It has been a while since I put out a “technology” article and figure it is way past time to. I have been working on a couple reviews on the Galaxy S-5 phone, the Samsung SM-W750v (Windows phone), on a Jabra headset/Bluetooth, and my Lenovo IdeaPad Yoga. But as for the tech tips and how to’s I just have no excuse for not writing on them.
In this article I want to go over how I cleanup malware, spyware, crapware, worms, viruses, Trojans, rootkits and other infections. Partly because I have had a wave of them come in (customers get infected) and because you probably go new devices for Christmas and or got bored over the Holiday’s and surfed around and got infected.
The vast majority of the time, technology devices do not get an infection but rather multiple infections. Think of it this way, one bad guy gets into your house, he goes and unlocks the bathroom window and back door and maybe a bedroom window to allow other bad guys to get in.
The days of you purposefully getting infected are long gone, sure there are millions of web sites you should not visit because they are infected and will affect your computer, the same with software gotten over the internet, not just pirated programs and music but many programs acting like they are “tune up” or “cleaners”. You can also get infected by just being on the internet, what was called “drive by downloads” are now literally living on the World Wide Web. The only way to kill them is to turn off, unplug, and remove the batteries of every network device on the planet. Not going to happen.
What I am saying is that unlike STD’s, internet infections are almost unavoidable. Whoa! Did I really just use that terminology? Yup, keep them pants on folks.
Before I get into removal, let’s go over the basics of prevention. Keep your software firewall on, with Windows it is built in. Have a current, up to date, properly configured anti-virus, anti-malware, and PUP program (I don’t know of any one program that does it all so you need multiple). PUP stands for Potentially Unwanted Program – what I call Crapware or Scumware. Have a good router between your devices and your modem. Keep all the programs you use up to date, they patch them for a reason.
My preferences? The Anti-virus should be ESET or Kaspersky, you also want the PAY FOR VERSIONS of Malwarebytes and Super anti-spyware and a SonicWall with up to date subscriptions on the security software. http://theweeklygeek.com/2012/03/01/securing-your-computers/
Now that I got that out of my system, again, let’s go over how to clean up. In 2011 here is what I presented you with: http://theweeklygeek.com/2011/12/03/rootkit-and-malware-cleanup/ Things are a little different at this time.
I run each of these programs / tools one at a time. This is why it takes me a full week to get your computer back to you. Also, this does not reset passwords or permissions that are lost or messed up by the infection, that is in addition to what is done below. In each of these I go and set the scans as high/thorough as possible, I do not accept the defaults.
o If system will boot, remove/delete internet and overall temp files for all browsers and “temp”
o Kaspersky bootable CD: http://support.kaspersky.com/viruses/rescuedisk
o Bit Defender bootable CD: http://www.bitdefender.com/support/How-to-create-a-BitDefender-Rescue-CD-627.html
o Anti-Vir bootable CD: https://www.avira.com/en/download/product/avira-rescue-system
o In Safe Mode:
o TDSS Killer: http://usa.kaspersky.com/downloads/tdsskiller
o Combo Fix (not on Win 8.1): http://www.bleepingcomputer.com/combofix/how-to-use-combofix
o AV Thorough Scan using the one they have
o Malwarebytes: http://www.malwarebytes.org/
o Malwarebytes Anti-rootkit: http://www.malwarebytes.org/antirootkit/
o Adw Cleaner: http://www.bleepingcomputer.com/download/adwcleaner/
o Super anti-spyware: http://www.superantispyware.com/
o Sophos virus removal tool: http://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx?F
o McAfee Anti-Rootkit: http://www.mcafee.com/us/downloads/free-tools/rootkitremover.aspx
o In regular boot mode
o TDSS Killer
o Combo Fix (not on Win 8.1)
o AV Thorough Scan
o Malwarebytes anti-rootkit
o Adw Cleaner
o Super anti-spyware
o Spyware Blaster
o McAfee anti-rootkit
o Sophos virus removal tool
o Clean Programs (Add/Remove) as needed
o Run “Chkdsk /f/r” on each drive from the command prompt
o Run “sfc /scannow” from the command prompt
o Check “Task Scheduler” and MSConfig and Regedit for items hiding
o Disk Cleanup
Here is a link to a PDF checklist you can print to follow and keep up with where you are at.
Until we meet again, have a virus free week.