Category Archives: Malware Removal

Using Kaspersky Rescue Disk 10 – A Quick Walkthrough

imageMuch of today’s malware is expert at hiding or camouflaging itself – making it both hard to detect, and obviously more difficult to remove. But, if you can get to malware before it has a chance to run live within the installed operating system – you have a real chance of detecting and eradicating the varmint.

This is where a Rescue Disk (Live CD), which I like to think of as the “SWAT Team” of antimalware solutions – comes into play. More often than not, a Live CD can help you kill malware DEAD!

It’s important to know though, not all antimalware Live CDs are in fact, “Rescue Disks”. And, not all “Rescue Disks” are in fact – antimalware Live CDs.

Kaspersky Rescue Disk 10, by far and away my antimalware tool of choice,  combines the best of both genres. Not only is is superb at identifying and removing malware but, with it’s onboard tool kit it, definitely qualifies as a Rescue Disk.

Note: Kaspersky Rescue Disk 10, is designed to scan, and disinfect, both 32 bit and 64 bit machines. As well, Kaspersky Rescue Disk 10 can be run from a USB device.

The following is a quick walkthrough using Kaspersky Rescue Disk 10 in both malware scanning and “tool kit” capacities.

Kaspersky Rescue Disk 10 is available for download as an ISO file only, which means – you must burn the ISO image file to a CD/DVD, and then boot the application from your CD/DVD drive. If you’re unsure as to how to setup your machine to boot from your CD/DVD drive, TechPaul has an easy to follow tutorial – How to boot from a CD.

If you don’t know how to burn an ISO image, you’ll find instructions below.

At boot-up, Kaspersky Rescue Disk 10 runs through a fairly large number of routines so be patient until the main menu screen appears.

From the menu screen, run the update task which will update the anti-virus databases. Following which, you can then go to “Scan your computer” or….

Click on graphic to expand to original size.

image

you can choose to configure the scan settings to your specific requirements.

Click on graphic to expand to original size.

image

As the application is scanning, you will be reminded of both the percentage of objects scanned and, an estimated time to completion.

Click on graphic to expand to original size.

image

The bonus features bolted on to Kaspersky Rescue Disk 10 include:

Firefox

The Firefox web browser integrated into Kaspersky Rescue Disk can view websites and save the pages you have visited. You can view all visited pages after exiting Kaspersky Rescue Disk. By default, the Kaspersky Lab website is displayed in the browser.

In the following usage example, I have chosen to search Google for “malware help”. Let’s hope you’ll never have to do this but, if you need to you can – without having to boot back into Windows.

Click on graphic to expand to original size.

image

Internet configuration

By default, the web browser works with system proxy server. You can specify the proxy server settings when configuring the web browser. Since malware can often affect Internet settings, this feature can be an invaluable assist.

Click on graphic to expand to original size.

image

Integrated file manager

The Integrated file manager will allow you to access the hard drive/s – as the following screen capture shows. As a last resort (if it comes to that),  you will be able to save your important files (any file for that matter), using this tool.

Click on graphic to expand to original size.

image

Heuristic analyzer

Threat detection technology for threats that cannot be detected using Anti-Virus databases. It allows detecting objects suspected of being infected with an unknown virus or a new modification of the known viruses. This mechanism is fairly effective, and very rarely leads to false positives.

Kaspersky Rescue Disk 10 is an extremely powerful tool, with many more capabilities than I’ve been able to cover in this short review. I’m more than a little surprised that it can be downloaded at no cost. A serious computer user would do well to have this application ready to go when faced with one of those –  O No!!, moments.

To read a blow-by-blow description of Kaspersky Rescue Disk vs Malware, checkout guest writer Mark Schneider’s – A Lesson In Malware Removal Using Kaspersky Rescue Disk, here on this site.

System requirements: Windows XP (Service Pack 2 or higher), Vista, Windows 7  (32/64 bit support for all).

Download the ISO image file at: Kaspersky

If you’re unsure as to how to burn an ISO image file to a CD/DVD in order to create a bootable disk, here’s an easy method. In this illustration I’m using a freeware application CDBurner XP.

1)  Activate  CDBurner XP.

2)  Insert a blank CD/DVD into the CD/DVD drive.

3)  Click on “Burn ISO image”, which will open the write screen.

image

4)  Select kav_rescue_10.iso which will reside in the location in which you saved the file.

