Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Virus Cleanse

Posted on 2013-11-21
5
Medium Priority
?
283 Views
Last Modified: 2013-12-27
I have a computer that was infected... Possibly due to installing minecraft off the web. The machine began popping up random weblinks in IE even when going to normal sites. To clean this system I have:

1) Updated Malwarebytes and scanned to clean the system.
2) Installed Avast and scanned to clean system
3) Running Avast preboot scan to clean the system.
4) Ran sfc /scannow
5) Reset Internet Explorer settings
6) Made sure all Windows updates have been applied, including installing Windows 8.1

Are there any other tools or procedures I could use on this system to ensure a clean bill of health and reverse any negative OS effects? The Internet Explorer does seem to be working fine now after completing the above steps. Thanks!

Jason
0
Comment
Question by:jbyrd1981
  • 2
  • 2
5 Comments
 
LVL 22

Accepted Solution

by:
Nick Rhode earned 2000 total points
ID: 39667266
You can look over my article for methods of removing viruses/malware etc.

http://www.experts-exchange.com/Security/Vulnerabilities/A_12285-Virus-Removal-Methods.html
0
 
LVL 1

Author Comment

by:jbyrd1981
ID: 39667325
Great article! Do you know if the Avast preboot scan you can schedule does the same thing as the Avast tool you list? I am just wondering if it detects boot sector viruses as well. Thanks!
0
 
LVL 22

Expert Comment

by:Nick Rhode
ID: 39667404
The pre-boot scan is similar to the rescue disks listed (AVG and Kaspersky).  As for how in depth the Avast preboot scan is I am unsure.  According to Avast it will scan during boot so it can intercept viruses getting loaded into memory so I presume it can.  

For the redirects and add popups RogueKiller is awesome for clearing out redirects and hijackers.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39667566
I highly suggest you look into using OpenDNS, Microsoft Enhanced Mitigation Experience Toolkit, and Invincea FreeSpace.

Another method to consider is creating a virtual machine which is dedicated to interacting with the Internet and Internet based downloads.  When you are infected again, the infection will remain separate from your primary OS.  VMs support reverting back to known clean states using snapshots, so reverting back to a clean state upon future infection is trivial.  

One free product to accomplish this would be VirtualBox.  

Consider that while fully patched, your browsers, document viewers, and email clients continue to remain vulnerable.  These applications should be trusted to the extent your willing to trust the Internet zone.

That being said, the products you are using are signature-based and primarily address threats known to their particular database.  Malware can easily be encrypted/encoded/compressed , among many other techniques, to circumvent detection.  What this means is a dropper could still exist on your system which is (as of yet) undetected and remains inert for a time.  As some point in the future it could reactivate to download and install a new undetected variant, etc.  For this reason consider wiping your drive clean and reinstalling.  For many years I viewed this advice as a reflection of inadequate technical expertise, ironically as my pen testing/malware development experiences grows I see its the more effective and efficient approach long term (firmware threats aside.)

When you download apps in the future, consider using VirusTotal, which will scan specimens in real-time using 47+ anti-virus vendors simultaneously.

Invincea FreeSpace is significantly different from the products mentioned as it monitors behavior and isolates the most targeted applications mentioned above into a separate virtual space.  In other words, this product effectively addresses unknown (0-day) vulnerabilities, exploits, and threats.

Remember security is not a product.  There are many OS and application hardening techniques which will increase your resistance to future infection.

Read the entire syllabus for the SANS SEC505: Securing Windows and Resisting Malware course to get a good idea of what's possible (Application whitelisting, AppLocker, Script and executable signing, DEP, ASLR, and SEHOP, EMET, Virtual Desktop Infrastructure (VDI), etc., etc.)
0
 
LVL 1

Author Closing Comment

by:jbyrd1981
ID: 39742815
Thanks! Had very good success with this.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question