Guide: 10 tips for getting rid of stubborn malware: "
It doesn't matter how diligent you are about security, or how often we bang on about protection and prevention, sometimes the genie escapes the bottle and you find yourself in the unpalatable position of being infected by some nasty critter.
If you're having trouble getting rid of malware, read on for 10 handy tips that could prove the difference between reclaiming control of your PC or reaching for the recovery or reinstall disc.
1. Gain access to a clean PC
Do your research and download the tools and fixes you need on another PC that's not infected. Don't transfer anything via your network or a USB flash drive; instead, burn it to a CD or DVD, which won't pass on the infection after being in close contact with the infected computer.
BURN IT: Transfer files to an infected PC via a burned CD to prevent the infection spreading
2. Reclaim Safe mode
One nasty trick malware performs is to delete the SafeBoot Registry key, which basically cripples Safe mode. Open Registry Editor on a clean PC running the same version of Windows, browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ and export the SafeBoot key to a Registry file. Transfer this across to your infected PC and attempt to merge the REG file into your Registry.
SAFE BOOT: Export the SafeBoot key on a PC running the same version of Windows as your crippled computer
3. Stubborn Safe mode fix
Some malware actively monitors the SafeBoot key and deletes any changes made. To counter this, download UndeletableSafeBootKey from Didier Stevens. Extract the UndeletableSafeBootKey application and transfer this to the infected PC. Run this prior to importing your REG file, and the malware will be thwarted, giving you access to Safe mode again.
PROTECTED: This tool recreates an empty SafeBoot Registry key with permissions protecting it from malware
4. Safe mode with networking
If you're directly connected to your network via an Ethernet cable, or you're wirelessly connected and running Windows 7, choose Safe mode with networking to give yourself internet access when in Safe mode – you may be able to update your security software prior to running full scans, giving them the latest signatures that could prove crucial in detecting and removing the infection.
ONLINE: Safe mode with networking may enable you to update your security tool prior to scanning with it
5. Construct a toolkit
Download the following tools on your clean PC and transfer them to your infected PC via CD – they can all be installed and run in Safe mode: Malwarebytes Anti-Malware, ComboFix, a2Free, Sophos Anti-Rootkit, HijackThis!, and Virus Effect Remover.
Also look for tools that deal with specific threats: Conficker Removal, CWS Shredder and SmitFraudFix, for example. If you know the name of the infection plaguing your PC, try Googling its name and the word 'removal' to see if any specific tools are available that could help.
PREPARED: Build yourself an armoury of security tools to help deal with any infections
6. Access Registry Editor
Virus Effect Remover should be able to undo the worst damage done by malware – the One Click Registry Heal button performs a number of fixes, giving you back access to key system tools like Registry Editor plus re-enabling critical functionality like automatic updates.
CLEAN UP: Virus Effect Remover contains a number of useful post-infection clean-up tools
7. Other fixes
We also recommend going through Virus Effect Remover's other tools to help identify and remove all leftover traces of malware. In particular, try Show Suspicious Files to locate hidden files in system locations (but note that most of these entries are legitimate, so only delete or restore those files you know to be affected).
Also use 'Scan Services' and 'Scan Startup' to check that malware isn't geared up to reinfect your PC the moment you leave Safe mode.
FINAL TIDY: Root out the remnants of any malware with the help of Virus Effect Remover
8. Internet connection fixes
Open a command prompt window with administrative privileges (you can do this from within Virus Effect Remover – click Other Tools > Command Prompt) and type the following two commands, pressing [Enter] between each:
netsh winsock reset
netsh int ip reset resetlog.txt
Exit and reboot back into Safe mode with networking to verify your connection is back.
FIXED CONNECTION: Reset your network adapters via the command prompt to try to resolve internet connection problems
9. Keep scanning
Don't rely on a single security tool when scanning – use the other tools in our recommended toolkit alongside your main security program. If threats are found, deal with them, then immediately reboot and re-run scans again to verify the threat is gone. Don't be surprised to see it reappear – you may have to scan, remove and reboot a number of times before it's finally banished.
Make sure you get a clean scan immediately after rebooting into normal mode before assuming you're in the clear, then switch off System Restore to flush all Restore points and run a clean-up tool like CCleaner to give your PC a good clean out.
SCAN AGAIN: Don't expect all traces of the malware to disappear after a single scan and reboot
10. Burn a rescue disc
If all else fails and you're unable to boot into Safe mode or reclaim control of your PC, try burning a rescue CD from the likes of BitDefender, Avira or Symantec. If they can't remove the infection, they will at least enable you to rescue data prior to wiping your hard drive and starting again from scratch.
RESCUE ME: If all else fails, burn a rescue CD from major security vendor and boot from that
Related Stories
 |  |
(Via TechRadar: All latest feeds.)
No comments:
Post a Comment