Windows 7: 10 tips for getting rid of stubborn malware.

JMH · 27 Apr 2010

Quote:

It doesn't matter how diligent you are about security, or how often we bang on about protection and prevention, sometimes the genie escapes the bottle and you find yourself in the unpalatable position of being infected by some nasty critter.
If you're having trouble getting rid of malware, read on for 10 handy tips that could prove the difference between reclaiming control of your PC or reaching for the recovery or reinstall disc.

1. Gain access to a clean PC

Do your research and download the tools and fixes you need on another PC that's not infected. Don't transfer anything via your network or a USB flash drive; instead, burn it to a CD or DVD, which won't pass on the infection after being in close contact with the infected computer.

2. Reclaim Safe mode

One nasty trick malware performs is to delete the SafeBoot Registry key, which basically cripples Safe mode. Open Registry Editor on a clean PC running the same version of Windows, browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ and export the SafeBoot key to a Registry file. Transfer this across to your infected PC and attempt to merge the REG file into your Registry.

More -
http://www.techradar.com/news/comput...ss&attr=newspc

Tews · 27 Apr 2010

Excellent article.. Thanks Jan! ;

Desslok · 27 Apr 2010

Excellent info for everyone.

CarlTR6 · 27 Apr 2010

Great post, Jan. You ought to write this article up in your words and make it into a tutorial.

Corrine · 27 Apr 2010

Although some of the tips are good, the article's toolkit and instructions are not correct or incomplete.

Since the article is directed to the general public, the suggested registry edits should first include instructions for backing up the registry.

Note the following as well:

1) Unless an internet connection is re-established, additional instructions are needed in order to install the latest MBAM dat files.

2) Although MBAM works in safe mode, it is intended to work in normal mode. Since some malware is not active in safe mode, it is best, if at all possible, to scan in normal mode.

3) ComboFix is not a "free-for-all" tool and should only be used with the guidance of a trained malware expert.

4) The same can be said for HijackThis. A novice should not be removing things with HJT.

5) Installing and running a massive list of random tools without knowing what is needed is unnecessary.

6) S!Ri's SmitfraudFix has not been updated in about a year. He is a Malwarebytes Researcher.

7) CWS? Come on. When was the last time anyone saw CoolWebSearch? TrendMicro hasn't updated it in years -- probably since obtaining it from Merijn.

8) The site for Virus Effect Remover is identified as being "Under Construction", thus not a tool I would recommend.

jimbo45 · 27 Apr 2010

Hi all
I'd go for a simpler solution.

After you've initially installed and activated Windows 7 DISCONNECT from the INTERNET and then install your trusted applications.

- You could also save the image BEFORE activation -- choice is yours.

Make an IMAGE backup of this and burn to a non RE-Writeable media such as a DVD+R and finalize it. NOW SAVE THIS IN A SAFE PLACE AND USE THIS AS YOUR REFERENCE INSTALL SYSTEM.

Now any time you think you've got a virus etc just restore the image again. - 10 - 15 mins for most typical Windows 7 installations.

(Your Normal Backup procedures will have things like email folders etc which you can restore separately after having Virus scanned then).

Cheers
jimbo

Windows 7: 10 tips for getting rid of stubborn malware.

10 tips for getting rid of stubborn malware. problems?