5)  Click on “Burn disc”

image

6)  Sit back and relax until the job is complete (2/3 minutes).

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Computer Tools, downloads, Firefox, Free Anti-malware Software, Freeware, Geek Software and Tools, Kaspersky, Malware Removal, Portable Applications, Software, USB, Windows Tips and Tools

Free Microsoft Standalone System Sweeper Beta AV – Boot From A CD Or USB Stick

Much of today’s malware can be extremely difficult to identify and remove – despite a user relying on frontline antimalware applications to do the job. So, from my perspective, I don’t see any advantage in running full scans * on a live system – instead, once a week I run a Linux-based antimalware application (a live CD), which scans from the outside looking in. Malware generally can’t hide if it’s not running.

* I do however, run a Quick Scan with both Microsoft Security Essentials, and Malwarebytes’ Anti-Malware, on a daily basis. Combined running time for both applications is less than five minutes – so, it’s worth the minimum effort involved.

I can now add one more CD/Flash Drive based, antimalware application to my arsenal of  boot CDs – the just released Microsoft Standalone System Sweeper Beta. System Sweeper Beta operates much like Panda SafeCD, Kaspersky Rescue Disk 10, Avira AntiVir Rescue System.

Microsoft says:

Microsoft Standalone System Sweeper Beta is a recovery tool that can help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware.

In addition, Microsoft Standalone System Sweeper Beta can be used if you cannot install or start an antivirus solution on your PC, or if the installed solution can’t detect or remove malware on your PC. It is particularly useful for detecting and disinfecting malware infections which give regular AV products running within Windows a hard time.

To get started with System Sweeper Beta – first, download and run the installer which will open up the following series of windows.

Click on any graphic to expand to original size.

image

Choose the media or the device you want to install the application to.

image

Then sit back and relax – more or less.

image

For additional help and information, checkout – Microsoft Standalone System Sweeper Beta Help & How-To.

System requirements (from Microsoft):

The following is a list of minimum requirements for both the computer infected with a virus or malware and the computer on which you are creating the bootable media.

  • Operating system:Windows XP Service Pack 3; Windows Vista (RTM, Service Pack 1, or Service Pack 2, or higher); Windows 7 (RTM, Service Pack 1, or higher).
  • Required processor:
    Windows XP: 500 MHz or higher1.0 GHz or higher
    Windows Vista and Windows 7: 1.0 GHz or higher
  • Required memory:
    Windows XP: 768 MB RAM or higher
    Windows Vista and Windows 7: 1 GB RAM or higher
  • Required video card: 800 × 600 or higher
  • Available hard disk space: 500 MB

The following requirements apply only to the computer infected by a virus or malware:

  • The computer infected with a virus or malware must have the same Windows operating system architecture as Microsoft Standalone System Sweeper Beta, either 32-bit or 64-bit.
  • In addition, BitLocker must be disabled to use Microsoft Standalone System Sweeper Beta.

The following requirements apply only to the computer on which you are creating the bootable media:

  • Internet connection: Required for installation and download of the latest virus and spyware definitions for Standalone System Sweeper.
  • Internet Browser: Windows Internet Explorer 6.0 or higher or Mozilla Firefox 2.0 or higher.

Download: at Microsoft

In the constantly evolving world of cybercrime, all users are well advised to scan their computers regularly with an antimalware application that does not rely on the native operating system.

Please keep in mind that Microsoft Standalone System Sweeper Beta, is not an intrusion prevention system – it is not a replacement for your installed antimalware application/s.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Antivirus Applications, CD/DVD Recovery Tools, downloads, Free Anti-malware Software, Freeware, Malware Removal, Malwarebytes’ Anti-Malware, Microsoft, Software, USB, Virus Repair Tools, Windows Tips and Tools

Malwarebytes – A Must Have for Every PC Tech

Guest writer Julie Myers, gives us her personal take (backed up by her 14 years in IT Support), on why she believes Malwarebytes’ Anti-Malware should be a part of every PC Tech’s toolbox.

Once Upon a Time

imageOnce upon a time, computers were free to roam the Internet. Websites took up very little space and not much traffic was on the sparkling new information highway. It was a time of early development and little risk for business folks. It was a time of discovery and information sharing for everyone else.

Nothing tried to rob our computers of their speed, network connectivity, or corrupt a file, nor unknowingly get our computers to spread a virus. Roaming the Internet was fun, though sometimes boring – but, crime free.

