Guest writer Mark Schneider gives you the best advice you’ll ever get on malware removal – “when it comes to malware removal, use a shotgun – not a rifle”.
Cleaning an infected computer is a challenge. Unfortunately, malware writers are talented, and that translates into real trouble if your machine gets infected.
Many computers ship with large all-in-one security suites. These all-in-one programs look good on a checklist comparison in PC Magazine, but I prefer to use a variety of free programs from different vendors, each using a slightly different method of cleaning a machine, which gives you the best chance of finding all the bad files.
Recently, I had to deal with a Lenovo Thinkpad my daughter had been using – the laptop is a spare machine I use only occasionally, and had just been given a clean install of Windows XP.
After my daughter had finished using it, I did a routine scan using Malwarebytes, a very good free anti-spyware program. The initial scan found 15 infections, including some Rootkits, which can be very difficult to remove. Malwarebytes told me I needed to reboot the computer to finish the removal. I complied and rescanned.
Same results, same Trojans, same Rootkits, so I scanned with Microsoft’s Security Essentials, a new free anti-virus Microsoft recently released. Security Essentials found nothing at all, so I tried a new (to me) website, virustotal.com.
Virustotal allows you to upload suspicious files to scan to determine if they are a threat or, possibly a false positive. I uploaded the file that was showing up the most frequently on the quick scans. Virustotal scans the file using over 40 different malware removal engines. Only one engine, McAfee Virus scan, found the file to be suspicious so I was beginning to think I might have a false positive. But, the fact that the file kept reappearing was very suspicious. Now I needed to get serious.
The next step was to run CCleaner a very good registry, and temporary file cleaner. CCleaner will make virus scans faster, and may delete files that are allowing a possible payload to reload when you restart the computer.
After using CCleaner, I installed Superantispyware Free, a program that I always install as one as my primary tools to combat spyware. The fact that this computer was a fresh rebuild was the only reason I hadn’t installed it yet.
Installing and running Superantispyware goes very fast – it’s a great program that is the favorite of many computer technicians. Super lived up to its reputation, and found a number of problems, including one Trojan with multiple registry entries.
Rebooting the machine after Superantispyware ran, finally yielded some results. Additional scans from Superantispyware, and Malwarebytes, came up clean.
My next test is to run HijackThis. HijackThis is a very powerful tool which must be handled with care. Installing HijackThis is simple; using it effectively is another story. The best method, for most people, is to run HijackThis and create a log file. Next, post this file to a web site where experts can parse your results and determine if you still have any suspicious files.
My preferred site is HijackThis.de – the site is primarily in German, but don’t let that deter you. They have a scanner which will scan your log file in real time and give you a good idea, right away, if HijackThis has found anything.
If you have run, and re-run your scanning tools, run a HijackThis, and everything comes up looking okay, you’re probably malware free. But for the next few reboots, you should continue to make sure your anti-malware programs are up to date, and keep rescanning periodically.
Most malware these days wants to hide in the background. You may be infected and never know your machine is stealing your passwords, and draining your bank account. So stay safe, keep your data backed up, and if you get infected, use as many tools as it takes to get secure again.
This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.
Why not pay a visit to Mark’s site today.
If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 
Good blog, good to see him giving Superantispyware a wrap, I think it is up there with Malwarebytes too.
Hey Mal,
I agree – SuperAntispyware is at least the equal of Malwarebytes.
Bill
What fun-ahh, the joys of using Windows !
– ya have to Pay for it,play a bit& Pray a Lot & all the while M$ can access your PC whenever it likes
Hey Dar,
Virtually every connected device (iPhone, Smartphones, etc), is under attack from cybercriminals – not just Windows based computers. While it may be true that Windows, due to it’s huge installed base, is the primary target for hackers, most systems are compromised because users disregard even the most basic security practices.
Despite common assertions to the contrary, Linux is not immune from attack. Compromised web sites, a major attack surface for cybercriminals, in many cases employ Linux based software. For more info, Google “linux servers under attack”.
Bill
Great article, the Superantispyware – Malwarebytes combo is hard to beat!
Hey Kai,
Yes, I agree – Mark is a terrific writer. Have to agree with you too, on both SA and MB – great applications.
Bill
I’m glad people got something from my article. One note about Windows and Malware. Windows largest issue’s with Malware comes from their install base of over a billion computers and the fact that they have legacy support issue’s. Windows was not designed with security in mind, remember when you could see every ones hard drive on a network with Windows 95? UNIX based operating systems were based with security considerations and it shows, but if a billion PC’s ran Linux their would be 2/3rds of them running as admin and we’d have exploits developed to allow someone to run as root.
I saw the huge outcry from many users over Vista’s UAC which was Microsoft’s attempt to improve security, actually UAC is a good idea and I tell novice users to turn it up all the way on Windows 7. I can imagine the outcry of casual users if they were running Linux and they’d have to log in as a admin to do serious system changes. I’m not letting Microsoft off the hook though. They continue to hide extensions by default after all the issues its caused. So an email with a jpg.exe still shows as just a .jpg, so a casual user thinks their friends just sent them another funny picture.
Security and convenience are mutually exclusive to each other when it comes to computers. Unfortunately it takes a little effort to stay secure which is what Bill is here to help us with.
Sorry for the rant (#256)
Mark
PS Bill I posted a piece on online passwords and securely logging in, you might find useful. As always feel free to use it.
Hey Mark,
You can rant anytime you like – LOL! Particularly when they are this instructive.
Totally agree on hidden extensions – absolutely bizarre.
Your article has been very well received, as it should be, with 387 on site views and 93 off site views, in a day and a half. I’ve learned that any article that gets 100+ views in the first 24 hours, will continue to be popular, long term.
Thanks for “Login Security Tips” – I have already plugged it into LiveWriter and I will put it up in a couple of days. Great article. Thanks.
Talk to ya later,
Bill
Pingback: Malware Removal Tips – Experience From the Trenches « Bill Mullins … « RWPS
Great ideas, I will go have a look at superantispyware!
Rob
Thanks.
SuperAntispyware is a terrific application, and definitely worth a look.
Bill