Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how best to use removal tools


  • Please log in to reply
4 replies to this topic

#1 seidler

seidler

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 08 September 2014 - 09:35 AM

Hi, I run a pc repair business and we clean systems daily. We currently use Malwarebytes, Combofix, Tdssk, JRT, ADW, Rogue Killer, HitManPro, Rill, CCleaner and Windows Defender or Security Essentials.
My question is does anyone have a recommended order to run them. We find that on a typical infected system that all of the tools clean something.
 
We currently run them in this order.
Rill
Cleaner (clean temp files, registry and start up items)
TDSSK
Malwarebytes
Rogue Killer
JRT
ADW
HitMan Pro
Combofix
We then reset ie, ff and chrome and delete the host file and reboot.

Mod Edit :Moved to Antivirus ...Software~~ boopme


Edited by boopme, 08 September 2014 - 10:28 AM.


BC AdBot (Login to Remove)

 


#2 DiegoA

DiegoA

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 08 September 2014 - 10:03 AM

Hello seidler,
 
Don't have a mandatory sequence, because each software listed handles a specific function.  Normally the use of each software varies with the analysis of log generated starting DDS, HijackThis or similar.
 
See you.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:53 AM

Posted 08 September 2014 - 03:25 PM

ComboFix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for malware. Also be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, OTL, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning a strategy for effective disinfection and a determination if using ComboFix is necessary.

With most Adware/Junkware/PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features (Add/Remove Programs) in the Control Panel or an alternative third party uninstaller like Revo. In many cases, using the uninstaller of the adware not only removes it more effectively, but it also restores any changed configuration. After uninstallation, then you can run specialized tools like AdwCleaner and JRT to fix any remaining entries they may find.

RKill is a tool primarily designed to terminate the most common malicious processes that prevent other security tools from being executed, complete a scan or used to disinfect the system. When RKill is able to terminate malicious processes and fix certain registry keys, that action usually allows other tools to perform scans and clean up routines to remove the infection. Therefore a scan with Malwarebytes Anti-Malware or similar tool should be completed immediately after running RKill. Since RKill is not designed to be a comprehensive malware removal tool, using it is not required in all situations. If you are able to run other security tools without them terminating, there is no need to run RKill. However, if RKill is run separately without or after other security tools, it's log can provide useful information to help diagnose the presence of malware or report other issues as the developer (Grinler) added some basic enumeration to the tool for various infections.

While CCleaner is safe and useful for removing these temporary and junk files, I do not recommend using the built-in registry cleaning feature unless you have a good understanding of the registry.

In fact, Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons.
Please read: Why you should not use Registry Cleaners and Optimization Tools
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:10:53 PM

Posted 08 September 2014 - 05:39 PM

Hello seidler:

Along with the always excellent advise above, IMHO your clients would be much better served by your running the ESET Online Scanner in place of Microsoft's Windows Defender/Microsoft Security Essentials, and only as a generality, mostly near the conclusion of the disinfection process. I have not overlooked your use of Kaspersky's TDSSKiller.

Perhaps for the sake of brevity, no mention was made of screen317's SecurityCheck with the aim of identifying glaring security holes.

 

HTH :)


All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:53 AM

Posted 08 September 2014 - 09:25 PM

BTW...you might want to add the Emsisoft Emergency Kit which contains a collection of programs that can be used without software installation to scan for malware and clean infected computers.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users