Monday, October 31, 2011

How to kill Malware (Viruses and the like)

Short Answer: Use the free tool Autoruns to stop malware running at startup, then scan and remove with AVG etc.
Slightly longer one: Having had many people request my services to rid their computers of all kinds of malware – viruses, worms, spyware etc – I have developed a simple toolkit and method for removing them, for systems that you can actually boot up, at least.
The weakness of malware is that they are not very dangerous if they are simply on your system somewhere, they obviously have to be executed. This is most likely to initially be the user themselves, but after that, there are many areas in the registry which control what programs, services and .dll files are to be loaded at the start-up of the system.
My most invaluable (what a very strange word, by the way – like extraordinary) tool when combating malware is Autoruns. Autoruns is written by some guys at SysInternals. It is a tool for listing, deleting and disabling all items that run when Windows starts up. This includes executables, shortcuts, Browser Helper Object .dlls, drivers etc.
Scroll through the Autoruns list and look for items which are not digitally signed at all (the publisher column is blank), and for ones with suspicious names like random numbers and letters. If you find one with no publisher which you are not sure about, just type its process name into google and see what you find. You can simply uncheck items you don’t want, and if this breaks your computer you can always return to Autoruns in safe mode and re-check them again.
It would be smart to double check tsnp2std.exe is legitimate, as it does have a digitally signed publisher
It would be smart to double check tsnp2std.exe is legitimate, as it does have a digitally signed publisher
I was tasked with removing viruses from my friends computer recently. There was some particularly annoying malware present that I couldn’t find inAutoruns, and AVG Free 8 did not detect it either. When I would try to browse to certain URL’s like support.microsoft.com, or windowsupdate.microsoft.com, (on IE and Firefox 3, but not Chrome) the browser would redirect to 127.0.0.1 and fail. The system32 Hosts file was not the culprit either.
Sufficiently disappointed in AVG for not finding this rogue piece of code in my system, I looked for other free tools to try scanning with. I would recommend Adaware as a great free tool for removing spyware, except that it did not find this Malware program.
Finally, my saviour came in the form of another miraculous free software product, Malwarebyte’s Anti-Malware. I would highly recommend installing this product along with AVG Free. Malwarebyte’s program does not run on start-up, so it doesn’t take additional system resources. It would be a good idea to run this occasionally, in case AVG misses something nasty.
If you suspect that some Windows system files may be corrupted or missing, running the ‘sfc /scannow’ will check all system files and replace them if needed. You will need your Windows install disc for this tool.
The Windows Vista install DVD is also very adept at repairing a Windows installation. You may need to use this option if you cannot even boot into Safe Mode.

No comments:

Post a Comment

Hosting Gratis

Web hosting
shareyourthinkall searchengine portalsite download