Virus/Malware removal

[TerryVRS]

What's a good virus/malware removal tool I can download.

I managed to get my laptop infected, I have removed most of it yesterday and everything was running fine.

Since turning the laptop on today I can't access any website unless I'm in safemode.

 

I keep getting Search.com coming back but can't seem to find where it is on my laptop.

[LGM]

your best bet is reformatting but ive used Spybot search and destroy when needed.

[djswivel]

Malwarebytes Anti--Malware (free one).

I've used it on machines that were deemed in need of a reimage and it's brought them back fine...

[john999boy]

^^^ +1

[VWD]

Also try Rogue killer (www.adlice.com), as freeware.

[Welsh_kai_boy]

Use Malwarebytes to scan and then use spybot (both free) they kinda cover what each other missed. I also use spyware blaster to help stop such acts.

[GentleGiant]

Both of the first two, but run them with the PC in "Safe Mode". You may have to reboot and do it a 2nd and 3rd time, as sometimes removing one infection reveals another that was hiding behind it.

 

If they dont get rid of everything (and dont forget to run the rootkit scans), there are other tools you can download and use, but they are for advanced users and you will need someone to talk you though them.

 

It the above fails, go to http://www.bleepingcomputer.com/ and ask for some help.

[Aspman]

As above.

 

Best to find out what is the actual bug you've got then you can look up how to remove it.

 

The problem with all these nasties these days it that they are like dandelions, if you don't get out every bit of them they just regenerate.

 

Be wary of any site you're not familiar with offering a removal tool. Plenty of bad guys use these bug as an opportunity to get you to install 'their' malware as well.

 

Also would be an idea to try to figure out how you got the thing in the first place so you don't repeat the mistake.

[GentleGiant]

The site I mentioned is one of a number of sites registered to help people use advanced AV and AM tools by a number of removal software companies and individuals. I have used them in the past to remove nasties from my own and other peoples PCs using the Hijackthis, COMBOFIX and SDFIX programs.

 

They will ask you to download and use certain reporting tools, read through the results you post, then talk you through using the right removal tools for the job; then double check to see if this reveals any other infections.

[Leecantwell]

Stop looking at them dirty websites.

[Sippo]

Use Tron. This will get rid of all nasties. Really good piece of software. Download it from the right hand side. Start Windows in Safe mode with networking.

 

https://www.reddit.com/r/TronScript

Edited 15 January, 2016 by Sippo

[GentleGiant]

Stop looking at them dirty websites.

 

The last nasty infection I got came from the tech support at a world famous radio streaming site asking me to try and log in using IE; less than a second later I KNEW why FF was refusing to render the website.

[mannyo]

So they've had their website hacked with a malicious payload.

 

if you have entered your password on the site before the issue, then I'd seriously consider that password maybe compromised.

[GentleGiant]

So they've had their website hacked with a malicious payload.

 

if you have entered your password on the site before the issue, then I'd seriously consider that password maybe compromised.

 

As I said, FF wouldnt render the website, and the payload came in hard as soon as IE loaded, so no time to enter my password. how the damned tech hadnt spotted the issue is beyond me, I had some expressive words with him after removing the infection (which took best part of a week to completely clear and recover from). I was still finding buggered up files a month later and lost about 200GB of files - downloaded TV series and films mostly.; oh, and my University coursework!!

 

That was also when I ditched AVG; throughout the whole time it kept saying it couldnt find anything, even while Spybot was showing red screenfulls of infections.

[mac11irl]

I recall reading a couple of yrs ago that you have a berter chance of picking up malware/viruses from religous group websites, in particular US evangelical types, than feom porn sites - its in the pornos interest to keep themselves clean as infections bad for business (both production and sales... :p)

Where as the god squad sites are mostly organised and admin'ed by volunteers with litle idea of what they are doing...

Malwarebytes via safe mode a couple of times then spybot. And yeah rootkit scans... lots of em!

[mac11irl]

Actually ccleaner helped once too.. a couple of dodgy "toolbars" that imstalled themselves that malware missed/didnt detect. Ccleaner let me uninstall them where nothing else worked..

[GentleGiant]

Actually ccleaner helped once too.. a couple of dodgy "toolbars" that imstalled themselves that malware missed/didnt detect. Ccleaner let me uninstall them where nothing else worked..

 

 

CCleaner can help get rid of any debris, especially in the registry, but it cant get rid of a active virus; I use it weekly to clean up the crud Windows leaves lying around.

[mac11irl]

CCleaner can help get rid of any debris, especially in the registry, but it cant get rid of a active virus; I use it weekly to clean up the crud Windows leaves lying around.

agreed... but the issue was being launched by an unwanted (dont know how it even got installed..) toolbar that i couldnt get rid of except via ccleaner. Mbam found the malware, and removed but launching ff the toolbar reinstalled the PoS.. until ccleaner removed it, deregisterred it then mbamed, and re ccleaned.. pita..

