Solved

Virus Cleanse

Posted on 2013-11-21
5
257 Views
Last Modified: 2013-12-27
I have a computer that was infected... Possibly due to installing minecraft off the web. The machine began popping up random weblinks in IE even when going to normal sites. To clean this system I have:

1) Updated Malwarebytes and scanned to clean the system.
2) Installed Avast and scanned to clean system
3) Running Avast preboot scan to clean the system.
4) Ran sfc /scannow
5) Reset Internet Explorer settings
6) Made sure all Windows updates have been applied, including installing Windows 8.1

Are there any other tools or procedures I could use on this system to ensure a clean bill of health and reverse any negative OS effects? The Internet Explorer does seem to be working fine now after completing the above steps. Thanks!

Jason
0
Comment
Question by:jbyrd1981
  • 2
  • 2
5 Comments
 
LVL 22

Accepted Solution

by:
Nick Rhode earned 500 total points
ID: 39667266
You can look over my article for methods of removing viruses/malware etc.

http://www.experts-exchange.com/Security/Vulnerabilities/A_12285-Virus-Removal-Methods.html
0
 
LVL 1

Author Comment

by:jbyrd1981
ID: 39667325
Great article! Do you know if the Avast preboot scan you can schedule does the same thing as the Avast tool you list? I am just wondering if it detects boot sector viruses as well. Thanks!
0
 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39667404
The pre-boot scan is similar to the rescue disks listed (AVG and Kaspersky).  As for how in depth the Avast preboot scan is I am unsure.  According to Avast it will scan during boot so it can intercept viruses getting loaded into memory so I presume it can.  

For the redirects and add popups RogueKiller is awesome for clearing out redirects and hijackers.
0
 
LVL 14

Expert Comment

by:Giovanni Heward
ID: 39667566
I highly suggest you look into using OpenDNS, Microsoft Enhanced Mitigation Experience Toolkit, and Invincea FreeSpace.

Another method to consider is creating a virtual machine which is dedicated to interacting with the Internet and Internet based downloads.  When you are infected again, the infection will remain separate from your primary OS.  VMs support reverting back to known clean states using snapshots, so reverting back to a clean state upon future infection is trivial.  

One free product to accomplish this would be VirtualBox.  

Consider that while fully patched, your browsers, document viewers, and email clients continue to remain vulnerable.  These applications should be trusted to the extent your willing to trust the Internet zone.

That being said, the products you are using are signature-based and primarily address threats known to their particular database.  Malware can easily be encrypted/encoded/compressed , among many other techniques, to circumvent detection.  What this means is a dropper could still exist on your system which is (as of yet) undetected and remains inert for a time.  As some point in the future it could reactivate to download and install a new undetected variant, etc.  For this reason consider wiping your drive clean and reinstalling.  For many years I viewed this advice as a reflection of inadequate technical expertise, ironically as my pen testing/malware development experiences grows I see its the more effective and efficient approach long term (firmware threats aside.)

When you download apps in the future, consider using VirusTotal, which will scan specimens in real-time using 47+ anti-virus vendors simultaneously.

Invincea FreeSpace is significantly different from the products mentioned as it monitors behavior and isolates the most targeted applications mentioned above into a separate virtual space.  In other words, this product effectively addresses unknown (0-day) vulnerabilities, exploits, and threats.

Remember security is not a product.  There are many OS and application hardening techniques which will increase your resistance to future infection.

Read the entire syllabus for the SANS SEC505: Securing Windows and Resisting Malware course to get a good idea of what's possible (Application whitelisting, AppLocker, Script and executable signing, DEP, ASLR, and SEHOP, EMET, Virtual Desktop Infrastructure (VDI), etc., etc.)
0
 
LVL 1

Author Closing Comment

by:jbyrd1981
ID: 39742815
Thanks! Had very good success with this.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now