A Real Virus/Spyware/Rootkit Removal Guide

[maynoth]

Prevent Viruses/Spyware/Rootkits

Linux for the end user is (to the best of my knowledge) virus proof (at the moment), assuming you download software only from trusted/official repositories, keep your system updated and that you don't run any web services like apache, then your odds of being infected with a virus are almost zero.

I highly recommend you use and try linux mint as your main operating system, it is better looking, faster and more secure than windows and does almost everything it does with the exception of most newer video games. Also it's free and easy to use and install.

http://www.linuxmint.com






Step 1.

Boot into safe mode(press f8 during startup), choose to run system restore(read the dialog carefully), and restore it to the earliest system restore point. I would say in my experience that more than half of the time I can get a computer back to a semi usable state via just a safe mode system restore. Delete all system restore points (turn off system restore, then turn it back on) then create a new one when finished with this guide.


Step 2.

Avira rescue system boots to linux from CD or USB flash drive, and can see rootkits and malware that hide themselves from an infected windows installation.

Burn the newest Avira Rescue System CD (note avira scores the #2 in detection rates for many years http://www.av-comparatives.org/)

http://www.avira.com/en/support-down...-rescue-system

Follow this tutorial but don't forget to check "rename files if they cannot be removed" http://www.liberiangeek.net/2010/03/...epair-windows/

Scan the computer and reboot to windows


Step 3.

Download and run TDDS Killer http://support.kaspersky.com/viruses...?qid=208280684

This program is great for removing rootkits that Avira might not catch


Step 4.

Download and run Combofix (Combofix is the most effective, and most powerful spyware/malware/rootkit removal tool I am aware of)

Guide: http://www.bleepingcomputer.com/comb...o-use-combofix

http://www.bleepingcomputer.com/down...virus/combofix

Warning: Some pansies freak out whenever you recommend combofix, if you reset or turn off your computer during it's operation it can render your computer unbootable. I have run it on hundreds of machines NEVER had any problems whatsoever. But to stop the whining pansies who freak out whenever you mention combofix, please make sure your important data is backed up before running it.


Step 5.

Download Malware Bytes:

http://download.cnet.com/Malwarebyte...-10804572.html

Update and scan the entire computer.


Step 6.

Download Super Anti Spyware

http://download.cnet.com/SuperAntiSp...-10523889.html

Update and scan the entire computer.


Step 7.

I recommend installing Avira AntiVir Personal Free http://download.cnet.com/Avira-AntiV...-10322935.html

Avira for the past several years has scored #2 on http://www.av-comparatives.org/, and it is the most effective free antivirus available.


Step 8.

Protect yourself online with Firefox: http://www.getfirefox.com

WOT Safe browsing addon: https://addons.mozilla.org/en-US/firefox/addon/3456/

Adblock Plus: http://adblockplus.org/en/installation

NoScript addon: http://noscript.net/

Download programs only from trusted sites like http://www.ninite.com or http://www.download.com


Misc:

If a virus has changed your firefox proxy settings see this guide:

http://www.ehow.com/how_5828352_rese...fox-proxy.html





Hitman Pro offers a good second opinion if you are still having problems after all that:

http://www.surfright.nl/en/products/

It has a free fully functional trial.

[RACKnRAIL]

Nice guide. One thing about combofix is it's only 32 bit compatible. Great tool otherwise.

[maynoth]

I believe it's since been updated to run on vista/7 64 bit.


"At this time ComboFix can only run on the following Windows versions:

Windows XP (32-bit only)
Windows 2000 (32-bit only)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)
"

[RACKnRAIL]

My mistake. They did what they said they'd never do, make it 64 bit compatible. That is good news tho, as it is an awesome tool...even better now.

bleepingcomputer
Posted 26 March 2010 - 04:43 AM

It is very unlikely that there will be a 64-bit version of CF since that OS is more secure than a 32-bit system. Due to the architecture in 64-bit Windows and the fact that 64-bit drivers need to be digitally signed, rootkits are not seen as often in 64-bit machines so they are less prone to that type of infection.