Malware removal - Am I done?

scottjnorris
scottjnorris used Ask the Experts™
on
My method for cleaning malware is to pull the hard drive and attach it as a slave to a Windows 7 machine.  Then I boot  Windows 7 and run Kaspersky on the questionable drive. After Kaspersky finds a bunch of Trojans and Java exploits. I run "M.S. Stand-Alone-Scanner" and often it  finds a bunch more Trojans and Java exploits. This makes me wonder what I might find if I run other Anti-Virus programs that might find stuff that Kaspersky and "M.S. Stand-Alone-Scanner" did not find.

Sometimes the malware changes the registry settings and I need to use Combo Fix.

Is there a better method I can use to assure I have cleaned up all the malware?

How do I know when a system is clean?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Once you put the system back into operation, run the online Malwarebytes to see if it finds yet more stuff.

Once a system is infected (especially if it gets a rootkit), there is no guarantee you got it all. But what you did plus Malwarebytes is at least a very good attempt. See what happens after a day or two.

.... Thinkpads_User
Scott ThompsonComputer Technician / Owner

Commented:
Malwarebytes is a great suggestion. Also, you can run TDSSKiller slaved, but only with the functions 'Detect TDLFS System' and 'Scan Boot Sectors'. Great for removing pesky rootkits.
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
On all serious infections I start with ComboFix followed by Malwarebytes.  Sometimes I have to use a Linux Live disk to find and remove the main virus program first so I can load those two programs.
Commented:
Rule of thumb... When the system infected by malware before, reformat it! There is no 100% "way" other than this...

Unless you use all anti malware/virus scanner available in the world... As every vendor have their own anti malware pattern and that's why some can detect some cannot.

Cheers...
Try kaspersky rescue disk
https://support.kaspersky.com/4131

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial