Security software

**Admin** Uto Jul 05, 2011 3:45 am

How to Remove Malware from a Windows ?

At the Beginning
* try first with System Restore points before malware entered PC, if can't fix it
* disable System Restore , restart PC ( on boot press F8 )
Some malware infections block Internet access, disable the desktop, and prevent anti-malware software from running. This can usually be avoided by restarting your computer in Windows Safe Mode (accessed by pressing a specific key (usually F8) at system startup). In safe mode, most malware will not run, thus, giving anti-malware software a better chance to detect and remove the malware. To get internet access, choose the "Safe Mode with Networking" option. In this mode, you will be able to update your anti-malware software prior to running scans.

* Run in Safe Mode with Networking

Important: If the malware infection is so severe that you cannot boot into Windows or safe mode, then I recommend using an antivirus rescue CD. An antivirus rescue CD is a bootable CD that can be used to scan your computer for malware without having to boot into the operating system. Many antivirus companies provide free rescue CDs. They are extremely effective at removing malware.
• can't enter in Safe Mode run
• Sardu Bootable DVD [/b](scann with multiple Antivirus )
• Avira AntiVir Rescue System
• Ultimate Boot CD
• Windows XP SP2 Pro
* before that in BIOS first boot devices must be CD-ROM , second Hard disk

Didier Stevens released a .REG file that can be used to restore Safe Mode. See Restoring Safe Mode with a .REG file if you can windows start,Or with SuperAntiSpyware repair broken safe bot key .

Step 1. Temporary File Clean up
Before you scan your computer for malware, you need to remove your temporary files. Removing your temporary files will greatly reduce your scan times, and occasionally will fix some malware problems.
* first clean temp files with, CCleaner , Hijack This Do not run Hijack This from the desktop, a temp folder, or a sub-folder of C:\documents and settings. If you aren't sure about which items to remove you can analyze your own using the automated tool offered by HiJackThis.de Security

Step 2: Automatic Preliminary Rootkit Scan

You need to scan your computer for possible rootkits before running other anti-malware software.
* TDSSKiller is a free tool from Kaspersky. It is specially designed to remove a family of rootkits (known as TDSS, Tidserv, TDL3, and Alureon) that downloads and execute other malware, delivers advertisements to your computer, and block programs from running. TDSSKiller is simple to use and requires no installation.Also use antirootkit tool Gmer .
Important:If cant run because maware block executing ,rename gmer to gmrtk.exeTo run GMER, follow these instructions:
Once downloaded, double click the file. GMER does a quick scan to detect any rootkit activity. If it gives you a warning about rootkit activity and asks if you want to run scan, click NO.In the right panel, you will see several boxes that have been checked. Uncheck the following:
• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All

Step 3 : Reveale running Active Malware and Delete

Use a Process monitoring program to examine all the running programs
* KillSwitch - online scan memory process and terminate them
* type msconfig - to disable malware startup services Review the list of auto-started Services and disable the ones you don't recognize. Pay special attention to services that have no description
* install Emsisoft Hijack Free - check auto-started programs,Scheduled autoruns, shell extension ,LSP Protocols,Host,Active X, everything suspicious delete or disable. In the "hosts" file if it has any entries other than 127.0.0.1, comment them out-Look for BHOs and disable anything you don't recognize.
Important: For manual Malware delete in folder options enable Show Hidden Files and Folder
Disable Any Disk Emulation Software (like Daemon Tools )

Step 4: Check My Network Places Lan Settings etc.

Internet Connection Blocked
Malware will often turn on a proxy setting which can prevent you from accessing the Internet. Fixing it is easy:From your Control Panel open up the Internet Options. Go to the Connections tab and choose LAN Settings. Uncheck the first proxy server setting and click ok. You can also simply use SuperAntiSpyware’s Repair function to repair the Internet connection. Additionally, it can repair or recover other system settings, such as Control Panel, System Restore, Safe Mode, Registry, Desktops, System Tray, Task Manager, folder options, and web browser settings. You will find the repair feature under the “Repairs” tab. SuperAntiSpyware
* if network is corrupt run WinSock XP Fix 1.2 or LSP-Fix,or with SuperAntiSpyware - repair broken Network Connections (win SockLsp chain),manually check and fix Connections in Control Panel Internet Options  Internet properties  LAN Settings especially FTP sites referenced by IP address,Proxy Settings , Search and Home page .

