One of the more common requests I receive from users is that their computer is running slowly, or even worse, they’re getting a popup saying that their machine is infected with a virus and Extreme AntiVirus 2013 can remove that virus for the low low cost of $39.95! The message looks legitimate, but in reality, it’s a way to steal data, money, or both from a user.
In a corporate environment, this could be a disaster in terms of loss productivity, loss of proprietary data, and even financial loss. Antivirus/Anti-Malware programs have been improved a lot over the past couple of years to deal with 0 day threats, but there’s always the chance that something gets through. If that happens, what’s the best course of action to remove the nasty from your machine?
Here are 5 tools I use to clean up a machine and ensure that nothing stays:
1. Combofix
Combofix is the first tool I launch when someone hands me an infected machine. What does Combofix do? It does a few things:
- Scans your hard drive in common locations for infections
- Removes known threats
- Scans memory for rootkits and removes them if found. Rootkits are hidden applications that can re-infect a machine even when it’s “clean”.
- Restores corrupted operating system files
You can download Combofix here:
http://www.bleepingcomputer.com/download/combofix/
NOTE: That is the ONLY address you should download Combofix from!
The nice thing about Combofix is that it can be run in Safe Mode — often the only way you can boot a machine. It also will download the Microsoft Recovery Console if needed to fix bad infections. It’s also important to note that you should always download the latest version of Combofix from the website before attempting any cleaning. If you run an old version, the infection might be too new for Combofix’s database. Combofix will present a nice summary report of what it did. If you’re not sure it worked properly, feel free to email SPK for help in interpreting the log file!
2. Malwarebytes Anti-Malware
Combofix is great for cleaning out 99% of malware, but it too can miss stuff. In that case, after cleaning out a machine, I install, update and run Anti-Malware from Malwarebytes and perform a quick scan. This scan usually comes up clean except for some tracking cookies, but sometimes it picks up stuff that Combofix missed. Malwarebytes is a free product for Quick Scan, but the professional version offers real-time protection as well as more protection from malicious websites.
3. SuperAntiSpyware Portable Scanner
Some malware and viruses are really tricky. They can detect when you download Combofix or Malwarebytes and actually PREVENT them from running! So, how do you get around this? SuperAntiSpyware makes a portable scanner product which contains a single executable file that can be put on a USB memory stick and run on the infected computer. It also runs in Safe Mode. The executable contains a portable updated database so you don’t need an internet connection to update. The best part of this program is that when you download it, you are given a completely random filename to download, so viruses and Malware can’t delete it once they detect you’ve downloaded it! After downloading that random filename, you can easily copy it to a USB stick and run it in safe mode.
4. Kaspersky Rescue Disc
The tool is useful for very severe infections. For example, if a computer can’t boot or is so bogged down in Malware and viruses that it is unusable. The idea behind this is you download an ISO image of a CD, burn it to physical disc and boot the infected computer from the CD. Once it boots, it runs a version of Kaspersky to clean the computer out. I’ve only had to use this tool a couple of times and had good success with it. I recommend it if you have a heavily infected computer. The CD also will allow you to download the latest database from their site once it boots.
5. Spybot
Spybot was one of the pioneer programs for malware detection and removal. It’s still being developed and is still free for private use. They offer a home edition that provides scheduled scans and even scanning iPhone apps for malicious behavior. This program is a lot like Malwarebytes in that it can detect some spyware/malware that the other programs miss. I’ve had good success with this program and it’s always a good thing to have multiple scanning programs in your arsenal.
I hope these tools can help you in cleaning out your or someone else’s computer. As always, feel free to comment about this article on any tools or tricks you know to help fight malware and spyware! If you run into an infection that you can’t solve, drop us a line, we are happy to help!
Next Steps:
- Contact SPK and Associates to see how we can help your organization with our ALM, PLM, and Engineering Tools Support services.
- Read our White Papers & Case Studies for examples of how SPK leverages technology to advance engineering and business for our clients.
Bradley Tinder
Systems Integrator
SPK & Associates