Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Malware Removal Guide
New Posts  All Forums:Forum Nav:

Malware Removal Guide - Page 2

post #11 of 29
Yea, using a different password for every site is key. As an example lulzsec just posted up the email addresses and passwords of over 60,000 people. There are people reporting stealing money from people's paypal accounts because they had the same email and password for paypal as they did for the website that was compromised.

Another vital piece of software is something to proactively defend against keyloggers. Good options are Prevx SOL, KeyScrambler (which I use) and Zemana anti-logger.
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
Good Ol' Bob
(15 items)
 
  
CPUMotherboardGraphicsGraphics
Intel Core i7-950 ASUS P6X58D LGA 1366 EVGA GeForce GTX 470 EVGA GeForce GTX 470 
RAMHard DriveOptical DriveOS
CORSAIR XMS3 6GB (3 x 2GB) 240-Pin DDR3 1600 1TB Western Digital LG DVD-RW Windows 7 x64 Home Premium 
MonitorKeyboardPowerCase
Acer P243W 24" Logitech K200 600W NZXT Tempest 
MouseMouse PadAudio
Logitech g9x X TRAC PADS PRO Senheisser HD555 
  hide details  
Reply
post #12 of 29
Thread Starter 
Quote:
Originally Posted by lucido;13901670 
Yea, using a different password for every site is key. As an example lulzsec just posted up the email addresses and passwords of over 60,000 people. There are people reporting stealing money from people's paypal accounts because they had the same email and password for paypal as they did for the website that was compromised.

Another vital piece of software is something to proactively defend against keyloggers. Good options are Prevx SOL, KeyScrambler (which I use) and Zemana anti-logger.

I use malware bytes it effective blocking the sites. But people get infected due to outdated java and Adobe that's how they get infected. Sandboxie is a great app to open the stuff in. Im busy out testing out Buster Sandbox analyzer. Its free it works with Sandboxie. It will analyze the programs in the sandbox and tell you if they behave like keyloggers or other malware. I'm been having fun with it and couple of samples I tested it picked it up. It gives you a nice detail report about it plus a threat level. Give it a try and play around with it. Its a small package
http://bsa.isoftware.nl/bsa.rar

Easy to use
post #13 of 29
EPIC guide! Ever use UBCD? thumb.gif
 
CPUMotherboardGraphicsRAM
|Core i7-3770k @ 4.5ghz HT ON| |ECS Golden Z77H2-AX| |Galaxy GeForce 560GTX 2gb 800/1600mhz| |Mushkin Blackline 2x4gb DDR3 1600mhz CL8| 
Hard DriveHard DriveHard DriveHard Drive
|Kingston SSDNow V+200 120gb KR-S3020-3H| |WD Caviar Green 1.5tb| |WD Caviar Green 1tb| |WD Caviar Green 1tb| 
Hard DriveHard DriveOptical DriveOptical Drive
WD Caviar Green 1tb| |WD Caviar Green 1tb| |ASUS 24x DVD+/-RW SATA| |LG 14x BDRW| 
CoolingOSMonitorKeyboard
|Noctua NH-D14| |Win7Pro-Ubuntu10.04LTS Dualboooooootz| |Insignia 39" 1080p 80hz, 3x Dell 17" 1280x1024| |Logitech K750 Wireless Solar Keyboard You Jelly| 
PowerCaseMouseMouse Pad
|Diablotek 775w Non-Modular You Not Jelly| |Cooler Master Elite RC-430| |Microshaft Wireless All-Surface Blu-Laser| |Bakabt.me Linux Command List| 
Audio
|Onboard| 
  hide details  
Reply
 
CPUMotherboardGraphicsRAM
|Core i7-3770k @ 4.5ghz HT ON| |ECS Golden Z77H2-AX| |Galaxy GeForce 560GTX 2gb 800/1600mhz| |Mushkin Blackline 2x4gb DDR3 1600mhz CL8| 
Hard DriveHard DriveHard DriveHard Drive
|Kingston SSDNow V+200 120gb KR-S3020-3H| |WD Caviar Green 1.5tb| |WD Caviar Green 1tb| |WD Caviar Green 1tb| 
Hard DriveHard DriveOptical DriveOptical Drive
WD Caviar Green 1tb| |WD Caviar Green 1tb| |ASUS 24x DVD+/-RW SATA| |LG 14x BDRW| 
CoolingOSMonitorKeyboard
|Noctua NH-D14| |Win7Pro-Ubuntu10.04LTS Dualboooooootz| |Insignia 39" 1080p 80hz, 3x Dell 17" 1280x1024| |Logitech K750 Wireless Solar Keyboard You Jelly| 
PowerCaseMouseMouse Pad
|Diablotek 775w Non-Modular You Not Jelly| |Cooler Master Elite RC-430| |Microshaft Wireless All-Surface Blu-Laser| |Bakabt.me Linux Command List| 
Audio
|Onboard| 
  hide details  
Reply
post #14 of 29
Thread Starter 
Quote:
Originally Posted by XPD541;13973012 
EPIC guide! Ever use UBCD? thumb.gif

ultimate boot cd? Not yet. Only Hiren. Hiren got all the removal tools mentioned except for Goorfix on it plus a utility to update the cd yourself. ill have a look at ubcd. Another reason I mention Hiren it got all freeware and some shareware utilities that's not cracked or anything which makes the cd legal without any infringements or anything. If ubcd meets that criteria I will add it thanks
post #15 of 29
Where did you copy/paste this from? Some of the information, while good, seems to be from the 1990's........
    
