Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi! I'm from Minneapolis.


  • Please log in to reply
2 replies to this topic

#1 BarryKennedy

BarryKennedy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, MN USA
  • Local time:04:21 AM

Posted 11 March 2011 - 08:52 AM

Just saying hi!

I've been using this site for a long time, and I'm looking forward to contributing.

I've been an IT Pro for 13 years, and previously owned a computer repair shop. I've cleaned several hundred infected computers.

My methodology for removing viruses and malware tends to vary a bit from the route usually followed by Bleepingcomputers, but if that doesn't work, I come here.

First Step:
My first stab at a virus/malware infection (if I have physical access to the computer) is to boot the computer using a WinPE or BartPE boot disk (it's like a bootable mini Windows XP-Vista-7) and use Autoruns by Sysinternals (now owned by Microsoft) and running an "everything" scan which will find every driver, component, object - well, pretty much everything - that loads in Windows. Make sure to toggle between every user (which includes the local machine "user" and the NT System Security "user") and go through every field. Including drivers.

This takes about 5 - 15 minutes, and you can often disable the malware/virus, enabling you to remove it from safe mode while running MalwareBytes Anti-Malware.

If I don't have physical access (working on it remotely) I boot into safe mode and use autoruns. Then install, update and run malwarebytes.

If I have a problem getting to the internet, I replace the hosts file.
Have a problem installing or uninstalling anything in safe mode, I use a tool called SafeMSI - it's essentially a script to enable and start the windows installer service in safe mode should that be required.
You can do this manually as well.

Second Step:
If I have physical access to the computer, I remove the drive, put it in a USB cradle, and run a full MalwareBytes scan. My anti-virus resident protection essentially also scanning every file on the hard drive.
eSATA or USB 3.0 makes life easier here. You could mount the drive internally, just make sure you image your virus scanning computer first.

Third Step:
Go do something else. Sitting there and watching that scan work is like watching paint dry.

Fourth Step:
RTFM.
Go to BleepingComputers.com ;-)

Edited by BarryKennedy, 11 March 2011 - 08:56 AM.


BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:05:21 AM

Posted 11 March 2011 - 09:52 AM

At least the fourth step always works!
Welcome to BC.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 BarryKennedy

BarryKennedy
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minneapolis, MN USA
  • Local time:04:21 AM

Posted 02 September 2014 - 12:12 AM

Actually, these days step # 1 is always to go to BleepingComputer.com first...before doing anything.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users