Guest writer Mark Schneider gives you the best advice you’ll ever get on malware removal – “when it comes to malware removal, use a shotgun – not a rifle”.
Many computers ship with large all-in-one security suites. These all-in-one programs look good on a checklist comparison in PC Magazine, but I prefer to use a variety of free programs from different vendors, each using a slightly different method of cleaning a machine, which gives you the best chance of finding all the bad files.
Recently, I had to deal with a Lenovo Thinkpad my daughter had been using – the laptop is a spare machine I use only occasionally, and had just been given a clean install of Windows XP.
After my daughter had finished using it, I did a routine scan using Malwarebytes, a very good free anti-spyware program. The initial scan found 15 infections, including some Rootkits, which can be very difficult to remove. Malwarebytes told me I needed to reboot the computer to finish the removal. I complied and rescanned.
Same results, same Trojans, same Rootkits, so I scanned with Microsoft’s Security Essentials, a new free anti-virus Microsoft recently released. Security Essentials found nothing at all, so I tried a new (to me) website, virustotal.com.
Virustotal allows you to upload suspicious files to scan to determine if they are a threat or, possibly a false positive. I uploaded the file that was showing up the most frequently on the quick scans. Virustotal scans the file using over 40 different malware removal engines. Only one engine, McAfee Virus scan, found the file to be suspicious so I was beginning to think I might have a false positive. But, the fact that the file kept reappearing was very suspicious. Now I needed to get serious.
The next step was to run CCleaner a very good registry, and temporary file cleaner. CCleaner will make virus scans faster, and may delete files that are allowing a possible payload to reload when you restart the computer.
After using CCleaner, I installed Superantispyware Free, a program that I always install as one as my primary tools to combat spyware. The fact that this computer was a fresh rebuild was the only reason I hadn’t installed it yet.
Installing and running Superantispyware goes very fast – it’s a great program that is the favorite of many computer technicians. Super lived up to its reputation, and found a number of problems, including one Trojan with multiple registry entries.
Rebooting the machine after Superantispyware ran, finally yielded some results. Additional scans from Superantispyware, and Malwarebytes, came up clean.
My next test is to run HijackThis. HijackThis is a very powerful tool which must be handled with care. Installing HijackThis is simple; using it effectively is another story. The best method, for most people, is to run HijackThis and create a log file. Next, post this file to a web site where experts can parse your results and determine if you still have any suspicious files.
My preferred site is HijackThis.de – the site is primarily in German, but don’t let that deter you. They have a scanner which will scan your log file in real time and give you a good idea, right away, if HijackThis has found anything.
If you have run, and re-run your scanning tools, run a HijackThis, and everything comes up looking okay, you’re probably malware free. But for the next few reboots, you should continue to make sure your anti-malware programs are up to date, and keep rescanning periodically.
Most malware these days wants to hide in the background. You may be infected and never know your machine is stealing your passwords, and draining your bank account. So stay safe, keep your data backed up, and if you get infected, use as many tools as it takes to get secure again.
This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.
Why not pay a visit to Mark’s site today.
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.