Instructions for posting advice in Am I Infected

Instructions for posting advice in Am I Infected

As a member you are allowed to interact with others that post in this area. Any advice given is subject to modification or removal by the moderating team. We appreciate the fact that you are trying to help others with your advice, but we require that this advice be kept general and minimally invasive. Preliminary scans, active scans and non-malware related tools are allowed to be used here, along with advice for A/V and other protection programs. Modification of OS settings and general tweaks to resolve problems is allowed, but advice for the removal of any files, folders or programs is restricted.

Posting instructions for the use of the following by non-staff members is prohibited in this area, as well as in all other areas of the forums. This list contains tools and procedures that are forbidden, the instructions for using similar tools or procedures should not be posted here, or elsewhere on Bleeping Computer forums, without prior Staff approval.

• ComboFix instructions or discussion.
• HiJackThis, DDS, OTL, RogueKiller, or RSIT instructions.
• FRST (Farbar Recovery Scan Tool).
• Manual rootkit removal using non-automated and advanced ARK tools (MBRCheck, MBR.exe and Esage Bootkit Remover).
• Automated registry cleaners.
• Advanced Registry instruction. Simple registry fixes are permitted but they must be accompanied with a warning to back up the registry first.
  The BC staff will monitor (review) registry fixes and if we determine they are dangerous or incorrect, the instructions will be removed.
• Custom scripts, batch files.
• Other specialized fix tools the BC Staff deems untrained members should not recommend for use.

Note: This list is not limited and we may add to it as necessary. These restrictions are in place to ensure that only safe and effective methods are given to members seeking help with a malware problem.

WHY are these tools restricted? Most of these tools require guidance and supervision by trained experts. Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible.

Related topics:

• Rootkit intervention in AII
• Am I Infected? What do I do? How do I get help? Who is helping me?
• A Reminder To Our Members Regarding Malware Logs
• Rules Violation: Replying to Malware Removal logs

Rootkit intervention in AII

Please note, Root Repeal, TDSSkiller and GMER have been added to the list of allowed tools to be run in AII. These tools are to be used for scanning and automated removal only. If there is an indication of a rootkit present that cannot be removed with these automated tools, the member should be referred to the Virus, Trojan, Spyware, and Malware Removal Logs forum.

Advanced tools like aswmbr and MBR.exe are not allowed, except for diagnosing and disinfection purposes when requested by trained experts on our Malware Response Team.

Note: This list is not limited and we may add to it as necessary. These restrictions are in place to ensure that only safe and effective methods are given to members seeking help with a malware problem.

As there are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by Malware Response Team members or above (qualified Moderators, Administrators and Advisors).

WHY are these tools restricted? Most of these tools require guidance and supervision by trained experts. Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible.

Only Malware Response Team members or above should be posting advice about this infection!