Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Must have tools to have with your virus/ and malwarebytes


  • Please log in to reply
9 replies to this topic

#1 JSTJ704

JSTJ704

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 23 September 2014 - 04:41 PM

I got bitdefnder total 2015 at first it seemed ok program I didn't care to much for the 2014 but I like the 2015 and running malwarebytes pro. I see there is such tool as RKILLER. What is some good tools to run before or after scans? Or speical tool to find them little hidden infections?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:07 AM

Posted 23 September 2014 - 05:29 PM

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer is a tool primarily designed to terminate the most common malicious processes that prevent other security tools from being executed, complete a scan or used to disinfect the system. When RKill is able to terminate malicious processes and fix certain registry keys, that action usually allows other tools to perform scans and clean up routines to remove the infection. Therefore a scan with Malwarebytes Anti-Malware or similar tool should be completed immediately after running RKill.

Since RKill is not designed to be a comprehensive malware removal tool, using it is not required in all situations. If you are able to run other security tools without them terminating, there is no need to run RKill. However, if RKill is run separately without or after other security tools, it's log can provide useful information to help diagnose the presence of malware or report other issues as the developer (Grinler) added some basic enumeration to the tool for various infections.

For example, Rkill includes Junction/Reparse point detection for ZeroaAccess. If found, the log will show: * ALERT: ZEROACCESS rootkit symptoms found! RKill provides Digital Signature Detection...it will scan various Windows files to determine if they are signed. If a signature is not detected on a file that should have one, RKill will report it. Rkill will also provide a list of possible replacement files (noted by [Pos Repl] tag) for the file that failed the signature test. RKill provides Windows Service integrity checking and reports when certain necessary services are not running. RKill reports when certain policies are enabled that disabled Automatic Updates, System Restore, Windows Defender. Rkill resets .EXE, .COM, & .BAT associations in the Windows Registry. RKill will remove any Proxy settings that are found when it is run and export the configuration to a registry file (rk-proxy.reg) saved on the desktop. Some types of malware can alter those settings which can affect the ability to browse, update and download programs required for disinfection. If the proxy is legitimate you can just double-click and import the registry file to restore your proxy settings.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 rp88

rp88

  • Members
  • 2,965 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:07 PM

Posted 23 September 2014 - 05:45 PM

I use rkill all the time, it's not anything like full antivirus scanner but it is another way to get another opinion on whether you are infected. It is designed mainly to just look at the processes running at the time you run it. It is mainly designed for use when posting logs to a forum (indicated by the bb script tags it uses in it's logs it makes) but it can also be helpful to a user to just take a look and see if anything "jumps out" as wrong. When one feels suspicious of something it's good to have it as an extra tool to check with, or in some cases (i have never had them happen thankfully) do some cleaning up with.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:07 AM

Posted 23 September 2014 - 05:47 PM

List of Free Scan & Disinfection Tools which can be used to supplement your anti-virus and anti-spyware or get a second opinion

You can always supplement your anti-virus or get a second opinion by performing an Online Virus Scan. ESET is one of the more effective online scanners.

Not so Free malware scanning/removal programs:

Ransomware Prevention Tools:

For a list of other recommended security tools (i.e. SpywareBlaster, WinPatrol) and resources, please refer to:


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 rp88

rp88

  • Members
  • 2,965 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:07 PM

Posted 23 September 2014 - 06:02 PM

You call "ESET online scanner" an "online scanner", does that mean it requires the connection just to start it's scan or that it needs you to be connected the whole way through. I have on occasion had it work when i opened it whilst connected, selected it's settings, let it update itself and then once scanning started i took out the connection cable. Also how strongly do you recommend those anti-ransom tools, should everyone be using them or just a few users, or does each of them only protect against one individual virus?


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:07 AM

Posted 23 September 2014 - 08:35 PM

ESET Online Scanner runs in your web browser to check for and remove malware. The scanner is optimized for Internet Explorer and implemented as an ActiveX control but requires the installation of ESET Smart Installer for other browsers (Firefox, Opera, Chrome, Safari, etc.) It requires an active Internet connection to download required components and database definitions.

I recommend (and use) both CryptoPrevent and HitmanPro.Alert with CryptoGuard. Together they protect against various types of crypto malware, fake file extensions and other attacks found in most trojan based malware...block malicious executables and more. However, HitmanPro.Alert only alerts for threats...then you have to download and run HitManPro or another anti-malware scanner to remove the infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 rp88

rp88

  • Members
  • 2,965 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:07 PM

Posted 24 September 2014 - 09:16 AM

"ESET Online Scanner runs in your web browser" not in my experience, one downloads an exe file called "estsmartinstaller_enu.exe" and runs it. You click agree on a license statement thing, then UAC pops up, you allow the program to keep running, then fiddle with some settings in the program's window that is now open, then start scanning, it updates from 50% to 100% and then it starts going through your files. No browser involved at all. That's why i'm not sure if it needs to be connected throughout the scan or if you can come offline as soon as it starts going through files.

 

Thanks for your tips on the two anti-ransom programs, how easy are they to set up. Do they conflict at all with AVG free antivirus or with on demand scanners like malwarebytes being run? Can they be set so that they will not block certain exe files? If they do block something will i get a little screen corner pop up saying "xyz.exe has been blocked, if you know it is safe to run go to abc to enable it" .


Edited by rp88, 24 September 2014 - 09:17 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:07 AM

Posted 24 September 2014 - 10:57 AM

rp88...we don't mind answering your questions but you already have an open (ongoing) topic in the General Security forum where you are asking about various security related issues/tools, etc and and receiving answers. Continuing to do the same in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 JSTJ704

JSTJ704
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:08:07 AM

Posted 24 September 2014 - 07:29 PM

Awsome read thanks global mod great info



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:07 AM

Posted 24 September 2014 - 07:36 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users