CPUMotherboardGraphicsRAM
INTEL ASUS XFX  SAMSUNG 
Hard DriveOptical DriveCoolingOS
WD/ST LG KUHLER WINDOWS 
MonitorKeyboardPowerCase
LG/SAMSUNG IBM MODEL M CORSAIR THERMALTAKE 
MouseMouse PadAudio
MS INTELLIMOUSE EXPLORER 3.0 REGULAR LARGE PAD ONBOARD but it USED TO BE A XONAR DG  
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
INTEL ASUS XFX  SAMSUNG 
Hard DriveOptical DriveCoolingOS
WD/ST LG KUHLER WINDOWS 
MonitorKeyboardPowerCase
LG/SAMSUNG IBM MODEL M CORSAIR THERMALTAKE 
MouseMouse PadAudio
MS INTELLIMOUSE EXPLORER 3.0 REGULAR LARGE PAD ONBOARD but it USED TO BE A XONAR DG  
  hide details  
Reply
post #16 of 29
Why on Earth would you need to rename ComboFix?

I've been using that tool for years and never had any issues with saving it to the desktop directly without renaming it to anything.

EDIT:
HOLD THE PHONE
Your ComboFix link directs to a rogue website that distributes infected versions of ComboFix. ComboFix should ONLY be downloaded from BleepingComputer:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

The proper executable even directly says not to download it from the location you linked.
Edited by TurboTurtle - 6/23/11 at 11:08pm
    
CPUMotherboardGraphicsRAM
Core i7 970 @ 4.0 GHz 1.22 Vcore Asus Rampage II Gene GTX 260 216SP G.SKILL PI 3x2gb DDR3 1600 @ 7-8-7-24 
Hard DriveOSMonitorPower
2x 500gb Seagates RAID 0, 1x 500gb non-RAID Windows 7 Professional x64 ASUS 24'' VH242H / Spectre 24'' WS Corsair 750TX 
Case
Corsair 300R 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i7 970 @ 4.0 GHz 1.22 Vcore Asus Rampage II Gene GTX 260 216SP G.SKILL PI 3x2gb DDR3 1600 @ 7-8-7-24 
Hard DriveOSMonitorPower
2x 500gb Seagates RAID 0, 1x 500gb non-RAID Windows 7 Professional x64 ASUS 24'' VH242H / Spectre 24'' WS Corsair 750TX 
Case
Corsair 300R 
  hide details  
Reply
post #17 of 29
Thread Starter 
Quote:
Originally Posted by GanjaSMK;13984424 
Where did you copy/paste this from? Some of the information, while good, seems to be from the 1990's........

you mean the extra info that's for general knowledge or the removal instructions?
Quote:
Originally Posted by TurboTurtle;13985692 
Why on Earth would you need to rename ComboFix?

I've been using that tool for years and never had any issues with saving it to the desktop directly without renaming it to anything.

EDIT:
HOLD THE PHONE
Your ComboFix link directs to a rogue website that distributes infected versions of ComboFix. ComboFix should ONLY be downloaded from BleepingComputer:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

The proper executable even directly says not to download it from the location you linked.

1. Malware don't scan signatures. They scan for file names of security products and removal tools then they try to kill it. So chances are good that it will search for the process Combofix and kill it.

2. The link I provided are from Combofix.org
Quote:
Introduction

ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program.
Thats what your link says
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Combofix.org is the homepage of the creator of Combofix. The two download links then provided from there are either from bleepingcomputer or Spywareinfo if I'm not mistaken.
If you go to that link scroll down to the bottom of the page you will see the following


Quote:
© ComboFix All rights reserved. This program was created by sUBs License: Freeware . Combofix's Disclaimer

Bleepingcomputer is just a host for the download. You'll see the link changes every 10 minutes as well. sUBS homepage is Combofix.org
Anything else?
Edited by Spooony - 6/26/11 at 9:16am
post #18 of 29
Dude You have every single trick I've learned on my own here! and more!

+1 bro

and unlie some of the posts here; I would say Copy pasta.. because I could not sit down a write down a how to that long!
I just think you have dedication thumb.gif
Edited by Dorianime - 6/28/11 at 1:05am
Dorianime
(15 items)
 
School Rig
(5 items)
 
 
MotherboardGraphicsRAMHard Drive
Clevo W120HNM/w170HN GT540M Samsung Seagate Momentus 
OS
Windows 7 ultimate 
  hide details  
Reply
Dorianime
(15 items)
 
School Rig
(5 items)
 
 
MotherboardGraphicsRAMHard Drive
Clevo W120HNM/w170HN GT540M Samsung Seagate Momentus 
OS
Windows 7 ultimate 
  hide details  
Reply
post #19 of 29
Thread Starter 
Quote:
Originally Posted by Dorianime;14032096 
Dude You have every single trick I've learned on my own here! and more!

+1 bro

and unlie some of the posts here; I would say Copy pasta.. because I could not sit down a write down a how to that long!
I just think you have dedication thumb.gif

thanks man. I did that guide on a nokia e63 with opera browser believe it or not lol
I had to manually add the urls and tags. I did the colouring on the pc.
post #20 of 29
Great guide, one thing I would change though. I would either move TDSS killer to first, or add a note that if it finds and fixes an infected MBR to run SAS and MBAM again, as in my experience TDSS often interferes with the operation of scanners.
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Malware Removal Guide