[Scribbler]

Most of the above advice is good. Malwarebytes is a good start but it doesn't get rid of everything especially rootkits. i Find most good/bad virus thesedays target Mbam because its so well known and used they nulify its effectiveness. There are somethings you can do yourself starting in safemode. If you run msconfig in the run command or taskmanager in windows 10 to control the things that startup when you boot.Its easy to spot rogue items and disable them from starting. Someone mentioned above Bleepingcomputer.com. This is an excellent follow up if Malwarebytes fails to fix. I find Combofix excellent at removing malware but use this as a last resort its clunky UI and for Techs can cause its own problems if it goes wrong. 

[TerryVRS]

I've tried malwarebytes and ccleaner a few times. I managed to get everything running fine for it to regenerate next I switched the laptop on, So something was obviously still lurking.

I actually got the virus whilst trying to download a copy of Elsa.

Tbh I think I'll just back up pics and save games and reboot the whole thing so it's running right.

[Scribbler]

I've tried malwarebytes and ccleaner a few times. I managed to get everything running fine for it to regenerate next I switched the laptop on, So something was obviously still lurking.

I actually got the virus whilst trying to download a copy of Elsa.

Tbh I think I'll just back up pics and save games and reboot the whole thing so it's running right.

 

This is the problem i mentioned, the first thing the virus will do is prevent its removal by either preventing MBam from running or hiding in areas of the drive that Mbam doesn't scan. 

 

Whilst backing up your data, wiping the machine and starting from fresh install is never a bad idea especially if its been a while since this this was done. I would first recommend having a look at whats ruinning at start up. Type msconfig in run command. Then have a look in startup if theres anything fishy in there just disable it from starting next boot. You might find Mbam OR other malware removal tool will get rid of the infection if you prevent the virus running on start up. Also if you know the name of the infection usually called 'pup.malware' for example go to bleepingcomputer.com and search the database im pretty sure there will be a removal guide step by step to follow. Last but least try combofix but make sure your data is backed up to removable drive before you try these.

[gadgetman]

I've tried malwarebytes and ccleaner a few times. I managed to get everything running fine for it to regenerate next I switched the laptop on, So something was obviously still lurking.

I actually got the virus whilst trying to download a copy of Elsa.

Tbh I think I'll just back up pics and save games and reboot the whole thing so it's running right.

If they were installed at the time of infection, that could be an issue stopping you finding them.  First thing an infection does is disable onboard security.

 

You could try Trend's online scanner as well as http://www.eset.co.uk/Antivirus-Utilities/Online-Scanner.  At least that may tell you what it is if nothing else

[VWD]

One of the things I like about Avast, is the boot up scanner. I've deleted e mails with attachments, suspecting something nasty, and Avast has on a boot up scan suggested problems with these. Another place to look for a solution/removal tool /help ,if you can find the infection name, is http://uk.norton.com/security_response/removaltools.jsp where there's a list of various and infection removal tools and how to use them . From what I gather, the bit about a fee paying service refers to Symantec/Norton remotely accessing your PC and cleaning it.

Another mention of Rogue Killer, which deals with rootkit problems and doesen't seem to be affected by infections, the same way that mbam/mbar are.

[GentleGiant]

The danger is,  the virus has a copy disguised as one of your photos, or attached to one of your photos/videos. That is what happened to me, it deleted the genuine file and linked its icon to a similar sized file; so at first glance the files were all there, but in actual fact nearly 50% had been replaced with........... well let say nasty stuff.

 

@VWD, Avast is good, I use it myself, but most malware/Virus programs target ACTIVE AV software, which is why I only use MWB "On Demand", so it is not active in memory. MWB also has Chameleon - multiple different disguises that change over time, so the virus writers have less chance of blocking it.

 

Back OT, if MWB isnt detecting and deleting everything, it is time to go ask for help at bleepingcomputers.

[VWD]

GG- I agree on Active AV software, but Avast has an on startup option, which lets it get to work before windows is activated, in effect in the pre windows boot period. As said, I'd deleted on sight, a few of the iffy looking e mails, but Avast running in boot mode quarantined these and gave mE a virus name as a warning. With that it should be possible to go to the Synamtec/Norton removal tools and download a specific removal tool for that problem  . But to be absolutely safe, I'd look to protect my stuff. I'm lucky as I have IDE ports on my Mobo, and these days ,there's plenty of cheap not wanted on journey( as IDE is SO yesterday) IDE drives appearing on E bay. I'v got two 80GB which I've checked on Maxtor /Seagate disc test, and come back as clean. Every so often I make two backup copies( one to each HD) ,and sit HD on shelf. For a modest outlay, I've got two copies of my data, Just in case one HD has problems . Then in the event of problems/viruses/ ransom ware, I can say "FORMAT, AND BE DAMDED". Photos I keep on backup,as well as on Photobucket, as two accounts- one for mine, and another for family historical photos.