Blog

Expand Your Anti-Malware Toolkit

When dealing with malware and viruses on Windows systems, often one tool is not sufficient.  You may need to expand your tool set to include multiple applications in order to effectively clean off an infection or threat.

  • Turn off System Restore. This can be done in the System control panel. Don’t forget to turn it back on when you’re finished!
  • Clear temporary internet files (IE cache) for all profiles.  If you’re only dealing with a single-user computer, this is easily accomplished with the Internet Options control panel. If multiple users login to the infected computer, rather than manually deleting for each user, you can use ICSweep to view and delete the IE cache for all users.  Originally designed for terminal server environments, ICSweep works well on desktop operating systems, too.  You can download it here:  http://www.ctrl-alt-del.com.au/CAD_TSUtils.htm
  • CCleaner is also effective at cleaning out the IE cache, but only for the currently logged in user. http://www.piriform.com/
  • Boot the computer into Safe Mode with Networking, if possible, and launch your anti-spyware application. Safe Mode prevents many unwanted services & processes from running, but if you use the networking version, you can still update the definitions for your apps.  However, this isn’t always possible, depending on the nature of the infection, so you may need to boot to Safe Mode (with no networking) and manually update from another source (eg. USB drive).
  • I have had success using Malwarebytes’ quick scan for basic infection & removal. http://www.malwarebytes.org/.  Recently, I’ve found Hitman Pro to be very effective in detecting and removing root kits and boot sector viruses, such as Alureon.  http://www.surfright.nl/en/hitmanpro
  • You may need to boot to a CD, or use another method to scan externally, if you’ve got something that’s really entrenched.  There are many Linux-based “Live” CD images available for free download: http://www.knoppix.net/ or you can manually create your own Windows Preinstallation Environment (PE) CD http://technet.microsoft.com/en-us/library/cc766093%28WS.10%29.aspx Microsoft’s Diagnostic & Recovery Toolset (DaRT) includes ERD Commander disc images, and also includes Microsoft Security Essentials for offline scanning.