I thought I would do a quick post on AntiVirus / Malware Removal.
TechRepublic has comprehensive checklist of AntiVirus and Malware Removal – link below.
This is a thorough and time consuming process, yet, probably the best checklist I have read for such a task. I don’t quite go to that extreme unless its a server or business computer.
Sure enough the critics can cut me down for the ‘if’s’ and ‘but’s’ of this process, but, it works for me and there is always some ad lib required per job but here is a generic breakdown of my process for windows machines.
I use Trinity Rescue Kit and do a boot-up scan using Avast (requires download and free licence). This takes care of an initial sweep and removal and I rarely find it to be destructive to system files.
The rest is done in safe mode with networking enabled. Reboot.
I remove the current AntiVirus Software. Reboot into safe mode, again.
I fire up my favourite bag man > Emsisoft Emergency Kit
Run EEK (Emsisoft Emergency Kit), Update to the latest definitions and perform a Smart Scan and remove infections, reboot into safe mode again.
I use EEK the most because it is free, will run from a USB / Pen Drive and in my experience has an outstanding detection rate. Plus other tools I will attention later. It also has a CommandLine Scanner which is useful in some annoying infections. Use accordingly.
Now I use Malwarebytes Anti-Malware Free.
Install Malwarebytes Anti-Malware Free, Update and run a Full Scan. Remove infections. Reboot into safe mode, yet again.
I do this after an EEK Smart Scan because of varying detection rates. I still find EEK to have a higher detection rate. Hence…
Fire up EEK again and do a Deep Scan. Remove any remaining infections. Reboot into Normal Mode and assess the situation.
This is where EEK becomes (for a free and portable tool) exceptional. If you are still convinced of infection. You still have HiJackFree and BlitzBlank. The description of each is below the tool itself, so, you can see that you can still manually remove more persistent infections, if required (rarely, in my experience with common infections).
Now for the pedantic stuff. Ill cover all these in one. I generally inform customer to change all passwords, etc. and I reset Internet Explorer and other Browsers to default settings, disable add-ons, uninstall unwanted software and check auto-runs. I run a windows sfc. I check out network settings and look for anything peculiar. Most of this can be done with CMD. Finally, I reinstall whatever real time protection they want, update, check browsing and email is fine, then, I check Windows Updates and update accordingly.
As long as everything checks out. Job done. Crack a beer and roll a cigarette (Step 7 is optional, just my usual final procedure).
If you’ve got plenty of time on your hands or are dealing with a business or corporate network, I would recommend sticking to the Virus & Malware Removal Checklist provided by TechRepublic. I would also recommend sticking to the Checklist and ticking off as you go if you are charging an arm, leg and kidney for your oh so hard work, also, so you can prove the worth of that empty pocket.
In my experience we deal with a high workload and a fast turn over. My method gets the job done and despite offering a 30 day guarantee on no infection upon leaving our door, I’ve never had a customer throw their laptop or desktop at me. Well… not for still being infected, anyway.
There are other tools that can be run in between these steps. Like ComboFix (probably after EEK Smart Scan), Complete Internet Repair (during Step 6), etc. but I generally only do these things as required to avoid wasting time on unnecessary actions. I should also add that TRK (Trinity Rescue Kit) also includes 4 other command line Virus & Malware scanners and includes ClamAV (requires update but not download) if youre willing to spend the time using multiple scanners to increase your detection rate even before entering into windows. ClamAV has a decent detection rate as I used to use ClamAV and then Avast, but, Avast is getting better and better each day. These are my most common tools that I have readily available, yet, I still have a few others for those unlikely times things aren’t going right, example: definition servers are temporarily down (sigh… yes, it happens).
Hope you enjoyed the post. I am surprised I made it through an entire post without ditching and moving onto something else that I will probably never finish. Hehe… Thanks readers.