What removal programs you use?

[arch0nmyc0n]

So it's been a while since I've been on here, and I wanted to know what everyone is using for malware/virus removal at this point?

We've been getting a fair number of laptops infected with antivirus 2010 crapware. Anyone know of a good removal tool for this one?

What else? Just wondering what has changed in the past year and a half since I've been in the mainstream...

[slgrieb]

My routine is pretty fixed. Combofix scan followed by Malwarebytes and Spybot Search & Destroy. Supplemental AV scan also recommended.

Usually, Antivirus 2010 is easy enough to remove with either Malwarebytes or Spybot, but where you really have problems is if you have machines that got some bonuses along with AV2010. Neither Malwarebytes or Spybot are effective against most common Virtumondo.H variants.

Also, I've seen a recent increase in bugs that will either block most malware removers, or sleep and then reinstall. So, you should probably make it a point to rename the executables before using them.

[arch0nmyc0n]

yeah that's pretty much what we do, was just hoping there was a new tool that can remove those variants that are just a pain in the ***...

Thanks for the reply.

[NooNoo]

Sometimes it's quicker for me to go to cmd line safe mode and and dir *.* /p and scan through looking for files that don't belong.

[arch0nmyc0n]

yeah one of the first things I check is recently created files in system32 and other places.

[slgrieb]

yeah that's pretty much what we do, was just hoping there was a new tool that can remove those variants that are just a pain in the ***...

Thanks for the reply.

Combofix incorporates just about the best tools around, gets updated frequently, and even checks for updates and installs them if found. I think it's the best tool to eliminate rootkits and other stubborn nasties. Unfortunately, it has a fairly narrow focus, so you still need other stuff.

SuperAntispyware leaves me totally unimpressed, and I don't think either Spysweeper or PC Doctor are as good as the freeware. These days there's just much more money to be made writing and distributing malware than removing it.

[ajkochev]

I've had really good luck with the free BitDefender Anti-Virus Recovery CD. It saved me a redo of a laptop. Just had to login and clean a few registry settings the viruses installed to load themselves on boot.

[Niclo Iste]

A great backup for when nothing else can run due to the infections is A-Squared's command line scanner. Yes it's slower than most programs but it's very useful since it will sometimes flag and remove virii as well as malware. Though I generally use this to start the cleanup when all other programs fail. I generally will follow up with malwarebytes after this program. In addition to the cleaner tools I use A-Squared's HijackFree utility to look at the systems startup and other files, in addition to hijackthis and eset's sysinspector. All in all though utilizing all of said tools will not speed up your work but rather make sure you're thorough and catch anything that slipped through the cracks.

[Kodiak]

For me it really depends on when they got the virus (1 day of two weeks) and what they have tried to get rid of it. If it works I will run a restore point beyond when they got the virus then I will run combofix, ccleaner, malwarebytes (full scan), spybot, hijachthis then a defrag. In the past couple months I have seen an increased number of these coming back even after all this work. Most of their problems come from outdated antivirus software and or peer to peer sharing programs. In most cases I will ask if they have anything on the pc they don't want to lose and if not I will suggest a format and get better protection for them

[Kodiak]

Another thing I always do is turn off system restore and then back on when I'm finished and create a restore point.

[BOB IROC]

I have become a big fan of the OneCare Online Scan because it does some other maintenance scans as well. But I also use Malwarebytes and Spybot.

I will sometimes use CCleaner as well to clean up old files and dead registry but most times it is pretty clean after the OneCare scan.

Like many others I disable system restore most of the time.