootkit virus had caused to be downloaded.






Title: More Advice Needed & Recommendations
Post by: Thor on July 30, 2010, 09:42:00 AM
I have to say Spybot is worthless now. Over 1,100,000 detections and it finds nothing--when I know my computer was badly hit. It's been some time since the core program has been updated.

Mbam is good, but superantispyware did bupkiss for me.

But none of these, including Avast, will get rid of some of the nastier rootkit viruses all by themselves.

I know some other progs I can recommend but I'm at work--I can't remember their names, except one, Combofix. Although you're not supposed to run it without direction from an expert, I did so (I believe its default settings are set to do no harm), and I think it DID remove the main virus that had hit me; that is, even before I got directions from geekstogo.com, the redirect had stopped--just after I ran Combofix (I rebooted, too, so it wasn't a case of the virus being removed only to reinfect on reboot). After that, what I needed was help repairing the registry errors the virus had caused, and Mbam and Avast were then able to get rid of the trojans that the rootkit virus had caused to be downloaded.


If you run the anti-virus and malware  in "Safe Mode", they typically are able to get rid of almost every single virus. The ones that infect the master boot record are the nastiest and most difficult to remove. More than once I've had to nuke the entire hard drive and start all over.
Title: More Advice Needed & Recommendations
Post by: Godot showed up on July 30, 2010, 10:01:19 AM
If you run the anti-virus and malware  in "Safe Mode", they typically are able to get rid of almost every single virus. The ones that infect the master boot record are the nastiest and most difficult to remove. More than once I've had to nuke the entire hard drive and start all over.

I did try them in safe mode, yes; it didn't work. This was definitely a case of a really nasty Google redirect variant. I didn't want to reformat, and the guy at geekstogo (Ron) talked me through it so I didn't have to (and provided the scripts after I uplodaed various logs obtained through diagnostic programs).

The criminals who create these thing are unbelievable bastards.

By the way, I think I got this one from an email--I got cocky. It had been a long time since I'd been hit with a virus and I guess I thought I was safe. I clicked a link. The rest is malware history. I think it was an email that had some sort of faux ebay thing; I really can't remember why it made me curious enough to click a link in an obvious piece of spam. Although another possibility is that it got in through Adobe Acrobat 9.0 or Fox-it PDF reader (I need to do a lot of work at home on PDFs), becasue I'd left java enabled on those (I've since disabled java on both). There seem to be some bad exploits of java-enabled PDF readers. But the timing ws wrong for it to have been those; I think it was the email.

Sort of off-topic, I really recommend Fox-it as an alternate PDF manipulator. I often have to use the commenting functions of Acrobat to mark up PDFs (usually references), and it is INFURIATING when PDFs are locked so that you can't even highlight or use the various commenting tools (arrow, line, rectangle, etc). Fox-it doesn't unlock PDFs, but it doesn't matter--the locks don't block Fox-It's commenting functions, only Adobe's. and those are what I need (I'm NOT looking to alter the underlying PDF! I just want to highlight/comment).
Title: Re: More Advice Needed & Recommendations
Post by: Chris_ on July 30, 2010, 10:53:42 AM
The Hiren's boot disk I linked to in the Freeware thread has a rootkit and a few other antivirus programs that work really well.  Malwarebytes is one of the programs I use regularly for virus removal.
Title: Re: More Advice Needed & Recommendations
Post by: LC EFA on July 30, 2010, 06:09:28 PM
I use a combination of hijackthis and antispy.info. One is essentially a process viewer and the other looks at browser exploits among other things.

The trouble being that unless you know what is supposed to be there you can mess yourself up.

Once you get a nice clean install - run them and get a idea of what runs at that stage. Then when trouble crops up you can examine those logs and note things that additional.

Look especially for DLL's and EXE's loading that have clearly randomly generated names.
Title: Re: More Advice Needed & Recommendations
Post by: Chris_ on July 30, 2010, 06:10:52 PM
CCleaner does a pretty good job of scanning for and removing rogue DLLs and clearing up invalid registry entries.
Title: Re: More Advice Needed & Recommendations
Post by: Godot showed up on July 31, 2010, 09:45:18 AM
This gets rid of a fair amount of gunk:



http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/