Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 288
  • Last Modified:

Virus Cleanse

I have a computer that was infected... Possibly due to installing minecraft off the web. The machine began popping up random weblinks in IE even when going to normal sites. To clean this system I have:

1) Updated Malwarebytes and scanned to clean the system.
2) Installed Avast and scanned to clean system
3) Running Avast preboot scan to clean the system.
4) Ran sfc /scannow
5) Reset Internet Explorer settings
6) Made sure all Windows updates have been applied, including installing Windows 8.1

Are there any other tools or procedures I could use on this system to ensure a clean bill of health and reverse any negative OS effects? The Internet Explorer does seem to be working fine now after completing the above steps. Thanks!

Jason
0
jbyrd1981
Asked:
jbyrd1981
  • 2
  • 2
1 Solution
 
Nick RhodeIT DirectorCommented:
You can look over my article for methods of removing viruses/malware etc.

http://www.experts-exchange.com/Security/Vulnerabilities/A_12285-Virus-Removal-Methods.html
0
 
jbyrd1981Author Commented:
Great article! Do you know if the Avast preboot scan you can schedule does the same thing as the Avast tool you list? I am just wondering if it detects boot sector viruses as well. Thanks!
0
 
Nick RhodeIT DirectorCommented:
The pre-boot scan is similar to the rescue disks listed (AVG and Kaspersky).  As for how in depth the Avast preboot scan is I am unsure.  According to Avast it will scan during boot so it can intercept viruses getting loaded into memory so I presume it can.  

For the redirects and add popups RogueKiller is awesome for clearing out redirects and hijackers.
0
 
Giovanni HewardCommented:
I highly suggest you look into using OpenDNS, Microsoft Enhanced Mitigation Experience Toolkit, and Invincea FreeSpace.

Another method to consider is creating a virtual machine which is dedicated to interacting with the Internet and Internet based downloads.  When you are infected again, the infection will remain separate from your primary OS.  VMs support reverting back to known clean states using snapshots, so reverting back to a clean state upon future infection is trivial.  

One free product to accomplish this would be VirtualBox.  

Consider that while fully patched, your browsers, document viewers, and email clients continue to remain vulnerable.  These applications should be trusted to the extent your willing to trust the Internet zone.

That being said, the products you are using are signature-based and primarily address threats known to their particular database.  Malware can easily be encrypted/encoded/compressed , among many other techniques, to circumvent detection.  What this means is a dropper could still exist on your system which is (as of yet) undetected and remains inert for a time.  As some point in the future it could reactivate to download and install a new undetected variant, etc.  For this reason consider wiping your drive clean and reinstalling.  For many years I viewed this advice as a reflection of inadequate technical expertise, ironically as my pen testing/malware development experiences grows I see its the more effective and efficient approach long term (firmware threats aside.)

When you download apps in the future, consider using VirusTotal, which will scan specimens in real-time using 47+ anti-virus vendors simultaneously.

Invincea FreeSpace is significantly different from the products mentioned as it monitors behavior and isolates the most targeted applications mentioned above into a separate virtual space.  In other words, this product effectively addresses unknown (0-day) vulnerabilities, exploits, and threats.

Remember security is not a product.  There are many OS and application hardening techniques which will increase your resistance to future infection.

Read the entire syllabus for the SANS SEC505: Securing Windows and Resisting Malware course to get a good idea of what's possible (Application whitelisting, AppLocker, Script and executable signing, DEP, ASLR, and SEHOP, EMET, Virtual Desktop Infrastructure (VDI), etc., etc.)
0
 
jbyrd1981Author Commented:
Thanks! Had very good success with this.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now