Hard Light Productions Forums

Off-Topic Discussion => General Discussion => Topic started by: jr2 on February 22, 2010, 12:43:46 pm

Title: Virus Removal try these if you're stuck
Post by: jr2 on February 22, 2010, 12:43:46 pm

Just in case it helps anyone (copied from my previous post):

A good few programs to use:

First, if you can't load anything (all programs besides IE being blocked as "infected"):
-boot to safe mode (tap F8 as soon as the computer powers on until you get a menu)

Use SAS Portable (it will be named .com or you can try .scr so it's not an "executable")

SUPERAnti-Spyware portable (http://www.superantispyware.com/portablescanner.html)

Then, use these:

MalwareByte's Anti-Malware (http://www.malwarebytes.org/mbam.php)
Spybot Search & Destroy (http://www.safer-networking.org/)

These programs below you have to be careful with as they can detect stuff that isn't viruses, (they detect rootkits that the others can't see while the rootkit is still active in the system, like a rootkit I found infecting the atapi.sys file that was re-directing search results) you have to use your head if it's a virus or not:

GMER (http://www.gmer.net/)
IceSword (http://www.antirootkit.com/software/IceSword.htm)
DarkSpy (http://www.antirootkit.com/software/DarkSpy.htm)
 -- (mirror (http://www.softpedia.com/get/Antivirus/DarkSpy-Anti-Rootkit.shtml) as v1.0.5 link is broken)

After it's cleaned up, I use AVG Free Edition (http://free.avg.com) as my active protection, with periodic scans from MBAM & Spybot S&D

Title: Re: Virus Removal try these if you're stuck
Post by: Nuke on February 22, 2010, 01:19:11 pm

i normally just format if i get a virus that does anything majorly inconvenient. finding a virus in files usually means it hasn't been activated yet and is fairly easy to remove. but if one takes hold, i just reinstall everything. there are very few real viruses anyway.

Title: Re: Virus Removal try these if you're stuck
Post by: jr2 on February 22, 2010, 01:24:59 pm

Yeah.. that can however be a pain if you've customized your settings and installed quite a few apps you use all the time after install and haven't imaged it.  ;)

Nuke & pave (no pun intended, Nuke) is the easiest and most sure malware removal route, true.

Title: Re: Virus Removal try these if you're stuck
Post by: Nuke on February 22, 2010, 02:04:52 pm

im a minimalist, so i tend to use as little software as possible.

Title: Re: Virus Removal try these if you're stuck
Post by: JGZinv on February 22, 2010, 02:55:32 pm

Eset's online scanner I've found to find quite a bit more than installed scanners
due to the nature of bugs to hide during searches lately.

Title: Re: Virus Removal try these if you're stuck
Post by: jr2 on February 22, 2010, 03:04:45 pm

Yeah they do that... somehow they set up a filter where the virus scanner requests the file for scanning and the virus gives it a clean version that passes detection.  That atapi.sys passed quite a few online scans + MBAM & SpybotSD, but GMER noted a "suspicious modification of atapi.sys" somehow (I guess it bypasses normal means of scanning the file.)  I renamed atapi.sys to atapi.bak in the recovery console, replaced with clean versions (one for system32\drivers\ and one for \system32\dllcache) and when re-booted, the virus scanners and anti-malware pretty much all picked up the atapi.bak as an infected file.