Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Tuesday, September 13, 2011

Temporarily disable protection aplications for malware removal

Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
During the process of removing malware from your computer, there are times you may need to use specialized fix tools. This is especially true if you are receiving help from a member of the HJT Team. Certain embedded files that are part of these specialized fix tools may at times be detected by your anti-virus or anti-malware scanner as a "RiskTool", "Hacking tool", "Potentially unwanted tool", a virus or a "Trojan" when that is not the case.
These tools have been carefully created and tested by security experts so if your anti-virus or anti-malware program flags them as malware, the detection is what's known as a "False Positive". Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases, the removal of these files can have "unpredictable results" and unintentional results.
To avoid any problems while using a specialized tool it is very important that you temporarily disable your anti-virus and/or anti-malware programs before using them or when instructed by a member of the HJT Team. You can re-enable these programs after the malware removal process has been completed.
Many folks may not be sure how to do this so the BC Staff has created a list of common anti-virus programs and the relevant steps to disable their Real-time protection capabilities. When your system has been cleaned or when advised by your helper, it is important that you re-enable your security programs to avoid re-infection
============================
Malware: Viruses, Adware, and Spyware Removal Instructions
How to Get Rid of Malware & Viruses - Updated for 2011
You most likely arrived here because you think you may be infected with some sort of malicious malware. Symptoms of a rogue virus may include: unwanted pop-ups, hijacked search results, general computer / internet slowness, inability to connect to the internet, unknown processes running, etc...
New virus's and virus variants seem to come along almost everyday, so no matter what virus software you use, and how often you update it, your current security software may not be able to cure or even detect your problem.
Preparation for Malware/Virus Removal: Fortunately, virus problems are almost always curable. You will most likely need to download some new software and take a multi-step approach to remove a virus, but if you follow these instructions step-by-step, you will be back to a clean machine. Updates:
First, make sure your version of Windows is updated, especially the security patches and critical updates. Also check for Java Updates and Adobe Acrobat Updates.

Temp File Clean up:
Next, Download and Run TFC. This is a simple but useful tool that cleans all your temp folders. Using it makes your antivirus software scan a lot quicker, too.
More info about TFC here. After downloading follow these steps:
- Open TFC and close any other windows/programs. Click the Start button. Do not open any programs or windows after you have started the program.
- TFC requires a reboot immediately after running.
Continue to the next step...
Scan for Viruses Make sure your antivirus software is up-to-date. Now, run a full system scan and save a copy the log file for the last step. Recommended Free Anti-Virus Software: AVG and Avira and Avast all offer great free antivirus / computer security software. I used AVG for many years, but recently became a fan of Avast.
Scan with Malwarebytes Anti-Malware Download Malwarebytes Anti-Malware and follow these steps: - Open mbam-setup.exe and follow the instructions to install. At the end, be sure the Update & Launch and boxes are ticked, and click Finish.
- Once updated and loaded, select Perform Quick Scan, then click Scan. When complete, click OK, then Show Results.
- Be sure everything is checked, then click Remove Selected.
- A log file will open in notepad. Save this in the same place you saved your antivirus log file.
- Restart your computer.
Hopefully, these first 3 steps found and removed any sort of malware from your PC. If you want to be certain, or think you are still infected, continue on to the next steps:
GMER - Download and Run
Follow these steps:
Important Tips :

1. Install all of your anti-virus/ spyware/adware utilities in one folder for easy finding.

2. Allow your antivirus programs to check for updates and download them automatically, or do it manually at least once a week.

- Download GMER and save it to where you are storing your anti-malware utilities. Note: This file will have a random name.
- Disconnect from internet, close all running programs including any real-time virus scanning utility.
- Open the randomly named gamr file, allow gmer.sys driver to load if prompted.
- Select the Rootkit tab> click Scan
- If you get a WARNING about rootkit activity, and are prompted to fully scan your computer, click NO.
- After the scan completes, click Save button, then save results as gmer.log (again, keep track of where you have this log file).
- Exit GMER and re-enable your active virus protection.
DDS by sUBs - Download & Run Follow these steps - DDS is a program that is used to troubleshoot malware issues. The log files it produces will be needed for the last step of this process.
- Download DDS by sUBs here. After downloading, disable your virus protection/script blocking protection, and also disconnect from the internet.
- Double click on the DDS icon, allow it to run. If it won't run, rename the file and try again. A window will open, with info about the utility. You don't need to do anything, the scan is already running.
- The results will open in notepad. Click No for the Optional_Scan.
- Follow the instructions. When finished, DDS will open 2 log files: DDS.txt and Attach.txt (save these with your other log files).
- Close the DDS window. Delete the program from your where you saved it.
- Enable your virus protection and re-connect to the internet.

Final Step - Posting Logs to a Forum for Help Phew, you made it. Now you can post your log files to a malware removal help forum.
I suggest: TechSpot.com. These are a bunch of helpful folks, so please be sure to follow their posting rules completely -- before posting ;) If you follow their instructions, they will help you with the nitty-gritty details to remove problem malware.
Follow these instruction to request assistance:
- Register for forum membership at TechSpot.com
- After registration is complete, point your browser to this page. You've already done their 8 steps if you followed all the steps in the previous guide, but please read over it to make sure you didn't miss anything, then Skip to Step 7.
- Got all that? Now go to TechSpot.com's Virus & Malware Removal Board . Click the button for +New Topic, and post your message.
- I suggest you use a concise & descriptive message title, then a little bit about your malware symptoms, be sure to mention that you followed their 8 Step Guide and have your required log files. Then paste in the following logs:
  • Malwarebytes Anti-Malware log
  • GMER log
  • DDS logs: both DDS.txt and Attach.txt
Keep your antivirus scan log from earlier handy incase you are asked to post it as well.
Finish posting your assistance request to the forum, and you will recieve replies within a day, but generally within an hour or less.
Alternative Malware Removal Help:
http://www.geekstogo.com
Rogue Security Software:Many rogue malware applications imitate antivirus software with fake system scans, claims that your computer is infected with malware, and that you need to purchase the full version of the program to remove these bogus infections:
Check out this list on Wikipedia of Rogue Anti Virus / Security Software.
===================
Source
Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.
-----------------
Please go to VirusTotal, and upload the following file for analysis:
C:\WINDOWS\system32\logon.scr
Post the results in your reply.

No comments: