It shouldn't happen to an IT consultant
Spend your time doing business, not IT.
Tuesday 2 December 2008, 4:12 AM
Zero cost recovery – part 2: Removing malware
F-Secure, Panda Security and Trend Micro offer free web based scanners, the latter two can be bit temperamental but are worth persevering with. The former two demand ActiveX on IE.
Trend’s HijackThis is a tool every tech in the know battles malware with. It lists and enables removal of registry entries and locations commonly used by malware (and legitimate programs too). Analysing the results is greatly simplified with Network Techs and Hijackthis.de Secuirity’s web based log file analysers. Beware, don’t delete entries you don’t understand. Un-backed-up mistakes can mame or kill Windows.
As mentioned in Part 1, I like Ez-PC-Fix conveniently located on The Ultimate Boot CD (UBCD) for Windows. Another very effective non-specific malware tool.
Trials
Next time you’ll need to pay, but first time around a full feature trial anti-malware may fix it for free.
Sunbelt offer a 15 fully working trial of CounterSpy, one the commercial products I go after malaware with alongside PC Tools’ Spyware Doctor, no fully functioning free trial though.
As I’ve said before Kaspersky Anti-Virus is my AV of choice. Its ability to build a bootable CD enables malware removal before it can start up along with Windows and fight back. Like most other AV manufactures they offer a full trial version.
To root out rootkits (I am so so sorry) The trial version of F-Secure’s Blacklight rootkit detection and elimination tool is worth grabbing.
Risking some yawning from the back I’ll state what most round here already know; anti- virus and anti-spyware’s real-time components (that nit monitors every file and network access) often clash with each other. Run only one at a time.
Repairing Networking
Once the malware is zapped you may find Windows’ Networking is broken, often the solution is LSP Fix. It enables selective Removal of Layered Service Providers (LSPs), a mechanism some malware uses to intercept network traffic.
WinSock XP Fix is another invaluable tool that resets most IP Settings. Often my first double-click when a machine’s networking doesn’t any more.
Malware removal can, from time to time, leave machines in a worse state. If so you’re unusually unlucky, but you did do a full backup the before you started didn’t you? Of course you did.
PreviousComments on this post
Super! I'm a user of hijack this, Winsock, Blaclight. If you want a free stripped down version of spywaredoctor forever, then go to the google download toolbar page, untick everything except spware doctor and it's yours!
Firefox has a good "malware search" add on for use with hijack this and appears in the right click context menu of any thing that is flaged up for investigation.
After a good session with highjack this I think it's immportant to open a command line and type:
sfc /scannow
This will make sure windows has all its critical files intact before going for a reboot of the system.
Sysinternals rootkit revealer is a very good tool, although it won't remove anything for you, it will highlight the location of anything out of place.