Times Have Changed

Unfortunately, it is no longer “once upon a time”. Today, the greatest threat to a computer is malware and the best post-invasion force is you, the PC Tech. As a PC Tech, your job is to rid the computer of malware. To do this you need an arsenal of the best software tools, and Google.

Since the best anti-malware software changes from time to time, it is important to stay current with which ones are the best. As of June, 2011, one of the best free anti-malware software programs, that you must have, is Malwarebytes’ Anti-Malware.

Why Malwarebytes

Malwarebytes just plain works. A team of ten PC Techs and I, have run Malwarebytes on at least two hundred infected computers, over the past year, with outstanding success (there were, of course, a few computers that were so badly infected all tools failed, thus the only solution was to reimage).

Malwarebytes downloads and installs quickly. And, the user interface is relatively easy to figure out and navigate. It takes around 25 minutes to an hour to run a full scan, depending on how much data is on the user’s hard drive, and how badly infected the computer is. And, the user interface is relatively easy to figure out and navigate.

The employees at Malwarebytes Corp. do such an outstanding job at keeping on top of the latest threats, and programming their software to delete it from a computer, all you need to do is make sure you have the latest engine update before running a scan. From what I have seen Malwarebytes removes a variety of malware, 9 out of 10 times, with just one scan and a reboot.

Here are some additional features to get you even more excited:

  • It’s free. There is a PRO version that is very reasonably priced at $24.95 per license and the added features seem well worth the cost.
  • Scans are relatively fast compared to other malware software. The PRO version is said to be even faster.
  • It does a full scan on all drives, both free and PRO version.
  • PRO version has a real-time active malware prevention engine. In other words, the free version has to be run manually to scan your hard drive. The PRO version can be configured to run automatically in the background.
  • Currently, Malwarebytes will run on Windows 2000, XP, Vista and 7 (32bit and 64bit).

Danger Continues

In the foreseeable future, malware will continue to be a threat to computers. You, the PC Tech, will need to keep up to date with the best tools to rid computers of these annoyances. Today, Malwarebytes is one of the best free anti-malware tools out there.

Good luck, and don’t swear at the computer too much. Now, go visit Malwarebytes.org and add their anti-malware software to your arsenal.

For more details and to download Malwarebytes, go to: http://www.malwarebytes.org

To compare the differences between the free and PRO versions, go to: http://www.malwarebytes.org/products/malwarebytes_free

Biography:

Guest writer Julie Myers has been in IT Support for 14 years, surfing the Internet since the mid 90s, and has been playing around with computers since the Apple II. Currently, Julie is tinkering with creating websites and she’s in the process of learning Java.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under 64 Bit Software, Anti-Malware Tools, cybercrime, Don't Get Hacked, downloads, Free Anti-malware Software, Freeware, Guest Writers, Malware Removal, Malwarebytes’ Anti-Malware, Software, Spyware - Adware Protection, System Security, Technicians Advise, Windows Tips and Tools

14 Free Tools To Use To Identify And Remove Tough Malware

imageThe following tools have been specifically designed to help users better identify malware infections, and then eradicate those specific infections. These tools require advanced computer knowledge, and unless you feel confident in your diagnostic skills, you should avoid them.

Here’s a reasonable test to determine if you have the skills necessary to use these application effectively. If you’re not capable of using, and interpreting, an application such as HiJackThis for example, it is unlikely that using these applications will prove to be beneficial. On the other hand, if you can interpret the results of a  HiJackThis scan, you’re probably “good to go”.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

Emsisoft HiJackFree

The program operates as a detailed system analysis tool that can help you in the detection and removal of Hijackers, Spyware, Adware, Trojans, Worms, and other malware. It doesn’t offer live protection but instead, it examines your system, determines if it’s been infected, and then allows you to wipe out the malware.

Runscanner

If you’re a malware hunter, and you’re in the market for a free system utility which will scan your system for running programs, autostart locations, drivers, services and hijack points, then Runscanner should make your shortlist. The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

HijackThis

HijackThis is a free utility which heuristically scans your computer to find settings that may have been changed by homepage hijackers, spyware, other malware, or even unwanted programs. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

The program doesn’t target specific programs, but instead it analyses registry and file settings, and then targets the methods used by cyber-crooks. After you scan your computer, HijackThis creates a report, and a log file (if you choose to do so), with the results of the scan.

