Sign in to follow this  
Followers 0
mrmaxx

best generic free anti-malware app

13 posts in this topic

I'm trying to clean a colleague's personal machine and I keep running into the same problem -- stuff gets detected, but can't be removed by the tools I have. I'm using the "emergency antivirus" VipreRescue, and Malware Bytes, and MalwareBytes cleaned some stuff, and Vipre keeps finding stuff that it can't clean. :(

Most of what is found appears to be search hijackers, and I found one app that appears to be a search hijacker and am trying to uninstall it now. Hopefully that'll fix it, but if not, I'm looking for suggestions. I haven't kept up with this field since I'm no longer active in the IT world...

Share this post


Link to post
Share on other sites

...Seems like you've done the right thing in trying various tools, as it is said that sometimes one will catch things others don't and vice-versa. Petzl's sig may be worth a look and then of course there's always Google searches -- that helped me when I had a search hijacker. If your colleague is one of us poor souls running Windows, don't overlook Microsoft's tools, such as MRT and Windows Defender. As a last resort, initialize the hard drive and reinstall everything that is known to be safe.

Share this post


Link to post
Share on other sites

I'm trying to clean a colleague's personal machine and I keep running into the same problem -- stuff gets detected, but can't be removed by the tools I have. I'm using the "emergency antivirus" VipreRescue, and Malware Bytes, and MalwareBytes cleaned some stuff, and Vipre keeps finding stuff that it can't clean. :(

Most of what is found appears to be search hijackers, and I found one app that appears to be a search hijacker and am trying to uninstall it now. Hopefully that'll fix it, but if not, I'm looking for suggestions. I haven't kept up with this field since I'm no longer active in the IT world...

W1N7 32 bit here (helps to mention)

Search hijackers are more difficult as they are just annoying malware not a security risk

Look in Browser add-ons/Plugins (FF) OR "Manage Add-Ons (IE) to get name of search program

Check in Control Panel

"Uninstall or change a Program" and remove it

To remove Malware and you use window's you need to "right click" antiimalware and select

"run as administrator"

Last resort

FireFox has a reset button to default in Help/Troubleshooting Information (top right)

Share this post


Link to post
Share on other sites

W1N7 32 bit here (helps to mention)

Search hijackers are more difficult as they are just annoying malware not a security risk

Look in Browser add-ons/Plugins (FF) OR "Manage Add-Ons (IE) to get name of search program

Check in Control Panel

"Uninstall or change a Program" and remove it

To remove Malware and you use window's you need to "right click" antiimalware and select

"run as administrator"

Last resort

FireFox has a reset button to default in Help/Troubleshooting Information (top right)

Thanks, Petzl. I just updated his Avast and it ran a boot scan and found some stuff that I'd uninstalled, but apparently it left some hooks in the registry. *sigh* I just hope I can get it clean so this crap doesnt' come back. I was hoping someone had another tool to suggest. :)

Share this post


Link to post
Share on other sites

Thanks, Petzl. I just updated his Avast and it ran a boot scan and found some stuff that I'd uninstalled, but apparently it left some hooks in the registry. *sigh* I just hope I can get it clean so this crap doesnt' come back. I was hoping someone had another tool to suggest. :)

Often you need to google name of malware/spyware and see if google can show you how to manually remove it from registry

If recent just go back to a older restore point

Copy past to windows explorer

Control Panel\All Control Panel Items\Recovery

Edited by petzl

Share this post


Link to post
Share on other sites

Often you need to google name of malware/spyware and see if google can show you how to manually remove it from registry

If recent just go back to a older restore point

Copy past to windows explorer

Control Panel\All Control Panel Items\Recovery

Yeah. Problem is I have no idea how long the malware was on the PC. If he brings it back, I'll just have to do as you suggest and Google the spyware name and see how to remove it.

Share this post


Link to post
Share on other sites

If you Google, I'm sure you'll get hits on the bleepingcomputer.com forums which, although not intended for commercial service use (I suppose), seems to guide users through a process using nowhijackthis (and often malwarebytes as well). Might be worth having a look at the Security section of http://www.bleepingcomputer.com/forums/ - all way out of my league but would appreciate your thoughts/impressions.

S

Share this post


Link to post
Share on other sites

If you Google, I'm sure you'll get hits on the bleepingcomputer.com forums which, although not intended for commercial service use (I suppose), seems to guide users through a process using nowhijackthis (and often malwarebytes as well). Might be worth having a look at the Security section of http://www.bleepingcomputer.com/forums/ - all way out of my league but would appreciate your thoughts/impressions.