Step 5: Scan for Malware (On-demand Scans)

There are many tools that will scan for and remove various malware infections. Unfortunately, none of them will detect and remove 100% of all malware. Therefore, it is important to use more than one in the hope that their combined detection is enough to find the problem.
Below are highly recommended on-demand scanners. They do an excellent job at detecting threats and completely removing them.
* install next antimalware and update:
1-Dr.Web's CureIt, Malwarebytes' Anti-Malware, SuperAntiSpyware, Hitman Pro, Norton Power Eraser
2-Kaspersky Virus Removal Tool,Emsisoft Emergency Kit, Eset (NOD32) Online Scanner , COMODO Cleaning Essentials
Important: Rename the downloaded mbam-setup.exe file to mbm.exe and sas.exe to help work around certain malware that will block it from being run
* When finished removal uninstall antimalware softwer except MBAM and SAS install
Comodo Internet Security and Antivir AntiVir , enable real time
Or update existing Antivirus and Scan with it.

Step 6: Repair System Performance with:

Auslogics Registry Cleaner ,Auslogics Disk Defrag ,Advanced System Care
Important: when finished enable System Restore
• Update windows (Auto) ,Drivers (DriverMax)
• Create Restricted User Accounts (UAC)
• Turn on Dep and SEHOP (Windows 7)

___________________________________________________________________
Cool

**Admin** Uto Jul 05, 2011 4:31 am

Windows Security List

study

Rescue CD
Windows Repair CD
Sardu Bootable DVD
Avira Rescue CD
Kaspersky Rescue CD
DRWeb Rescue CD
Ultimate Boot DVD
Acronis Bootable Media

Antivirus Free
Avira AntiVir Personal
Avast Antivirus Free
Microsoft Security Essentials
AVG Antivirus Free

Antivirus Pro
Kaspersky Antivirs
Eset Nod
Bitfefender Antivirus

Companion/Cloud Antivirus
Panda cloud
Webroot SecureAnywhere
Kingsoft Cloud

Antimalware
MalwareBytesAntiMalware
SuperAntiSpyware

AntiExe
Appguard
NVT Exe Radar Pro

Internet Security
Comodo Internet Security
Outpost Security Suite

Firewall
Privatefirewall

System Cleaner
CCleaner +CCEnhancer
WISE Cleaner
Hijack This
Emsisoft Hijack Free

AntiMalware removal tools
Emsisoft Emergency Kit
Comodo CE (killswitch)
Kaspersky removal tool
DrWeb CureIt
Norton Power Eraser
Kaspersky TDSS Killer
Hitman Pro
Prevx CSI
ComboFix
FSecureEC
TDMicroHoseCall
AVZ Toolkit
NVT Portable
WINMHR

Antirootkit
Gmer,Gmer Catchme,Gmer MBR Remover
VBA Antirootkit
AvastMBR
Bitdefender AntiBootkit
Trend Micro Rootkit Booster
Root Repeal

System Utilities
TuneUpUtilities
Glary Utilities
Advanced System Care

Registry Utilities
WinASO Registry Optimizer
VIT RegistryFix Portable

Disk Defragmenter
Auslogics Disk Defrag
PerfectDisk Pro

AntiKeylogger
SpyShelter
ZemanaAntiLogger

HIPS
Win Patrol (HIPS)
MalwareDefender

Process Monitor
ProcessHacker
KillSwitch

System Repair tool
ESET SysInspector
BlueSreen View
AppCrash View
WinSock Fix or LSP Fix
WindowsUpdate Fix
MbrFix
Sheduler Fix
Secunia
File Hippo update checker

Immunizer
Spyware Blaster
Panda USB Vaccine
MVPSHOST

Virtual Box
Shadow Defender
Sandboxie
VirtualBox

USB Protection
MCSHIELD

Firefox run in sandbox with addons
AdBlockPlus
NoScript
Ghostery
Better Privacy
NoReferrer
Key Scrambler
Wot
Anonymouse.org
Better Search
Search Preview
HttpsEveryWhere
HttpsFinder
StartPage Search Engine private
Norton or Comodo DNS
BitdefenderTraficLight

Driver Update
DriverGenius Pro
DriverMagician

System Update Monitor
SecuniaPSI
cheers