Cleaning malware software when you can't format?

[riahc3]

I wanted to know what you guys use to clean Windows machines which are infected with all type of malware (we are excluding viruses here for the sake of different types of software) and you just cant format for whatever reason.

I prefer free software.

Personally I still use Malwarebytes' Anti-Malware

 

[Ketchup]

MBAM is one. It won't get everything.

Super Antispyware is another good one.

Run AV on the computer.

Out-of-place items in add/remove is always a good to remove.

CCleaner can clean the junk out of the browser and user temp folders.

If it's really bad, you will need a rootkit remover.

 

[Fardringle]

Malwarebytes, SuperAntiSpyware, and AdwCleaner are my preferred options. The first two scan for malware, and the third removes leftover browser hijack settings and registry entries.

 

[TuSpockShakur]

Hitman Pro (30 Day Trial), Combofix (Caution), Tdsskiller, Spybot.

 

[Kaido]

Hitman Pro (30 Day Trial), Combofix (Caution), Tdsskiller, Spybot.

FYI Malwarebytes has a Rootkit remover available free in beta:

https://www.malwarebytes.org/antirootkit/

It's been even better than TDSS Killer for me :thumbsup:

 

[code65536]

Most malware can be cleaned manually with relative ease using Process Explorer and Autoruns. Even if an automated cleaner is used, it's still a good idea to do a survey of the system with PE/AR afterwards.

 

[HOSED]

If you are working on an active issue the above suggestions are great. I would also do my scans in safe mode, or use portable versions that run outside of the OS via flash media.
If this is a general question, regular image backups to external hard drives can save hours of scans, reboots, registry edits, etc.

 

[riahc3]

Thank you. Most of these I knew (didnt remember the name) but there are some new ones in there.

 

[riahc3]

I cant find a good clean home page link for AdwCleaner.

 

[Ranulf]

http://www.bleepingcomputer.com/download/adwcleaner/

 

[holden j caufield]

bleepingcomputer has some great freeware. TDSkiller has been pretty good, adwcleaner, roguekiller, malwarebytes etc. Pretty much anything but symantec and mcafee

 

[Underclocked]

ESET's online scanner is also quite good if you check removal of PUPS and the correct advanced options.

 

[Sattern]

I use MalwareBytes Professional, Super Anti-Spyware, Microsoft Security Essentials and my own due diligence to ensure my PC is protected and safe at all times.

 

[mirageracerx]

IMO if it is heavily infected, its not worth your time to clean. it will be easier and better in the long run to back up critical files, reformat, and migrate back in. you can always go the other route with scanners, etc. but it seems like virus' and malware seem to take a bit of your OS every time it is removed.

 

[Noo]

I never trust the machine after it's infected. Even after all the antivirus and antimalware said it's cleaned.

 

[riahc3]

I wanna state that I would format it too. But in case it cannot be formatted, how would you clean it...

 

[mikeymikec]

If you have the equipment, disconnect the disk and connect it to another machine and scan it from that machine's normal OS (if other suggestions haven't worked).

You could also try swapping your anti-virus package for another (free) one and do a full scan with that.

 

[Blain]

I would start by running rkill (.com rather than the .exe).

 

[MongGrel]

A bunch of things I've seen listed I wouldn't trust either, but just me maybe.

MalewareBytes I've always used, and I haven't needed MSE with 8.1 on the main I guess.

I've a few doing other things in places I won't even try to explain I suppose.

 

[Batmeat]

Malwarebytes, SuperAntiSpyware, and CCleaner. Avast for Anti-Virus. That's all I use, and I use them in that order. Spybot used to be good, but then it took a nose dive. I can't speak for it's effectiveness over the past year though.

 

[ImpulsE69]

I never trust the machine after it's infected. Even after all the antivirus and antimalware said it's cleaned.

Then you can never be online, because just surfing gets that garbage, it doesn't matter where you go or how much you turn off. It's inevitable.

MWB and Superantispyware are what I use. Neither seem to get everything, so running more than one (and maybe even 3) is important.

 

[code65536]

Then you can never be online, because just surfing gets that garbage, it doesn't matter where you go or how much you turn off. It's inevitable.

I really gotta wonder how people are surfing if statements like this are being made. Because in my 20+ years of Windows computing, I've never gotten malware, adware, or even shady-but-not-quite-so-bad-ware. Oh, and I also think that anti-virus software is heretical and haven't used them since '96 or so.

Do people just click through confirmation dialogs without seeing what they are?

 

[Loser Gamer]

I really gotta wonder how people are surfing if statements like this are being made. Because in my 20+ years of Windows computing, I've never gotten malware, adware, or even shady-but-not-quite-so-bad-ware. Oh, and I also think that anti-virus software is heretical and haven't used them since '96 or so.

Do people just click through confirmation dialogs without seeing what they are?

I'm telling you. I've been on the net for many years and never had a virus.

I remember back when adware was one of the only software to run. It would report your ordinary cookies as bugs. lol


I guess some people can't spot a shady advertisment on a page and they click it and download stuff all day long. If you can't spot the spam ads have someone else do your surfing for you lol

 

[fire400]

I never trust the machine after it's infected. Even after all the antivirus and antimalware said it's cleaned.

opting for full restores, can save a lot of precious time and money.
back up files as necessary, intensive scans well advised for severely damaged systems.

if the partition(s) is really bad, write 1's and 0's to the entire drive and perform hardware health test(s).

also, keep it mind, infections (hives, spreading) may be in more than just the pc that was noticeably infected, such as routers, hubs, external drives, networked OS's, 3rd party equipment, and unpatched/secure connections. there are too many exploits out there to name that go unnoticed until the public/private sector get hit bad enough, but not everyone is a lucky-lucy.

and for those not running any kind of antivirus/firewall/security patching, to this day and age -
...the underlying question is, if ebay, target, banks and other small/large organizations were compromised at one point for a number of exploits, what makes us think that current/future exploits aren't going to target "less-secure" operating systems/hardware? any kind of security is better than none, even if you're going to run absolutely no AV on a VPN-tunnel router, the VPN is still better than nothing. even the default router firewalls are better than being on straight open DMZ. that is, for baseline usage.

 

[MontyAC]

In addition to the above recommendations, you should also sandbox your browser for extract surfing protection. I use Sandboxie, great program.