Posted 25 November 2009 - 11:08 PM
The theory is something like this
Person with a fair understanding of how to use computers comes across a computer with an infection. Person is not sure what kind of infection it is, although they have tried malware bytes and it has failed to run. Also the internet connection has been terminated in the last day or so.
This would be the typical situation that I can see my self coming across.
The following would be a typical list of tools that I turn to when fighting virus'
housecall 7.1 beta
Avast free av
and due to my recent success with it, although I do not know its limits
By using these tools, the windows recovery tools, some time and some thinking out side of the box, I have been able to remove about 90% of infections that I have come across.
Most of the time when permissions are an issue, I tend to use an sfc scan which has been working just fine so far.
Lost internet connections are a bit more of a challenge for me. I reset the Internet explorer settings, delete all temp internet files, disable all add ons, cookies and clear the ssl state. Next I delete all the contents of temp, %temp% and prefetch, and as a final precaution I disable all startup items and non ms services. Typically after I have done these things I regain internet connectivity, if I havent gained connectivity at this point I'm at a loss.
As for the actual removal of the virus, I leave that up to malware bytes and housecall.
These are basically my cleaning steps. As I have been reading more of the posts on this forum, I keep seeing more and more tools that Have been used in partial to remove infections. Could some one please explain some of these tools as to what they are used for, what are the limits of said tool, and most importantly will it work on the xp, vista and seven.
systemlook (and what does this command do ?)
C:\WINDOWS\system32 /n*.dll /t50
The following cmd commands
sc config eventlog start= disabled
sc config eventlog start= auto
DIR /a/s c:\scecli.dll netlogon.dll eventlog.dll >Log.txt&log.txt
So those are my steps, and the tools that I see your team using that I have questions about. Any feed back would be appreciated.