S

All are good all often detect malware but don't completely remove it

A couple of times with FireFox I have had to hit the reset to default button

Just about every download now attempts to hijack your search engine even Flashplayer updates

Share this post


Link to post
Share on other sites
...Just about every download now attempts to hijack your search engine even Flashplayer updates
Just about every time I run Malwarebytes these days (maybe once a month) it picks up P.U.P.s in temporary internet files. I'm guessing these are splashovers from those 'default' installations from unrelated updates which I always 'uncheck' (nothing to do with Clive Palmer, I'm sure - sorry rest of the world, Aussie joke). Diabolical liberties are routinely being taken with our systems, removing those vestiges probably just slows down the next update (but I kill them anyway, don't trust them, specifically disallowed their source and if ever I miss one of those checkboxes the plurry things will undoubtedly install at lightning speed, good argument to set browser to delete temp files on exit yet those are generally useful - not just spammers that spoil the internet).

OK, rant finished, I'll get over it.

Still a good idea to have a look at bleepingcomputer.com/forums (security) IMO, seem to be some very competent people assisting in that venue - it's about the process and re-iteration of checks, not just the software used.

Share this post


Link to post
Share on other sites

Just about every time I run Malwarebytes these days (maybe once a month) it picks up P.U.P.s in temporary internet files. I'm guessing these are splashovers from those 'default' installations from unrelated updates which I always 'uncheck' (nothing to do with Clive Palmer, I'm sure - sorry rest of the world, Aussie joke). Diabolical liberties are routinely being taken with our systems, removing those vestiges probably just slows down the next update (but I kill them anyway, don't trust them, specifically disallowed their source and if ever I miss one of those checkboxes the plurry things will undoubtedly install at lightning speed, good argument to set browser to delete temp files on exit yet those are generally useful - not just spammers that spoil the internet).

OK, rant finished, I'll get over it.

Still a good idea to have a look at bleepingcomputer.com/forums (security) IMO, seem to be some very competent people assisting in that venue - it's about the process and re-iteration of checks, not just the software used.

Yeah... Already told my co-workers there were some "skeletons" left. I forgot to clear out the temp internet files. Duh. :) If he returns it to me, I'll definitely get with the Bleeping Computer folks to see what can be done about removing the rest of the trash.

Share this post


Link to post
Share on other sites

Oh yeah, try NPE.exe (Norton Power Eraser - free - from Symantec). It is sometimes recommended by the CBE (depending on the infection detected/suspected in a spambot zombie) and is completely hassle free (and uncludes "undo") - https://security.symantec.com/nbrt/npe.aspx

I downloaded it some considerable time ago and had forgotten all about it. On a "geeky" computer it will most certainly come up with some false positives and maybe only the owner would recognise all of those as such - but anything removed can be restored (unless that facility is deliberately switched off at the start of the scans and why would you do that?).

There's no single security solution that will do everything every time (or even most of the time) without intervention - virus and malware development is too dynamic for that.

Share this post


Link to post
Share on other sites

Oh yeah, try NPE.exe (Norton Power Eraser - free - from Symantec). It is sometimes recommended by the CBE (depending on the infection detected/suspected in a spambot zombie) and is completely hassle free (and uncludes "undo") - https://security.symantec.com/nbrt/npe.aspx

I downloaded it some considerable time ago and had forgotten all about it. On a "geeky" computer it will most certainly come up with some false positives and maybe only the owner would recognise all of those as such - but anything removed can be restored (unless that facility is deliberately switched off at the start of the scans and why would you do that?).

There's no single security solution that will do everything every time (or even most of the time) without intervention - virus and malware development is too dynamic for that.

Wow... Norton/Symantec did something RIGHT? That's amazing. Last time I used Norton/Symantec, they were bloated, virtually useless anti-malware. Obviously at least some of it has changed. :)

Share this post


Link to post
Share on other sites
Wow... Norton/Symantec did something RIGHT? That's amazing. Last time I used Norton/Symantec, they were bloated, virtually useless anti-malware. Obviously at least some of it has changed. :)
Well, it USED to be lean and mean when Peter Norton wrote all the code - perhaps NPE is a legacy, retained and maintained, from those times. Oh, I meant the CBL, where did CBE come from? I need another beverage.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0