This is an old revision of the document!
Table of Contents
<html> <style> h1 { color: #900;
/* font-size: 114%; */ font-weight: bold; margin-top: 6px; padding-bottom: 8px; text-transform: uppercase; display: block; font-size: 2em; margin-top: 0.67em; margin-bottom: 0.67em; margin-left: 0; margin-right: 0; font-weight: bold; }
h2 { border-bottom: 1px solid #d7d7d7;
color: #1b1b1b; color: #900; font-weight: bold; margin-bottom: 5px; margin-top: 4px; padding: 3px 0; display: block; font-size: 1.7em; margin-top: 0.79em; margin-bottom: 0.79em; margin-left: 0; margin-right: 0; font-weight: bold; }
h3 { font-weight: bold;
color: #900; font-size: 92%; line-height: 1.5em; display: block; font-size: 1.45em; margin-top: 0.92em; margin-bottom: 0.92em; margin-left: 0; margin-right: 0; font-weight: bold; }
h4 { color: #38505e;
/* font-size: 144%; */ font-weight: bold; color: #900; margin: 8px; display: block; font-size: 1.25em; margin-top: 1.07em; margin-bottom: 1.07em; margin-left: 0; margin-right: 0; font-weight: bold; }
h5 {
color: #900; display: block; font-size: 1.1em; margin-top: 1.22em; margin-bottom: 1.22em; margin-left: 0; margin-right: 0; font-weight: bold;
}
h6 {
color: #900; display: block; font-size: 1.0em; margin-top: 1.34em; margin-bottom: 1.34em; margin-left: 0; margin-right: 0; font-weight: bold;
}
</style> </html>
steps-to-take-when-you-discover-malware
Anti Malware Toolkit
From: http://ejaz.me/a.html
Removal Programs
Make sure that you update each program to get the latest version of their databases before doing a scan.
Malwarebytes' Anti-Malware:
From: http://www.malwarebytes.org/mbam.php
STEP 02 from: https://forums.malwarebytes.org/index.php?/topic/150253-keep-getting-malicious-website-blocked-message/ Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x When reinstalling the program please try the latest version. Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware. Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
RKill link
From: http://www.bleepingcomputer.com/download/rkill/
From: http://www.bleepingcomputer.com/forums/topic308364.html
AdwCleaner
You can also do a check for a rootkit infection with TDSSKiller.
JunkWare link
ESET Online Scanner
From: http://www.eset.com/us/online-scanner-popup/ From: “Checklist by Eset” http://kb.eset.com/esetkb/index?page=content&id=SOLN2921
Kasperky Free Security Scan:
From: http://www.kaspersky.com/security-scan
as I remember this will only identify not clean
Online Scanners
From: “Checklist vy Avast” http://forum.avast.com/index.php?topic=53253.0
From: http://www.kaspersky.com/virus-scanner
From: Getting into Computer Safe Mode
From: Virus Bulletin's
SuperAntispyware:
Microsoft Safety Scanner:
Windows Defender: Home Page:
Spybot Search & Destroy:
HitManpro
ComboFix
See also:
From: “Spyware on Windows”: http://kb.mozillazine.org/Popups_not_blocked
From: “MalwareTips” http://malwaretips.com/blogs/mapsgalaxy-toolbar-removal/
From: “MalwareTips” http://malwaretips.com/blogs/pup-optional-mindspark-removal/#malwarebytes
ShouldIRemoveit
From: http://www.shouldiremoveit.com/index.aspx
Should I Remove It? is a very simple but extremely powerful Windows application that helps users, both technical and non technical, decide what programs they should remove from their PC. This typically includes finding and removing all sorts of crapware and bloatware such as adware, spyware, toolbars, bundled unwanted applications as well as many forms of malware. The program is very lightweight and extremely fast. Should I Remove It? simply scans your computer for all its' installed programs and then ranks what should be removed by leveraging the wisdom of the crowd (and of course our technical experts) to determine what should not be installed.
toolbarcleaner not a recommeded piece of software
From: http://toolbarcleaner.com/?src=4792&gclid=CJ_pnaiO0rwCFcXm7AodNBMACg
Toolbar Cleaner removes more than 1,000,000 unwanted toolbars, apps, add-ons, and plug-ins per month including Ask, Alot, Babylon, Bing and MSN Toolbars.
Malware-Removal/Uninstall Malware "Antivirus-2009"
Removal of Search conduit
Installed as “Search Protect”
From: http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
AdwCleaner cleaned it
Rootkit Scanners
http://www.bleepingcomputer.com/download/tdsskiller/
http://www.bleepingcomputer.com/download/aswmbr/
http://www.mcafee.com/us/downloads/free-tools/rootkitremover.aspx
Malwarebytes
Other Info
McAfee Free Tools
http://www.mcafee.com/us/downloads/free-tools/
RootKiller: http://www.mcafee.com/us/downloads/free-tools/how-to-use-rootkitremover.aspx
Look For
Characteristics: In the local users %Username% root, a file called 'Google.exe' and 'Runme.exe' will be present, along with another EXE file with a random name
Remove Mac Shield
http://www.bleepingcomputer.com/virus-removal/remove-mac-shield (http://download.bleepingcomputer.com/mac-rogue-remover-tool/mac-rogue-remover.zip)
Mac AntiVirus
http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
http://www.apple.com/downloads/macosx/networking_security/avastantivirusmacedition.html
"Uninstall iAntiVirus.app" in Applications -> iAntiVirus. To remove user specific preferences simply delete "com.pctools.iAntiVirus.plist" from ~/Library/Preferences.
myantispyware.com free-programs
Microsoft Security Bulletin MS08-067
avg removal
Administrator and User Passwords in Windows XP
http://www.kellys-korner-xp.com/win_xp_passwords.htm
net user <user_name> <new_password>.
Information about vulnerabilities associated with the settings of installed applications and the operating system.
"Task Manager substitution" "Autorun from hard drives is allowed" "Autorun from network drives is enabled" "CD/DVD autorun is enabled" "Removable media autorun is enabled" "Microsoft Internet Explorer - disable caching data received via protected channel" "Microsoft Internet Explorer: disable sending error reports" "Microsoft Internet Explorer: clear the list of trusted domains" "Microsoft Internet Explorer: clear list of pop-up blocker exceptions" "Microsoft Internet Explorer: enable cache autocleanup on browser closing" "Microsoft Internet Explorer: start page reset"