Posts Tagged ‘malware removal’

Extremely thorough steps for removing virus and malware

Posted by kglee | Filed under Software Fixes

Extremely
thorough steps for removing virus and malware

1. Boot to
safe mode using F8 key at boot (before windows load screen) -How To-

2. Run Combofix

(this is a surgical malware removal tool with 50 steps. Don’t
download the windows recovery when prompted to do so) -How
To-

It helps
to RENAME the Combofix

file to something other than the default as
some malware looks to block it from running. If combofix
wants to restart, ensure it restarts back into safe mode)

3. Run TDSSKiller

, remove anything found -How
To-

4. Restart in normal
mode

5. Run Revo
Uninstaller

(this program is used to uninstall programs that are highly
malicious in nature which may leave un-wanted pieces of themselves behind using
the normal uninstall process. (Uniblue Registry,
Crawler Toolbar, Ask Toolbar, Registry Mechanic, Frowstwire,
Limewire, Smilebox, Gamevance, Playsushi are just a
few examples) -How
To-

6. Run CCleaner

-Uninstall
unneeded but non-malicious installs (ie Google
toolbar, HP Games, etc) -Adjust startup (delete all startup entries that are
not required for normal use) -Clean registry (remove all bad entries found.
There is no need to do a backup) -Clean temp files (remove all temp files using
the stock CCleaner

settings)

7. Run TFC

(this will probably reboot the PC) -How
To-

8. Turn off system
restore. XP users: -How
To-

Vista or Windows 7 Users: -How
To-

9. Install Malwarebytes

–make sure
you decline the offer

10. Install Microsoft
Security Essentials

(OR
antivirus of your choice)

11. Install Spybot Search
and Destroy

*uncheck ALL additional
settings for Spybot.

12. Ensure all of
these are UPDATED TO THE THEIR LATEST DEFINITIONS!!!!

13. Run Malwarebytes

(more…)

Tags: ,
Read more | Comments (0) | Jun 26, 2011

How to remove Antivirus 2009 from your computer

Posted by admin | Filed under Software Fixes

I’d love to say that I spend all of my time playing games on the computer, on a tabletop, reading SF/F and enjoying my family.  However all but the last are simply hobbies for the time being and I support myself with a day job working with computers.

Which means that when friends have problems with computers, I generally get a call.  Which leads me to an article detailing a few ways to remove the Antivirus 2009 piece of crap that infested a friends machine.  Generally speaking I won’t post to many technical articles on this site.  But this piece of malware sucks and can seriously impede the ability of someone to use their computer for anything – productive or gaming related.  So here’s what I found out and what I did to remove it.  If you have further suggestions or techniques that work, please feel free to mention them in the comments.

Malware like Antivirus2009 and others of similar names are becoming more prevalent and harder to remove from Windows systems.   They actively disable antivirus/antimalware programs, redirect requests to get to anti-malware and anti-virus websites and install themselves as hidden virtual hardware to both work in safe mode and reinstall themselves if the ‘software’ is removed from the system.

These things masquerade as windows updates, or free online tools that tell users they’re infected by something and offer to fix it – often in the form of a pop up from the task bar.  To the uninitiated they look pretty much like a windows notification and can be mistaken as valid.

This particular POS (on an XP SP3 machine) was bundled with a hidden process named “TDSSserv.sys” It’s a service that re-directs all software updates (and requests to Symantec’s website among others) to 127.0.0.1 (your own computer) so that nothing will update. It also prevents Malwarebytes, Spybot, Adaware and Hijack This! and more from installing or running. On your machine it appears as a piece of hidden hardware. (more…)

Tags: , , , ,
Read more | Comments (0) | Feb 13, 2009