Slashdot Mirror

I cron this every day, have fun!

fog@fog:/usr/local/bin$ cat getantivirus.sh
wget -N -i /antivirus/filestoget.txt -P /antivirus

fog@fog:/antivirus$ cat filestoget.txt
http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE
http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.spybotupdates.com/files/spybotsd162.exe
http://www.spybotupdates.biz/updates/files/spybotsd_includes.exe
http://download.avgfree.com/filedir/inst/avg_free_stf_en_85_420a1708.exe
http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe
http://dlce.antivir.com/package/wks_avira/win32/en/pecl/avira_antivir_personal_en.exe
http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip
http://mbam.malwarebytes.org/database/mbam-rules.exe
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
http://files.avast.com/iavs4pro/vpsupd.exe
http://files.avast.com/iavs4pro/setupeng.exe

I cron this every day, have fun!

fog@fog:/usr/local/bin$ cat getantivirus.sh
wget -N -i /antivirus/filestoget.txt -P /antivirus

fog@fog:/antivirus$ cat filestoget.txt
http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE
http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.spybotupdates.com/files/spybotsd162.exe
http://www.spybotupdates.biz/updates/files/spybotsd_includes.exe
http://download.avgfree.com/filedir/inst/avg_free_stf_en_85_420a1708.exe
http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe
http://dlce.antivir.com/package/wks_avira/win32/en/pecl/avira_antivir_personal_en.exe
http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip
http://mbam.malwarebytes.org/database/mbam-rules.exe
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
http://files.avast.com/iavs4pro/vpsupd.exe
http://files.avast.com/iavs4pro/setupeng.exe

...I pretty much stick with Malwarebytes, CCleaner, SpywareBlaster, and MSE.

Actually, I got this tip off another /. post...researched each (non-MS) application, determined for myself that they were legit, and have not looked back. In fact, I just spent a few minutes last night eradicating the trojan "Microsoft" Antivirus 2010 on a friend's computer using the Malwarebytes app on a USB. Worked like a charm.

But don't take my word for it...do your own evaluation. I think you'll like what you find.

Use Avira AntiVir Rescue System to get the system into a state where it can boot into Safe Mode, then finish off with MBAM and possibly SmitFraudFix.

      --- Mr. DOS

SuperAntiSpyware and Malwarebytes' Anti-Malware (thanks to the folks in http://www.dslreports.com/forum/security,1 for suggesting these) also don't hog your system like Windows' services. Run, scan, and clean on-demand. :)

Don't forget Windows Malicious Software Removal Tool (W2K SP4 has it too) with mrt.exe command.

Hopefully you are licensing it properly http://www.malwarebytes.org/corporate.php because the free license does not seem to cover using it in the way you are describing.

"1. Not to use this software for commercial use without proper licensing."

You should consider donating to the combofix developers as well if it's benefiting your company so much.

I see MalwareBytes recommended a bunch, but it *isn't* free. Personal use according to the page from Google:
http://www.malwarebytes.org/mbam.php
is $24.95
and use in an organization like a school would be some undetermined price - they ask you to contact them for info / sales.

Unless I'm missing something, you couldn't use that in an IT department, or even a helpdesk run by the school without a license.

Let me add to your list of cleaning tools. http://www.malwarebytes.org/
And please! For the love of Linux, remove Symantec products from your list.

Format and reinstall, if is the only way to be sure.

I've found that free anti-virus, like Avira and Avast, pretty good

I can second this whole-heartedly. I work in a computer shop, and I can personally testify that these two products catch more infections than anything Symantec, McAffee, or Trend Micro EVER came out with. I still recommend Malwarebytes Antimalware as a supplementary spyware scanner, but Avast and Avira are definitely my favorite for main protection.

As you've found out, not every AV picks up every *known* piece of malware, and none of them will pick up new malware that has only just been developed

i consider avast only for protection from viruses, and recommend MalwareBytes for protection from malware.

i've found that considering malware, spyware and viruses 3 different animals, and using different software to attack each type is the best defense solution. i recommend SuperAntiSpyware as well.

I had to help someone clean up a popup problem and Malwarebytes Anti-Malware (which is free) eliminated not only the adware but also identified and removed a trojan that an up-to-date Symantec Anti-Virus didn't even find. I was really surprised.

