Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need recommendation for strong thorough manual scans on 50 computers


  • Please log in to reply
12 replies to this topic

#1 starrouter

starrouter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:06:43 AM

Posted 01 November 2014 - 01:54 PM

Hello all.  I am a noobie to this forum and thought this looked like a great place to get some good technical advice.  I have a Windows network with about 50 Windows PC's running mostly Win 7 with a few still running XP, several 2003 servers and two 2008 R2 servers.   We also run a Sonicwall NSA2600 with the full security suite including content filtering and anti-spyware anti-malware.  We switched from Symantec corporate to AVG Business two years ago.  Earlier this year we had several PC's get viruses and malware which caused quite a few problems so I added Malwarebytes Corporate edition to all servers and PC's to enhance our protection.  While we are having a lot fewer problems, I would still like to come in once in a while on the weekend when no one is around and do thorough manual scans on every computer with something  stronger, something that might find and repair or remove any problems or potential problems that are still lurking that AVG and MBAM aren't getting.  What is some of the best, strongest on-demand or one-time tools for such a purpose ?  Thanks in advance.



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:43 PM

Posted 01 November 2014 - 02:53 PM

I have a method to use VirusTotal. Take a look at this:

 

http://www.bleepingcomputer.com/forums/t/553278/transferrring-files-from-an-infected-computer-to-one-without-an-antivirus/?p=3516359


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:43 AM

Posted 01 November 2014 - 03:21 PM

If you are looking for a list of tools, see here.

However, Didier Stevens is an IT Security Professional and expert on network cleaning so seriously consider any suggestions he provides.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:43 PM

Posted 01 November 2014 - 03:24 PM

Another method is to use Sysinternals' Sigcheck tool with VirusTotal integration.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 rp88

rp88

  • Members
  • 3,059 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:43 PM

Posted 02 November 2014 - 01:19 PM

As a 1 time toll i would suggest running the "kaspersky virus removal tool" and the "eset online scanner". Both of them are downloaded as exe files with up-to date definitions and can be used for on demand scans. the eset one will need an internet connection when it is run, as after it's downloaded once it autoupdates every time you open it afterwards. kaspersky could be put on a usb and transferred to the computer that way.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 starrouter

starrouter
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:06:43 AM

Posted 02 November 2014 - 05:17 PM

I decided to run the Junkware Removal Tool, AdwCleaner and CCleaner on every computer.  On any that I suspect is or has been infected, I'm also running Eset online scanner.  Ill see how that does.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:43 AM

Posted 02 November 2014 - 05:26 PM

JRT and AdwCleaner both are intended to search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers , browser extensions, add-ons/plug-ins, browser helper objects (BHOs) and other junkware to include related registry entries (values, keys). AdwCleaner will remove all traces of these types of programs which includes related services, registry entries (values, keys), files, folders and potentially unwanted extensions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 starrouter

starrouter
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:06:43 AM

Posted 02 November 2014 - 06:57 PM

JRT and AdwCleaner both are intended to search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers , browser extensions, add-ons/plug-ins, browser helper objects (BHOs) and other junkware to include related registry entries (values, keys). AdwCleaner will remove all traces of these types of programs which includes related services, registry entries (values, keys), files, folders and potentially unwanted extensions.

 

Thanks, then those two should be good choices.  Any opinions on CCleaner ? 

Will Eset online scan automatically remove threats or just let you know what they are ?



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:43 AM

Posted 02 November 2014 - 07:15 PM



Yes they are good choices but keep in mind that PUPs are classified differently and do not fall into the same categories as viruses, Trojans, worms, rootkits and bots.

Before scanning with ESET Online, under scan settings, there is an option (checkbox) to Remove found threats or leave it unchecked to and just get a list of what is detected.

CCleaner removes unused, temporary and junk files from your system to include temporary Internet Files, Cookies, History, etc. CCleaner only performs its cleanup routines on the account the user in logged in unless you are using the Professional version. While CCleaner is safe and useful for removing these temporary and junk files, I do not recommend using the built-in registry cleaning feature unless you have a good understanding of the registry. In fact, Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons.

Why you should not use Registry Cleaners and Optimization Tools
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 starrouter

starrouter
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico
  • Local time:06:43 AM

Posted 02 November 2014 - 11:54 PM

Thanks.  I ran JRT, ADWcleaner and Eset online scanner on a couple of computers that had known issues today and they did a good job of cleaning them up.  I think now that Ill use JRT, ADWCleaner and Eset online scanner on all computers.  CCleaner doesn't seem to be the right tool for what I'm trying to do.  Eset was very thorough, found a lot of threats that AVG didn't.  I may look into switching our Corp AV to Eset when our current license expires.



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:43 AM

Posted 03 November 2014 - 06:59 AM

You may want to look into this too.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 rp88

rp88

  • Members
  • 3,059 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:43 PM

Posted 03 November 2014 - 11:05 AM

CCleaner is good, but it is not an antivirus tool. It;s list of startups can be helpful but otherwise it has no security element. using it to clear temp fiels will help keep computers running reasonably fast, using the registry cleaning function however is like playing with fire in a room full of hydrogen. When running any on-demand scanner set it to "find but not remove" threats, as many of those scanners have high false positive detection rates so might accidentaly remove something important/harmless/both. Running the kaspersky one i mentioned is also a good idea, it should find things that might stay hidden from avg and mbam.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:43 AM

Posted 03 November 2014 - 02:33 PM

When using any scanner...if given the option (when threats are found), it's better to choose "Quarantine" instead of remove/delete. Doing that provides the additional benefit of being able to restore a falsely flagged legit file from the quarantine folder.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users