Malware Removal Guide - Step by Step

All programs will be portable thus packaged so they run from a removable storage device such as a USB drive. In other words, the software provided will not install itself on your local hard drive and will run just by double clicking it. The good thing about portable software is that you can store the folders containing the software virtually anywhere, CD-RW, USB Flash Drive, or your Local Drive. I will also include the programs in U3 format for those who prefer to run them off a U3 Smart USB Flash Drive.

Software Installation Instructions:

For Portable Version:
Uncompress the file and run the executable file.

For U3 Version:
Use the U3 installation wizard from the U3 Smart Menu to install the app to your U3 Smart system.

Clean Adware, Rootkits, Spyware, Trojans, Viruses and Worms. Malware is short for malicious software. It is a general term that refers to any software or program code designed to infiltrate or damage a computer system without the owner's informed consent. This guide will show you how to remove these infections and protect yourself from future infections using free software.

FACT: 89% of consumer PCs are infected with spyware

---

First Step - Cleaning Up The Windows OS

In this step we will clear up space from your system by removing temporary files, browser history, cookies, browser forms, and registry errors with the following applications.

---

CCleaner


CCleaner is system optimization and privacy tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. But the best part is that it's fast.

Downloads:
- Download


- Download


Instructions - Download and run. Go to the "Windows" tab, then select "Run Cleaner". Finally select the "Registry" button and select "Scan for Issues" when it finishes scanning, select "Fix Selected Issues", then "Fix All Selected Issues".


Prefetch Cleaning Warning - The Advanced section has a performance slowing cleaning option "Old Prefetch data", never select this option for cleaning as it will increase application and Windows load times. Cleaning the Prefetch folder is a Myth and actually hurts performance. Windows XP automatically cleans this folder at 128 entries back to the 32 most used prefetch files. Anyone who claims this should be cleaned for ANY reason does not understand how Windows Prefetching works.

---

CleanUp!


CleanUp! is a powerful and easy-to-use application that removes temporary files created while surfing the web, empties the Recycle Bin, deletes files from your temporary folders and more.

Downloads:
- Download


Prefetch Cleaning Warning - Download and run. Select the "Options" button, uncheck "Delete Prefetch files" and then "OK". Next select the "CleanUp!" button and when it is finished select the "Close" button and then "Yes" to logoff and reboot your system.

---

Second Step - Scanning And Cleaning
In this step we will perform a few scans with multiple scanners to rid the system of malware.

---

Rogue/Suspect Anti-Spyware Products & Web Sites - The Malware removal market is being flooded with bogus scanners, some even closely resemble legitimate programs like Spybot Search and Destroy. These Rogue programs can produce false positives, leave actual Malware installed or worse even install Malware. I strongly recommend only using the following programs and uninstalling any other scanners you may have tried.

Clean and Infected File Sharing Programs - Microsoft Windows Defender will detect numerous Peer to Peer programs as Malware. If you are 100% positive you are using a non Malware infected file sharing program select ignore on these entries. Use this list to be sure.

Cookies are not Spyware - While certain cookies can still pose some privacy concerns and if you wish to remove them, it will do no harm. The point is, when you find many of these, after running a standard scan, you should not get excited that you are infected with Malware.

Before we begin disable or shut down any running Anti-Virus and Anti-Spyware software your system has installed.

---

First we will run a few applications that will target viruses.

---

Trend Micro Sysclean Package


Trend Micro Sysclean Package is a stand-alone fix package that incorporates the Trend Micro Malware and Spyware scanning engines as well as the Trend Micro Damage Cleanup Engine. This tool will terminate all detected malware/spyware instances in memory, remove malware/spyware registry entries, remove malware/spyware entries from system files, scan for and delete all detected malware/spyware copies in all local drives.

