My process for removing infections

Countryside · Jan 22, 2015

This is under the presumption that the PC can boot into Windows...or at least into safe mode.

I have a USB drive and I download the install files of the following onto it from a clean PC:
rkill
TDSSKiller
SuperAntiSpyware (free)
Malwarebytes (free)
Combofix
Either IObit Uninstaller or REVOuninstaller
AVAST (free)
Windows Repair (All in One)

The majority of these can be found for download on CNET or Bleepingcomputer.
The Windows Repair Tool is at tweaking.com.

If I can make it into Windows on the infected PC, I insert the USB drive. I then drag and drop the programs from the USB drive onto the desktop.
First I run rkill.
Rkill runs a scan and tries to stop (not remove) any malicious processes it may find.
Then I update and run TDSSKiller.
After it gets through, I install and run SuperAntiSpyware and Malwarebytes...full scans.
If there is any anti-virus program, I stop any active protection in order to run Combofix.
After Combofix, I install and run an uninstaller (IOBit, etc) program to find and completely remove junk and unwanted programs.
After this, I install and update AVAST free, and then I run a PRE-BOOT scan.
The final step I normally use is running the Windows All in One Repair Tool. It takes you step by step through a process (including check disk and system file check) and a final process that corrects and restores Windows settings.
Depending on the existing anti-virus on the machine, I may or may not uninstall AVAST.

acer54 · Jan 23, 2015

Format C:\ works every time in my experience, needless to say that a good back up strategy is also a must!

adamf · Jan 23, 2015

acer54 said:
Format C:\ works every time in my experience, needless a good back up strategy is also a must!

That is insufficient. Leaving aside hidden partitions, even physically replacing your drive with a new one may not be enough if your keys are compromised.

New vicious UEFI bootkit vuln found for Windows 8 â

World

edee · Jan 23, 2015

acer54 said:
Format C:\ works every time in my experience, needless a good back up strategy is also a must!

I'm right there with ya :thumbsup:

99.5% after cleaning an infection depending on what it is, the OS is just never the same again, best just to reformat / reinstall.

adamf · Jan 23, 2015

edee said:
acer54 said:

Format C:\ works every time in my experience, needless a good back up strategy is also a must!

Click to expand...

I'm right there with ya

99.5% after cleaning an infection depending on what it is, the OS is just never the same again, best just to reformat / reinstall.

Unless the infection isn't on your disk of course.

Countryside · Jan 23, 2015

The suggestions are fine if it is your own computer and if you have a restore partition and/or restore media and all your important files have been backed up.
I was mainly talking about how I do PCs that others bring me. The majority of them will not have backup, may not have a restore partition, and very few have restore media. Gotta work with what ya got.

Cliff S · Jan 23, 2015

Personally I never had an infection(half luck/half good security practice, safe surfing) but one should also look in firewall after to see if any ports are left open from sloppy uninstalled programs and any changes due to an infection. Go to Windows Firewall and click Restore Defaults:
View attachment 56930

acer54 · Jan 24, 2015

adamf said:
acer54 said:

Format C:\ works every time in my experience, needless a good back up strategy is also a must!

Click to expand...

That is insufficient. Leaving aside hidden partitions, even physically replacing your drive with a new one may not be enough if your keys are compromised.

New vicious UEFI bootkit vuln found for Windows 8 â

World

Always worked for me and computers I've sorted for friends or family.

acer54 · Jan 24, 2015

Countryside said:
The suggestions are fine if it is your own computer and if you have a restore partition and/or restore media and all your important files have been backed up.
I was mainly talking about how I do PCs that others bring me. The majority of them will not have backup, may not have a restore partition, and very few have restore media. Gotta work with what ya got.

I usually save photo's emails, documents etc to another drive and after checking them restore to the formatted drive, again potentially not a 100% cure but has always worked for me, you have to know the likely places where infections will be lurking.

Cliff S · Jan 24, 2015

adamf said:
edee said:

acer54 said:

Format C:\ works every time in my experience, needless a good back up strategy is also a must!

Click to expand...

I'm right there with ya

99.5% after cleaning an infection depending on what it is, the OS is just never the same again, best just to reformat / reinstall.

Click to expand...

Unless the infection isn't on your disk of course.

We get the point. there is also something that delivers malware over an air gap called BadBIOS. When we worry to much about such things we might as well put our PCs away and just use paper and pencils again(oh and an abacus too)

TairikuOkami · Jan 24, 2015

Countryside said:
After it gets through, I install and run SuperAntiSpyware and Malwarebytes...full scans.

That is the problem, if there is a tough malware, you will not be able to install or start it.
I prefer portable versions like Emsisoft Emergency Kit, Dr.Web CureIt! or Hitman Pro.

REVOuninstaller Free does not support 64-bit, try Wise Uninstaller.

adamf · Jan 24, 2015

acer54 said:
Always worked for me and computers I've sorted for friends or family.

I'm not saying it doesn't often work. So far defender plus malwarebytes and adwcleaner have worked for me. Only consider that you can't assume it if keys are stored elsewhere and even replacing your disk will not work.

Cliff S · Jan 24, 2015

adamf said:
acer54 said:

Always worked for me and computers I've sorted for friends or family.

Click to expand...

I'm not saying it doesn't often work. So far defender plus malwarebytes and adwcleaner have worked for me. Only consider that you can't assume it if keys are stored elsewhere and even replacing your disk will not work.

I have to agree... what if you have an ssd and the controller gets infected? I suspect what your trying to say (correct me if I'm wrong) is there is malware out there that can attack ANY electronic part of the computer today?

adamf · Jan 24, 2015

Cliff S said:
I suspect what your trying to say (correct me if I'm wrong) is there is malware out there that can attack ANY electronic part of the computer today?

No. I gave 2 specific links to where an EFI EPROM can theoretically be infected. The point being even if you remove your drive and put in a new one your problem still exists. I've no idea if power supplies, screens or keyboards have firmware that can be updated with similar malicious intent... Probably not if you want to be realistic but I've never researched it.

Borg 386 · Jan 24, 2015

Five utilities for securely erasing and formatting old hard drives.

Five hard disk cleaning and erasing tools - TechRepublic

My process for removing infections

New Member

My Computer

Member

My Computer

Banned

My Computer

Banned

My Computer

Banned

My Computer

New Member

My Computer

Missing my GIF avatars:(

My Computer

Member

My Computer

Member

My Computer

Missing my GIF avatars:(

My Computer

Be nice to all, please?!

My Computer

Banned

My Computer

Missing my GIF avatars:(

My Computer

Banned

My Computer

ADHD member

My Computer