RKill

RKill is a program developed at BleepingComputer.com – “It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.”

Emsisoft BlitzBlank

BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, Registry entries and drivers at boot time before Windows and all other programs are loaded.

McAfee Labs Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

Specialty Removal Tools From BitDefender

Eight special removal tools including Conficker Removal Tool

Microsoft Malicious Software Removal Tool

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

NoVirusThanks

NoVirusThanks Malware Remover is an application designed to detect and remove specific malware, Trojans, worms and other malicious threats that can damage your computer. It can also detect and remove rogue security software, spyware and adware. This program is not an Antivirus and does not protect you in real time, but it can help you to detect and remove Trojans, spywares and rogue security software installed in your computer.

Norton Power Eraser

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Rootkit Tools:

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

Tizer Rootkit Razor

Tizer Rootkit Razor, will allow you to identify and remove Rootkits from your computer. I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

This article was originally posted November 2, 2010.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Anti-Malware Tools, downloads, Free Anti-malware Software, Freeware, Geek Software and Tools, Malware Removal, Manual Malware Removal, Rogue Software Removal Tips, Rootkit Revealers, Scareware Removal Tips, Software, Windows Tips and Tools

A Lesson In Malware Removal Using Kaspersky Rescue Disk

This past Sunday, I posted an article on the benefits of regular scanning with a “live CD” – Stay Malware Free (Hopefully!) – Scan With A “Live CD” Regularly. Which, reminded me of an excellent article (previously posted here), by my good buddy and fellow blogger, Mark Schneider, on working with Kaspersky Rescue Disk to eradicate malware.

There are some great pointers here, and I encourage you to re-read this terrific article. It’s well worth a re-read.

 

image You find your computer getting slower and slower to boot, and when it finally does boot it’s so slow everything runs at a crawl. So you try running the antivirus you have and just get a message that says the definitions are out of date and you can’t connect to the update server.

Or you may find an annoying pop-up coming up every time you boot telling you PC Antivirus has found 70,278 infections and for $49.99 they will remove them for you. Well my friend, you are hosed! Your machine is so badly infected that you have to try desperate measures.

At this point you can try pulling your hard drive out of the machine and putting it in another mounting it as a slave, and using your other machine to try to clean it.

Another way to get this thing up and running is to try some kind of bootable rescue disk to clean it. Bootable rescue disks are bootable CD’s/DVD’s that contain small operating systems, with some preinstalled tools contained for repairing your computer.

When you turn on your computer hit F10 or F12, select your CD/DVD drive and your computer boots into an operating system contained on that CD. There are a lot of great rescue disks out there, the problem is most are very complicated, and some take forever to boot.

I found one great exception to this though. Kaspersky Labs, creator of the very capable Kaspersky Antivirus line of products has built a great free bootable rescue CD that is simple to use.

image

Unlike many other bootable rescue disks it has one purpose, to clean your system. To create a Kaspersky Rescue Disk, download the ISO image from this link , then burn the image to a CD.

Depending on what operating system you are using you may need to download a CD burning program if you don’t already have one. If you are running Windows 7 it has a built in, burning program that’s simple to use and works great. If you are running XP or Vista, I like Image Burn, or CD BurnerXP – both do a great job of burning .ISO images, and are free.

Once you have your rescue CD built, start your infected machine pushing F12/F10 to get it to the boot selection screen. Boot to the CD Rom drive as I stated earlier and relax, although faster than most rescue disks it’s hardly fast.

Follow the prompts and when it boots into the Kaspersky Rescue system you first need to update the virus definitions. Once updated do a scan, and go read the newspaper or get some coffee, it takes a while.

Once it completes the scan go ahead and let it remove or quarantine all the files it has found. I’ve never had it delete anything that caused the machine it was fixing not to boot. But of course before you do anything like this, BACK UP YOUR DATA!!!!! But you already did that so proceed.

Do the scan, remove the junk and log off Kaspersky. Just turning off your computer with the power button won’t hurt anything when you are running a rescue CD.

The reason rescue CD’s are so effective is, you’re not trying to disinfect a computer with an infected OS. When you boot to the hard drive of an infected machine, you’re playing on the bad guy’s home turf. They control the machine and in many cases they’ve hidden the infected files so your antivirus can’t see them.