Downloads:
- Download


Latest Virus Pattern File: Download

Latest Spyware Pattern File: Download

Instructions - Download all the files; the latest Virus Pattern File: lptXXX.zip and the latest Spyware Pattern File: ssapiptnXXX.zip (Ssapiptn.Da5). After you unzip the "lptXXX.zip" and "ssapiptnXXX.zip" pattern files, move them to the "TrendMicroSysClean" folder then run "sysclean".

---

Avira AntiVir


Avira AntiVir Personal is a German made, comprehensive, easy to use antivirus program, designed to offer reliable free of charge virus protection to home-users with a 99.7% Malware Detection Rate.

Downloads:
- Download


Instructions - Execute or Run AVWIN.exe, it should automatically execute a quick system test. Now, select the drives you would like to scan and run the scan.

---

McAfee Avert Stinger


Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.

Downloads:
- Download


Instructions - Run Stinger.exe and execute the scan by clicking 'Scan Now'.

---

ESET Nod32 Antivirus System

Integrated, Real-Time Protection against viruses, worms, trojans, spyware, adware, phishing, and hackers. Best detection, fastest performance & smallest footprint. Nod32 Antivirus System provides well balanced, state-of-the-art protection against threats endangering your PC.

Downloads:
- Download


Instructions - Run nod32_20090420.exe Click next and on the next screen check the box and continue. If you would like for the application to scan and clean automatically click on 'Scan and Clean' otherwise just run a 'Scan'.

---

McAfee Virus Scan

McAfee VirusScan Command Line Scanner offers advanced anti-virus scanning technology in a UNIX-based or Microsoft Windows-based utility. You get comprehensive threat detection and cleaning with command-line granular control. However this application is written to easily operate the DOS line scanner. It is also known as Bart's McAfee VirusScan GUI Wrapper.

Downloads:
- Download


Latest SuperDat File (sdatxxxx.exe) - Download
**(where xxxx is the version number, for example sdat4290.exe)


Instructions - After you have downloaded both the application and the latest SuperDat file make sure you execute the following instructions precisely. Make a new folder on the root of your Hard Drive and name it mcafee. Example - C:\mcafee Place the SuperDat File in the mcafee folder we have just created. Now you must unpack it using the "/e" parameter and to do so, use the RUN command under the START menu and type in C:\mcafee\sdat####.exe /e (#### must be replaced with the numbers of your sdat.exe). When unpacking you will not see anything happen for about 20 seconds, just wait for it. Once it is finished unpacking the files, place them in the McAfeeVirusScan folder you extracted folder from the McAfeeVirusScan.zip. Some files will be replaced, so do not be alarmed if you are asked permission to replace them by your computer. Now that we are done, run the SCANGUI.exe file and check the preferences you would like to run under and proceed with the 'scan'.

---

Now we will run a few applications that will target SpyWare.

---

Spybot - Search and Destroy


Spybot - Search and Destroy detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications. Spyware silently tracks your surfing behavior to create a marketing profile for you that is transmitted without your knowledge to the compilers and sold to advertising companies.

Downloads:
- Download


Instructions - Run SpybotSD, select "Update", "Search For Updates", "Search", check the box next to each update and select "Download Updates". When this is finished go to "Settings", "Ignore products", "All products" Tab, right click on "Product", left-click on "Deselect all". Finally select "Search and Destroy", "Check for problems" and after scanning is complete "Fix selected problems".

---

Ad-Aware


Ad-Aware protects you from spyware that secretly takes control of your computer, resulting in aggressive advertising pop-ups, sluggish computer activity and even identity theft through stolen private information.

Downloads:
- Download


Instructions - Run the Ad-Aware.exe file and as you do so, the program will prompt you for an update. SKIP IT and continue. Once the application's main screen pops up, execute a 'WebUpdate'. Once that is done, run a scan.

---

HijackThis


HijackThis is an awesome utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs. HijackThis creates a report, or log file, with the results of the scan.

