Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Virus Cleanse

Posted on 2013-11-21
Medium Priority
Last Modified: 2013-12-27
I have a computer that was infected... Possibly due to installing minecraft off the web. The machine began popping up random weblinks in IE even when going to normal sites. To clean this system I have:

1) Updated Malwarebytes and scanned to clean the system.
2) Installed Avast and scanned to clean system
3) Running Avast preboot scan to clean the system.
4) Ran sfc /scannow
5) Reset Internet Explorer settings
6) Made sure all Windows updates have been applied, including installing Windows 8.1

Are there any other tools or procedures I could use on this system to ensure a clean bill of health and reverse any negative OS effects? The Internet Explorer does seem to be working fine now after completing the above steps. Thanks!

Question by:jbyrd1981
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 22

Accepted Solution

Nick Rhode earned 2000 total points
ID: 39667266
You can look over my article for methods of removing viruses/malware etc.

Author Comment

ID: 39667325
Great article! Do you know if the Avast preboot scan you can schedule does the same thing as the Avast tool you list? I am just wondering if it detects boot sector viruses as well. Thanks!
LVL 22

Expert Comment

by:Nick Rhode
ID: 39667404
The pre-boot scan is similar to the rescue disks listed (AVG and Kaspersky).  As for how in depth the Avast preboot scan is I am unsure.  According to Avast it will scan during boot so it can intercept viruses getting loaded into memory so I presume it can.  

For the redirects and add popups RogueKiller is awesome for clearing out redirects and hijackers.
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39667566
I highly suggest you look into using OpenDNS, Microsoft Enhanced Mitigation Experience Toolkit, and Invincea FreeSpace.

Another method to consider is creating a virtual machine which is dedicated to interacting with the Internet and Internet based downloads.  When you are infected again, the infection will remain separate from your primary OS.  VMs support reverting back to known clean states using snapshots, so reverting back to a clean state upon future infection is trivial.  

One free product to accomplish this would be VirtualBox.  

Consider that while fully patched, your browsers, document viewers, and email clients continue to remain vulnerable.  These applications should be trusted to the extent your willing to trust the Internet zone.

That being said, the products you are using are signature-based and primarily address threats known to their particular database.  Malware can easily be encrypted/encoded/compressed , among many other techniques, to circumvent detection.  What this means is a dropper could still exist on your system which is (as of yet) undetected and remains inert for a time.  As some point in the future it could reactivate to download and install a new undetected variant, etc.  For this reason consider wiping your drive clean and reinstalling.  For many years I viewed this advice as a reflection of inadequate technical expertise, ironically as my pen testing/malware development experiences grows I see its the more effective and efficient approach long term (firmware threats aside.)

When you download apps in the future, consider using VirusTotal, which will scan specimens in real-time using 47+ anti-virus vendors simultaneously.

Invincea FreeSpace is significantly different from the products mentioned as it monitors behavior and isolates the most targeted applications mentioned above into a separate virtual space.  In other words, this product effectively addresses unknown (0-day) vulnerabilities, exploits, and threats.

Remember security is not a product.  There are many OS and application hardening techniques which will increase your resistance to future infection.

Read the entire syllabus for the SANS SEC505: Securing Windows and Resisting Malware course to get a good idea of what's possible (Application whitelisting, AppLocker, Script and executable signing, DEP, ASLR, and SEHOP, EMET, Virtual Desktop Infrastructure (VDI), etc., etc.)

Author Closing Comment

ID: 39742815
Thanks! Had very good success with this.

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question