There are other rescue disks out there and many are very complicated and take a very long time. The Kaspersky Rescue Disk is the fastest and easiest I’ve found to clean an infected machine enough to allow me to boot back into Windows and complete the process by adding my favorite automated antimalware tools to keep the system clean going forward.

Note: Kaspersky Rescue Disk 10 can be run from a USB device.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.

Why not pay a visit to Mark’s site today.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Anti-Malware Tools, Antivirus Applications, downloads, Free Anti-malware Software, Freeware, Guest Writers, Kaspersky, Linux, Malware Removal, Portable Applications, Scareware Removal Tips, Software, USB, Virus Repair Tools, Windows Tips and Tools

Stay Malware Free (Hopefully!) – Scan With A “Live CD” Regularly

imageI’m regularly asked how often I scan my primary personal machine for malware. The answer is – as part of a layered security approach, I have a formal schedule which I stick to without fail.

Once a day, I quick scan the system drive with both Microsoft Security Essentials, and Malwarebytes’ Antimalware – making sure the databases are updated and current.

Running a quick scan with both these applications, takes less than 5 minutes. For example: Malwarebytes’ – 150,000 objects – 2 minutes and 30 seconds. Microsoft Security Essentials – 30,000 items – 1 minute and 18 seconds.

Much of today’s malware though, can be extremely difficult to identify and remove – despite a user relying on frontline antimalware applications to do the job. So, I don’t see any advantage in running full scans on a live system – instead, once a week I run a Linux-based antimalware application (a live CD), which scans from the outside looking in. Malware generally can’t hide if it’s not running.

I’ve come to rely on the following free live CDs, which I regularly alternate, to ensure (hopefully), I’m operating in a malware free zone.

Panda SafeCD

Click to see larger images

This useful utility comes in handy when you need to clean a malware infected machine. Or, as in my case, to ensure a machine is not infected. It is particularly useful for detecting and disinfecting malware infections which give regular AV products running within Windows a hard time.

Features include: Automatic detection and removal of all types of malware. Boot from CD or USB stick. Supports using updated signature files. Supports 13 languages. Supports both FAT and NTFS drives.

The download consists of an ISO. You can either burn this to a CD/DVD or alternatively, create a Boot USB stick by using something like the Universal Netboot Installer (UNetbootin).

Kaspersky Rescue Disk 10

image

Kaspersky Rescue Disk 10, is designed to scan and disinfect x86 and x64-compatible computers that have been infected. Particularly useful when the infection is at such level that it is impossible to disinfect the computer using anti-virus applications, or malware removal utilities, running under the operating system.

Note: Kaspersky Rescue Disk 10 can be run from a USB device.

Avira AntiVir Rescue System

image

Avira AntiVir Rescue System is a Linux-based application that allows you to access a system that cannot be booted anymore. Not only will this application scan the system for infections, but it can be used to repair a damaged system, or rescue data.

If you’re looking for an uncomplicated, reasonably quick booting alternative antimalware scanner/rescue CD, which will update the definition database automatically (assuming you’re connected to the Internet), any one of these freebies will do the job nicely.

In the constantly evolving world of cybercrime, all users are well advised to scan their computers regularly with an antimalware application that does not rely on the native operating system.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

24 Comments

Filed under 64 Bit Software, Anti-Malware Tools, downloads, Free Anti-malware Software, Freeware, Kaspersky, Linux, Malware Removal, Malwarebytes’ Anti-Malware, Panda Security, Software, USB, Windows Tips and Tools

Emsisoft Free Emergency Malware Removal Kit – USB Ready

This post was originally published July 26, 2010.

I came across the Emsisoft Emergency Kit just in the last few days, which means, I haven’t had a chance to put it through my normal test process.

So, in the interest of keeping regular readers up to date as to what’s new in the free antimalware market, the following information is taken directly from the publisher’s site.

______________________________________________________

The Emsisoft Emergency Kit contains a collection of programs that can be used without a software installation to scan and clean infected computers for malware.

Emsisoft Emergency Kit Scanner:

With the Emsisoft Emergency Kit Scanner you have got the powerful Emsisoft Scanner including graphical user interface. Search the infected PC for Viruses, Trojans, Spyware, Adware, Worms, Dialers, Keyloggers and other malign programs.

Run the Emsisoft Emergency Kit Scanner with a double click on a2emergencykit.exe. Found Malware can be moved to quarantine or finally deleted.

image

Emsisoft Commandline Scanner:

This scanner contains the same functionality as the Emergency Kit Scanner but without a graphical user interface. The commandline tool is made for professional users and can be used perfectly for batch jobs.