Downloads:
- Download


Instructions - Run the application and click on "Do a system scan and save a log file". It shouldn't take the application long to finish its process. After that is done, click on "Analyze This". HijackThis will attempt to upload the log file to Trend Micro's data analyzers and it should take a while for the page to load. Now click on "Stats on Your Log File Entries". Analyze the information and modify at your own risk by checking the box of the desired entry, from the the program, and finally click "Fix checked".

---

Trend Micro RootkitBuster


Trend Micro RootkitBuster is a rootkit scanner that scans hidden files, registry entries, processes, drivers, and Master Boot Record (MBR) Rootkits. In addition, RootkitBuster can also clean hidden files and registry entries.

Downloads:
- Download


Instructions - Instructions - Download, unzip and run. Check all boxes and then select "Scan". Delete any items it finds and run it again to confirm you are clean.

---

Once you have completely cleaned your system, if you are infected with any key loggers, you need to immediately change ALL your passwords you have typed in from that computer.

In order to insure maximum malware removal it will require a more thorough scan. Reboot your computer into safe mode by pressing the F8 key down during boot up and selecting "Safe Mode" from the Windows Advanced Options menu. In safe mode do another Sysclean scan and remove the remaining Malware infections.

---

Read rest of entry

Protect Yourself From Malware, Spyware, or Adware Programs

In this post I will cover many aspects of the Virus community. That is, from what it is, to how to protect our system from them.

Files:
McAfee
Download
This is a Full McAfee release.

Norton Trial Reset Download
This is a Norton 2009 Trial Reset
Get the trial from Here: Download

Geek Squad MRI CD v5.0.0
Download
Technically this info is supposed to be classified and top secret, im not kidding. Anyone known to possess and use a MRI cd without express permission from bestbuy could be subject to legal action.

What is a Virus?

A computer virus is a program designed to replicate itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. I virus is always built in some form of executable code and can only spread from one system to another when sent over a network or the Internet, or literally carried to another system via floppy disk, CD, DVD, or USB drive.

Computer Virus is often used to describe all types of malware. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware, and other malicious and unwanted software), including true viruses. . A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed.

Malware will forever live and developers, who script them, will always exist, but there steps you can take to protect your system.

Picking your Operating System
Any operating system that allows third-party programs to run can theoretically run viruses, but some operating systems are less secure than others.

Microsoft Windows OS:

The users of Microsoft software (especially networking software such as Microsoft Outlook and Internet Explorer) are especially vulnerable to the spread of viruses. Microsoft software is targeted by virus writers due to their desktop dominance, and is often criticized for including many errors and holes for virus writers to exploit.

Unix OS:

Unix natively blocks normal users from having access to make changes to the operating system environment, and only allow their users to run executables within their own protected memory space.

Mac OS X:

Apple states that there are only four known viruses, but independent sources state there are as many as 63 viruses.

Anti-Malware Software
Spy Sweeper, McAfee, Norton, Trend Micro, Kaspersky are all well known Anti-virus/malware solutions but 'will not' remove all traces/signs of infection and you should always take other precautions.

Have a system backup!

You should always backup all your files onto an external hard drive. I do not recommend system restores because a system restore will only 'restore' the system to the time/point which you restored it. BACKUP all your important files by plainly transferring them to an external hard drive. And them perform a scan on the external HD.

Scan Suspicious Emails
This is extremely important!
There are programs known as keyloggers that will detect and record every keyboard stroke you will make. That is: passwords, websites visited, anything you type, which means your identity is at threat. Keyloggers are usually merged with files that are emailed to you so there is no possible way to identify them physically.

How to detect a KEYLGGER program:
- Check the task list by press ctrl+alt+del in windows. Examine all the tasks running, if your unsure of a task and look it up on a search engine.
- Use the system configuration utility to determine which task are loaded at start-up (type "msconfig" in the run box to start).
- Run your antivirus checker, it's possible, but most likely not, this will pick up the Keylogger on your system.
- Scan your hard disk for the most recent files stored. Look at the contents of any files continually updating (these might be logs).
- Run Spybot S&D, this program checks for some known keyloggers.

