Solved

Malware removal - Am I done?

Posted on 2012-12-28
5
409 Views
Last Modified: 2013-11-22
My method for cleaning malware is to pull the hard drive and attach it as a slave to a Windows 7 machine.  Then I boot  Windows 7 and run Kaspersky on the questionable drive. After Kaspersky finds a bunch of Trojans and Java exploits. I run "M.S. Stand-Alone-Scanner" and often it  finds a bunch more Trojans and Java exploits. This makes me wonder what I might find if I run other Anti-Virus programs that might find stuff that Kaspersky and "M.S. Stand-Alone-Scanner" did not find.

Sometimes the malware changes the registry settings and I need to use Combo Fix.

Is there a better method I can use to assure I have cleaned up all the malware?

How do I know when a system is clean?
0
Comment
Question by:scottjnorris
5 Comments
 
LVL 92

Expert Comment

by:John Hurst
ID: 38728509
Once you put the system back into operation, run the online Malwarebytes to see if it finds yet more stuff.

Once a system is infected (especially if it gets a rootkit), there is no guarantee you got it all. But what you did plus Malwarebytes is at least a very good attempt. See what happens after a day or two.

.... Thinkpads_User
0
 
LVL 8

Expert Comment

by:Scott Thompson
ID: 38728520
Malwarebytes is a great suggestion. Also, you can run TDSSKiller slaved, but only with the functions 'Detect TDLFS System' and 'Scan Boot Sectors'. Great for removing pesky rootkits.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 38728619
On all serious infections I start with ComboFix followed by Malwarebytes.  Sometimes I have to use a Linux Live disk to find and remove the main virus program first so I can load those two programs.
0
 
LVL 4

Accepted Solution

by:
Haslerct earned 500 total points
ID: 38728907
Rule of thumb... When the system infected by malware before, reformat it! There is no 100% "way" other than this...

Unless you use all anti malware/virus scanner available in the world... As every vendor have their own anti malware pattern and that's why some can detect some cannot.

Cheers...
0
 
LVL 9

Expert Comment

by:abolinhas
ID: 38731446
Try kaspersky rescue disk
https://support.kaspersky.com/4131
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Website BlackListed 22 85
Running with UAC disabled.... how bad is that? 6 83
Roguekiller has no option of deleting 19 109
Symantec Endpoint Protection blocking autorun.if 13 49
The intent of this Article is to provide the basic First Aid steps for working through most malware infections. The target audience includes experienced IT professionals and the casual user who just wants to make the infection go away. **********…
It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now