To run the Emsisoft Commandline Scanner, do the following actions:

– Open a command prompt window (Run: cmd.exe)
– Switch to the drive of the USB Stick (e.g.: f:) and then to the folder of the executable files (e.g.: cd run)
– Run the scanner by typing: a2cmd.exe

Next you will see a help page describing all available parameters.

Next is an example to scan drive c:\ with enabled Memory, Traces (Registry) and Cookie scan with active Heuristic module and archive support. Found Malware is moved to quarantine.

a2cmd.exe /f=”c:\” /m /t /c /h /a /q=”c:\quarantine\”

Emsisoft HiJackFree:

HiJackFree helps advanced users to detect and remove Malware manually. With HiJackFree you can manage all active processes, services, drivers, autoruns, open ports, hosts file entries and many more. For your full control over your system.

Emsisoft BlitzBlank:

BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. These days the software pests use clever techniques to protect themselves from being deleted. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, Registry entries and drivers at boot time before Windows and all other programs are loaded.

Self made Emergency USB stick:

Expand the content of the Emsisoft Emergency Kit to an USB stick and make your own universal tool to scan and clean infected PCs.

_______________________________________________________

System requirements: Windows XP, 2003/2008 Server, Vista and 7, full functionality on x64.

Download at: Emsisoft

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under 64 Bit Software, Anti-Malware Tools, Computer Tools, downloads, flash drive, Free Anti-malware Software, Free Security Programs, Freeware, Geek Software and Tools, Malware Removal, Portable Applications, Software, USB, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

Panda SafeCD – Plus Six More Free Recovery Tools

imageSitting down and pushing the start button on your PC only to have it refuse to boot, will fit right in with anyone’s definition of frustration. It’s almost a personal thing – “why are you doing this to me?” But all is not lost.

Before you consign your dead PC to the garbage dump, or start considering just what kind of boat anchor you might craft, you should know that there are some terrific free tools that can help you recover (provided it’s a software issue).

These free applications are at the “Top of the Class”, in my view. Since I first wrote on this issue, back in June 2010, I’ve added Panda Security’s (the highly regarded developer of Panda Cloud free antivirus), Panda SafeCD, to the list below.

I’m not suggesting that you download them all but, if you have some spare CDs – why not? Or, do a little info gathering on the author’s site – then choose those that best meet your specific needs.

Hiren’s Boot CD

image

Hiren’s Boot CD is a boot disk containing various diagnostic programs such as partitioning agents, system performance benchmarks, disk cloning and imaging tools, data recovery tools, MBR tools, BIOS tools, and many others for fixing various computer problems.

Downloading this application is a bit of a hassle, since ownership of some of the utilities on the CD is open to interpretation.

Ultimate Boot CD for Windows

image

A terrific recovery CD for repairing, restoring, or diagnosing computer problems, but since it involves hands on “building skills” to compile the necessary tools, it’s not for everyone. Nevertheless, for those who have the skills, this utility is a “must have”.

Trinity Rescue Kit

image

Trinity Rescue Kit, or TRK, is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues.

Ubuntu Live CD

image

Can’t boot into Windows? Can’t figure out how you’re going to rescue all that data that you can’t reach? Ubuntu Live CD can come to the rescue. Need to connect to the Internet as part of your recovery process? No problem – Ubuntu Live CD makes it easy.

Specialty Recovery Tools:

Panda SafeCD

Click to see larger images

This useful utility comes in handy when you need to clean a friend’s PC (or your own), from a malware infected state. It is specially useful for detecting and disinfecting malware infections which give regular AV products running within Windows a hard time.

Features include: Automatic detection and removal of all types of malware. Boot from CD or USB stick. Supports using updated signature files. Supports 13 languages. Supports both FAT and NTFS drives.

The download consists of an ISO. You can either burn this into a CD/DVD or alternatively create a more convenient Boot USB stick by using something like the Universal Netboot Installer (UNetbootin).

Kaspersky Rescue Disk

image

This rescue CD can scan your boot sector, and your Hard Drives from the outside looking in. Malware doesn’t have a chance to hide if it’s not running. It’s become the first step I now use, when I’m dealing with an infected machine.

Avira AntiVir Rescue System

image

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to, repair a damaged system, rescue data, scan the system for virus infections.

