Best utilities for cleaning malware

We run Windows SBS 2003 in a network of about 20 clients.  Most of the clients are running Windows XP Pro; a few of them now are running Windows 7.

Lots of malware gets through the AV app... surprise! surprise!  I have been using Spybot Search and Destroy, Malwarebytes Antimalware, and SuperAntispyware.  I also use Combofix at times for the hard cases.  These tools have been around a long time.  Are there better ones available now?  What is the best procedure these days for getting rid of malware?
Josh ChristieAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Nick RhodeIT DirectorCommented:
I wrote an article on this issue and these are the tools I use and the method of removing malware.

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Desktop_Anti-Virus/A_12285-Virus-Removal-Methods.html

I like these tools because you dont have to install them and are portable excluding malwarebytes.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas Zucker-ScharffSolution GuideCommented:
I haven't read the above article but one of the best methods is t o use Malwarebytes product, Chameleon. It kills rogue processes updates MBAM then dos a scan.
0
chavez808Commented:
Especially because you work with XP, I recommend:
1.  ESET NOD32
2.  Trend Micro HIJACKTHIS
You might have to get Hijackthis from www.oldapps.com

ESET NOD32
A good choice for XP.  I believe its the only AV wrtten in assembly language.  Takes up a tiny space in your hard drive, RAM and uses little CPU processing power.  Assemby language is not a complex language and therefore processes very quickly.  It's most ideal for XP machines which typicallly can't sacrafice much system resources to AV compared to the Windows 7 machines.

Trend Micro HIJACKTHIS.
I recommend to use this first before running the anti-virus program.
I do remote support for an enterprise and 40% of the time I can remotely push the msi package, install, run and find the bug(s) in 2 or 3 minutes!  Great little program.  Sometimes you need more time to dig thru the files.  Trust me, all sorts of AV programs can leave viruses behind.  It OK to manually check the system.

Hijackthis gives you a windows into many parts of the system at the same time.  I will usually find the viruses in two areas.  The poor performance is due to:
1. Trojan BHO virus that "take over the browser". Employees can't work productively.
2. Virus in a registry folder that loads upon bootup and/or when the user logs in.  
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKLU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Use Google to validate that each BHO and registry file is legit.  Soon you will build an eye to quickly see what belongs there and what is suspect.  You can also have an online scanner check the text file to help you.

If your not sure what the file is, leave it and run the antivirus program.

Both programs can also be used for Windows 7.

Good Luck!
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Allen FalconCEO & Pragmatic EvangelistCommented:
We are moving ourselves and our customers to Webroot.  On price per user, covers all devices.
0
Thomas Zucker-ScharffSolution GuideCommented:
Used ESET, but realize that it is largely a reactive solution instead of a proactive one.  Try Comodo.
0
chavez808Commented:
" ESET®, the global leader in proactive digital protection with a record of 10 consecutive years winning the prestigious VB100 awards with the company's flagship ESET NOD32® security products"

News article - Wednesday, October 16, 2013
source:  http://www.khq.com/story/23706539/eset-releases-version-7-of-eset-nod32-antivirus-and-eset-smart-security

ESET NOD32 is known for its real-time protection. Not sure why you it was stated to be a passive solution.

There are many AV's, all with pros and cons.

Remember, no AV is 100% secure.  Part of the infection rate depends on the user's usage.

My suggestion was to offer you a quality protection with minimal system resources.  When the XP machines have all their applications open and complain of constantly waiting, this becomes an issue.

Keep doing your research, good luck.

A good website to does weekly comparative performance is www.av-comparative.org
0
Thomas Zucker-ScharffSolution GuideCommented:
NOD32 is good if used with a firewall product, Smart Security product is not as good.  Check out this page for the latest: http://chart.av-comparatives.org/chart1.php according to them trend micro looks like one of the best.
0
Josh ChristieAuthor Commented:
Wow, I got some good lookin' answers this time.   This one is going to be hard to award points.  I'll dig in pretty soon.
0
dhsindyRetired considering supplemental income.Commented:
I run the suite of Norton Internet Security/Utilities and do additional scans with Malwarebytes.  No problems in over ten years.  I did take it in to my commercial provider once for a professional cleaning.
0
chavez808Commented:
If you are looking for the best Malware Utilities, you will get many responses.  

If you are looking for the best PROCEDURE to get rid of Malware,  
Ill ADD to my previous procedure.

Im sure there are more steps others could suggest, but this covers my handful of manual checks on a troubled system where an administrator needs his laptop functional ASAP.  He has no time to wait on 6-8 utilities.

1st - Never put ALL your trust in a single AntiVirus software.  
Trust them to do the job 85%.
Remember, some viruses will never get discovered until your AV company determines the new virus's signature and offers you protection in their latest update.  Viruses can cause havoc for several days over the internet before any Antivirus program can actually protect you.

Because of the above, I do manual checks on my systems.  Takes as little as an additional 10 minutes total.   Note: place utilities HIJACKTHIS and CCLEANER in your USB stick.


2nd - As I suggested earlier, try Trend Micro HIJACKTHIS.  
Company staff was very impressed of my ability to turn their troubled systems operational again in minutes.  I recieved alot of praise, but my co-workers never wanted to learn it.  Tool helps.  Impress your staff and learn it.

3rd - Delete contents in the TEMP FOLDER.
Bugs can linger in there. Do it manually or use CCleaner Utility to help you.

4th - Check installed programs
You may find known Malware installed by employee. Use google to determine which are buggy.  CCleaner Utility can also help you manage the installed programs..

5th - Check the SYSTEM LOG in EVENT VIEWER to help you verify the issue isnt due to a non-virus issue.
For example, logs may show errors with RAM or hard drive failing, etc.

Just an example,
we upgraded our XP machines to max RAM or 4G.  Theses imaged computers never had their Page File re-adjusted after this RAM upgrade.  Because the Page File was configured to 3GB, less than the installed 4GB RAM, many machines were moving SSLLLOOOOWWW and freezing.  It wasn't due to a virus, but due to memory issue with page file being misconfigured.  See what the system log might show you about possible performance issue.

Check the START UP folder for potential problem programs loading with user profile.

Check Task Manager for suspicious processes.  HIJACKTHIS can help you review processes.  Also use Google. Tools are out there to help you.


If system still troubled, offer to take their system out of service to run more utilities OR perhaps backup their data and reimage computer.

Good Luck!
0
Josh ChristieAuthor Commented:
I'll reply tomorrow
0
Josh ChristieAuthor Commented:
I'll be testing out these solutions over time.  I'm going to go ahead and award points now anyway, without testing, according to how good your answers seem to be from my experience.  I want to greatly thank each and every one.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.