At least they had him use a decent anti-malware program. I generally find symantec products to be more of a virus than most viruses, that crap is hard to get rid of once it's installed and doesn't detect much of anything.

I work at a university dorm as a network technician (UWM, incase you're wondering!), and fix ten to twenty computers a week infected with malware, often exactly this strain of rogue AV software.

The utility called ComboFix almost always cleans these infections up with no hassle. If that fails, or if examination of the logfile indicates that it didn't quite get everything, MalwareBytes Anti-Malware should take care of the rest, and if anything gets past BOTH of those you can take note of the infected file names that couldn't be removed and delete them from Knoppix or a BART LiveCD.

I only reinstall Windows as a last resort, or if ComboFix detects an unremovable rootkit (this can be found in the logfile.)

First: Get this. If you got a rootkit, this should find it. unless it's something zero day. If it finds stuff, then reboot back into windows and run something like Malwarebytes Anti Malware or Spybot Search and Destroy for a few days (a week or two with Spybot. They only update on Wednesdays) to get it completely cleaned out. Windows Defender also works good here and adds realtime scannning to the mix.

Second: Like someone above posted, Check for Drives Running PIO in Device Manager. If you find any, run the resetDMA Script someone above posted. ALso Check your BIOS for changed settings. Dying CMOS batteries can cause a lot of havok with DMA settings depening on the BIOS defaults.

Third: Test Hardware. Contrary to Popular belief here, Windows NT Kernel Failures, *Especially Blue Screens* Are usually caused by either a Hardware failure or a Driver failure. If it's been running great and then BAM, check hardware first. The Ultimate Boot CD has all the tests you need. Test for RAM errors and test your Hard drive using the Drive Specific diagnostic program.

Forth: if all else fails after this, backtrack. If you installed something recently, and the machine started acting weird afterwards. uninstall it and see what happens. System restore (if it actually works) also comes in handy.

Finally, a Tip. Stay The Hell away from "optimizing" software. Just about every Registry optimizer I've ever seen screws up more then it's worth. Speed boosters tend to slow things down in the long run or lock windows, and any disk optimizer basically does nothing different than defrag C:. Even Microsoft's Registry and cleaning offerings on their onecare site has screwed me over in some cases, and if they can't optimize their own OS... Just say no to them.

1) Download Malwarebytes' Anti-Malware, and run it. It was the only thing that found a virus on my computer recently, out of six packages (including two commercial ones).
2) Download HijackThis, if that doesn't work. Be careful with this package, though! You can do some serious damage to your computer by blindly following its advice. Read the forums.
3) How full is your hard drive? If the C: drive is full enough, fragmentation can dramatically mess up performance in a very short time. Clean and defrag. I personally find it worthwhile to use SmartDefrag, a much more powerful defragger than the one that's built into Windows.
4) Read your logs. Yes, Windows actually logs stuff! Go to "Control Panel-->Administrative Tools-->Computer Management" and then dig through "System Tools-->Event Viewer" TONS of useful information about what's not healthy on your system, including complete boot logs.

Good luck.

Modding but....

http://blogs.technet.com/mmpc/

Also, if you have the latest MS updates, try Start/Run/MRT.exe which is an MS product that scans for malware/rogue/rootkit software.
Looks like MS is taking things a lot more seriously.
Free 3rd party products for this sort of stuff are available: Try http://www.malwarebytes.org/rogueremover.php for your kit.

At the computer store where I work, in Ponce, Puerto Rico, we see computers infected with these rogue applications, I have succefsully easily removed these infections using Malwarebytes' Anti-Malware. Try it.

I see this kind of stuff about 3-4 times a month between clients and friends. Malwarebytes Anti-Malware is the only program I've seen that removes it easily, and within 5 minutes, to boot. Happy cleaning! http://malwarebytes.org/

lol This will fix it:
http://www.malwarebytes.org/rogueremover.php

AntiMalware Malwarebytes has Rogue Remover which I highly recommend. Save hrs of work.
Some rogues need to be removed manually though. Just keep it updated and it will be fine.
http://www.malwarebytes.org/rogueremover.php