Just a personal note: I scan all my machines with this application on a weekly basis.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under Anti-Malware Tools, Computer Tools, Diagnostic Software, downloads, Free File Recovery Applications, Freeware, Geek Software and Tools, Malware Removal, Software, System Recovery Tools, System Utilities, Utilities, Windows Tips and Tools

Free Rootkit Revealers – Tizer Rootkit Razor, Plus Three More

imageRootkits use any number of techniques to hide, including concealing running processes from monitoring programs, and hiding files, and system data, from the operating system.

In other words, the rootkit files and processes will be hidden in Explorer, Task Manager, and other detection tools. It’s easy to see then, that if a threat uses rootkit technology to hide, it is going to be difficult to find.

So, scanning for Rootkits occasionally, is good practice, and if you have the necessary skills to interpret the results of a Rootkit scan, Tizer Rootkit Razor, appears to be a good choice to help you do this. I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

Since the false positive issue, is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

Here’s a reasonable test to determine if you have the skills necessary to use this application effectively. If you’re not capable of using, and interpreting, an application such as HiJackThis for example, it is unlikely that using this program would prove to be beneficial. On the other hand, if you can interpret the results of a  HiJackThis scan, you’re probably “good to go”.

The user interface is dead simply – functional and efficient, as the following screens from my test system indicate. BTW, no Rootkits were found during this test. Or, after scanning with the additional tools listed below.

Tizer 1

Tizer 3

Tizer 4

Fast facts:

Main Screen: This page displays information related to your operating system and memory usage.

Smart Scan: This feature automatically scans all the critical areas in the system and displays hidden objects, making things easier for the user.

NOTE: The user is provided with a feature to fix the hidden object (if any).

Process Scan: This module scans processes currently running on the machine. A process entry will be highlighted in red if it is a hidden rootkit. The user can click on an individual process to display any hidden modules loaded by the process.

NOTE: The user is provided with the option to terminate processes and delete modules.

Registry Scan: This module scan is for hidden registry objects.

Smart Scan: A smart scan will scan the critical areas of the registry.

Custom View: This module provides a virtual registry editor view, hence enables the user to navigate through the registry and check for hidden keys or values. (Hidden keys/values will be highlighted)

Kernel Module Scan: This module scans for loaded drivers in the memory. A module entry will be highlighted in red if it is hidden.

NOTE: The user is provided with a feature to unload and delete a driver module from memory.

Services Scan: This module scans all installed services on the local machine. A particular service entry will be highlighted if it is hidden.

NOTE: The user is provided with start, stop, pause, and resume features. They may also change the startup type of service.

SPI Scan: This module lists all the LSPs installed in the system. This is read only information.

NOTE: The user can check for any unauthorized LSP installed.

SSDT Scan: This module scans for any altered value in the System Service Descriptor Table (SSDT). The process of alteration is termed as “Hooking.”

NOTE: The user can restore the altered value to its original value.

Ports Scan: This module will scan all open TCP and UDP ports. A particular port entry will be highlighted if it is hidden.

NOTE: The user is provided with the option to terminate the connection.

Thread Scan: This module will enumerate all running processes. The user can click on a particular process to view and scan all threads running in context of that process. Any hidden threads will be highlighted in red.

NOTE: The user is provided with the option to terminate a thread.

File/Object Scan: This module will scan for any hidden files in the system. The user selects a location on the computer to scan.

Click here to read about Tizer Rootkit Razor’s features, in comparison with other anti-rootkit applications.

System requirements: Windows XP, Vista, Win 7

Download at: Tizer Secure

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything. To be safe, I occasionally use each of the rootkit detectors listed below, on my machines.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

6 Comments

Filed under Anti-Malware Tools, Don't Get Hacked, downloads, Free Security Programs, Freeware, Geek Software and Tools, Malware Removal, Rootkit Revealers, rootkits, Software, System Security, Utilities, Windows Tips and Tools

Specialty Malware Removal Tools For Killing Tough Malware

imageLooking at recent estimates provided by a large number of Internet security providers, the consensus seems to be that there are over 20,000,000 malware programs currently circulating on the Internet. So, if you should become infected by malware, it might not be any consolation – but, rest assured; it can happen to any one of us. We are, after all, facing overwhelming odds.