Geek Squad MRI
This is a great tool. The disc has tools to help fix and repair computers - it has AntiVirus, AntiSpyware, Disk Cleaner, Process List, Winsock Fix, etc, all in an attractive and quite usable interface! It has the LASER AntiVirus & Spyware Removal System to quickly and efficiently remove all vestiges of malware!

The Last Resort
The last option is reformatting the hard drive and a clean install or reinstallation of the preferable operating system. Of course if you back up all your files onto an external HD it wouldn't be a problem. Geek Squad use this all the time; that is how they work so fast.

Read rest of entry

WEP Cracking

This is an extremely easy way on cracking WEP encrypted networks. We will be using SpoonWep in BackTrack 3. Is you dont have BackTrack 3 already check out the previous post, HERE!

What you will need:
-BackTrack 3: Download
-A compatible wireless adapter: Here
-This wireless adapter I recommend: Alfa AWUS036H


SpoonWep in BackTrack 3 (booted on a PC or Mac or in VMware)
With the same BackTrack 3 live CD or VMware image that we used on the previous post, you can bypass almost all the commands you see there and use SpoonWep instead. When you're booted into BackTrack 3, from the KDE menu, choose BackTrack>Radio Network Analysis>80211>Cracking>SpoonWep. You'll get the window you see in the screenshot here. All you need to run SpoonWep against a Wi-Fi network is its channel and BSSID. (I used the previously-mentioned airodump-ng command to get the BSSID of my router; you can also use Kismet in the BackTrack>Radio Network Analysis>80211>Analyser folder of BackTrack's KDE menu to get that info.)

Enter the BSSID in the "Victim Mac" field of SpoonWep. Choose your Wi-Fi adapter from the drop-down, set the channel, and launch your attack. Increase or decrease your injection rate using the slider.

As for the BackTrack 4 pre-release, supports more wireless cards and can crack passwords faster using aircrack-ptw. BT4 consistently froze on me, but I believe it was the version of the Alfa USB adapter I was using that caused the problem, so your mileage will likely vary.

Read rest of entry

BackTrack 3

BackTrack is a Security-Focused Live CD Packed With Amazing System Tools

BackTrack can be installed to a regular boot cd, a USB drive, installed to the hard drive, or even downloaded as a VMware virtual machine. For our testing, we used the BackTrack 3 stable release instead of the Beta 4 version.
Download:
Backtrack 3 Download


After inserting the LiveCD and starting the boot process, you'll be prompted to choose which window environment to load up—the distribution includes the more graphically pleasing KDE, or the trimmed-down Fluxbox window manager.

Once you've booted to the desktop you'll notice the default resolution is 800x600, but can be easily changed through the system tray icon to any resolution.

The slick system monitoring application on the right-hand side of the first screenshot doesn't get started automatically—to open it, you'll need to use the Alt+F2 shortcut key and type leetmode into the command window. You can unlock the position of the monitors through the context menu, and drag them wherever on the screen you'd like.

One of the more interesting features in the Live CD is the inclusion of the excellent and Yakuake drop-down terminal window, which can be launched through the Alt+F2 dialog, or found under the System menu. Once started, simply use the F12 key to toggle the slide-down terminal.

Connecting to any network resource can be done easily with the Network Folder Wizard, found in the menus at Internet -> KNetAttach. You can easily map to a Windows share, SSH, or FTP server using the wizard—which is nothing more than an easy front-end to the Konqueror browser's rich connection support.

Since this distribution is focused on security, you can find a ton of security-focused tools under the Backtrack menu, although there are far too many to mention them here—you'll have to explore them on your own.

One of the more useful security tools for everyday use is the chntpw utility (found in the menus under Privilege Escalation -> PasswordAttacks) that can reset any Windows password easily from the command line.

BackTrack 3 is a free download, works almost anywhere Linux does. Its an amazing Live CD.

Read rest of entry