Virus Cleanse

Posted on 2013-11-21
Last Modified: 2013-12-27
I have a computer that was infected... Possibly due to installing minecraft off the web. The machine began popping up random weblinks in IE even when going to normal sites. To clean this system I have:

1) Updated Malwarebytes and scanned to clean the system.
2) Installed Avast and scanned to clean system
3) Running Avast preboot scan to clean the system.
4) Ran sfc /scannow
5) Reset Internet Explorer settings
6) Made sure all Windows updates have been applied, including installing Windows 8.1

Are there any other tools or procedures I could use on this system to ensure a clean bill of health and reverse any negative OS effects? The Internet Explorer does seem to be working fine now after completing the above steps. Thanks!

Question by:jbyrd1981
  • 2
  • 2
LVL 22

Accepted Solution

Nick Rhode earned 500 total points
ID: 39667266
You can look over my article for methods of removing viruses/malware etc.

Author Comment

ID: 39667325
Great article! Do you know if the Avast preboot scan you can schedule does the same thing as the Avast tool you list? I am just wondering if it detects boot sector viruses as well. Thanks!
LVL 22

Expert Comment

by:Nick Rhode
ID: 39667404
The pre-boot scan is similar to the rescue disks listed (AVG and Kaspersky).  As for how in depth the Avast preboot scan is I am unsure.  According to Avast it will scan during boot so it can intercept viruses getting loaded into memory so I presume it can.  

For the redirects and add popups RogueKiller is awesome for clearing out redirects and hijackers.
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39667566
I highly suggest you look into using OpenDNS, Microsoft Enhanced Mitigation Experience Toolkit, and Invincea FreeSpace.

Another method to consider is creating a virtual machine which is dedicated to interacting with the Internet and Internet based downloads.  When you are infected again, the infection will remain separate from your primary OS.  VMs support reverting back to known clean states using snapshots, so reverting back to a clean state upon future infection is trivial.  

One free product to accomplish this would be VirtualBox.  

Consider that while fully patched, your browsers, document viewers, and email clients continue to remain vulnerable.  These applications should be trusted to the extent your willing to trust the Internet zone.

That being said, the products you are using are signature-based and primarily address threats known to their particular database.  Malware can easily be encrypted/encoded/compressed , among many other techniques, to circumvent detection.  What this means is a dropper could still exist on your system which is (as of yet) undetected and remains inert for a time.  As some point in the future it could reactivate to download and install a new undetected variant, etc.  For this reason consider wiping your drive clean and reinstalling.  For many years I viewed this advice as a reflection of inadequate technical expertise, ironically as my pen testing/malware development experiences grows I see its the more effective and efficient approach long term (firmware threats aside.)

When you download apps in the future, consider using VirusTotal, which will scan specimens in real-time using 47+ anti-virus vendors simultaneously.

Invincea FreeSpace is significantly different from the products mentioned as it monitors behavior and isolates the most targeted applications mentioned above into a separate virtual space.  In other words, this product effectively addresses unknown (0-day) vulnerabilities, exploits, and threats.

Remember security is not a product.  There are many OS and application hardening techniques which will increase your resistance to future infection.

Read the entire syllabus for the SANS SEC505: Securing Windows and Resisting Malware course to get a good idea of what's possible (Application whitelisting, AppLocker, Script and executable signing, DEP, ASLR, and SEHOP, EMET, Virtual Desktop Infrastructure (VDI), etc., etc.)

Author Closing Comment

ID: 39742815
Thanks! Had very good success with this.

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question