Much of today’s malware can be extremely difficult to identify and remove –despite a user relying on frontline antimalware applications to do the job. If you’re struggling with the reality of this statement, take a look at “Testing of antiviruses for the treatment of active infections” from Anti-malware Test Lab.

The following tools have been specifically designed to help users better identify malware infections, and then eradicate those specific infections. These tools require advanced computer knowledge, and unless you feel confident in your diagnostic skills, you should avoid them.

Here’s a reasonable test to determine if you have the skills necessary to use these application effectively. If you’re not capable of using, and interpreting, an application such as HiJackThis for example, it is unlikely that using these applications will prove to be beneficial. On the other hand, if you can interpret the results of a  HiJackThis scan, you’re probably “good to go”.

Should you choose to add these applications to your antimalware toolbox, be aware that you will need the latest updated version for maximum efficiency.

A-squared HiJackFree

The program operates as a detailed system analysis tool that can help you in the detection and removal of Hijackers, Spyware, Adware, Trojans, Worms, and other malware. It doesn’t offer live protection but instead, it examines your system, determines if it’s been infected, and then allows you to wipe out the malware.

Runscanner

If you’re a malware hunter, and you’re in the market for a free system utility which will scan your system for running programs, autostart locations, drivers, services and hijack points, then Runscanner should make your shortlist. The developers of Runscanner describe this freeware utility as having been designed to “detect changes and misconfigurations in your system caused by spyware, viruses, or human error.”

HijackThis

HijackThis is a free utility which heuristically scans your computer to find settings that may have been changed by homepage hijackers, spyware, other malware, or even unwanted programs. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.

The program doesn’t target specific programs, but instead it analyses registry and file settings, and then targets the methods used by cyber-crooks. After you scan your computer, HijackThis creates a report, and a log file (if you choose to do so), with the results of the scan.

RKill

RKill is a program developed at BleepingComputer.com – “It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.”

Emsisoft BlitzBlank

BlitzBlank is a tool for experienced users and all those who must deal with Malware on a daily basis. Malware infections are not always easy to clean up. In more and more cases it is almost impossible to delete a Malware file while Windows is running. BlitzBlank deletes files, Registry entries and drivers at boot time before Windows and all other programs are loaded.

McAfee Labs Stinger

Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

Specialty Removal Tools From BitDefender

Eight special removal tools including Conficker Removal Tool

Microsoft Malicious Software Removal Tool

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

NoVirusThanks

NoVirusThanks Malware Remover is an application designed to detect and remove specific malware, trojans, worms and other malicious threats that can damage your computer. It can also detect and remove rogue security software, spyware and adware. This program is not an Antivirus and does not protect you in real time, but it can help you to detect and remove trojans, spywares and rogue security software installed in your computer.

Norton Power Eraser

Symantec describes Norton Power Eraser in part, as a tool that “takes on difficult to detect crimeware known as scareware or rogueware. The Norton Power Eraser is specially designed to aggressively target and eliminate this type of crimeware and restore your PC back to health.”

Rootkit Tools:

If you think you might have hidden malware on your system, I recommend that you run multiple rootkit detectors. Much like anti-spyware programs, no one program catches everything.

Microsoft Rootkit Revealer

Microsoft Rootkit Revealer is an advanced root kit detection utility. Its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. According to Microsoft, Rootkit Revealer successfully detects all persistent rootkits published at http://www.rootkit.com, including AFX, Vanquish and Hacker Defender.

IceSword

IceSword is a very powerful software application that will scan your computer for rootkits. It also displays hidden processes and resources on your system that you would be unlikely to find in any other Windows Explorer like program. Because of the amount of information presented in the application, please note that IceSword was designed for more advanced users.

GMER

This freeware tool is essentially a combination of Sysinternals’ Rootkit Revealer and Process Explorer. The program can list running processes, modules and Windows services, in addition to scanning for the presence of rootkits.

Tizer Rootkit Razor

Tizer Rootkit Razor, will allow you to identify and remove Rootkits from your computer. I should be clear however, this tool is not “one-click simple” to decipher, and users need to be particularly mindful of false positives.

Since the false positive issue, is always a major consideration in using tools of this type, you should be aware that tools like this, are designed for advanced users, and above.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

12 Comments

Filed under Anti-Malware Tools, Computer Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Freeware, Malware Removal, Manual Malware Removal, Microsoft, Rogue Software Removal Tips, Rootkit Revealers, rootkits, scareware, Scareware Removal Tips, Software, Windows Tips and Tools