Here is a short list of some malware tools:
- TDSKiller:
- Microsoft Malware Removal
- Microsoft Malware Scanner
- Combofix
- HighjackThis
- http://free.antivirus.com/us/#cleanup-and-prevention
- Trend managed to pick up this particular product though it still remains free as of this writing.
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book
There's a good set of slides (PDF) from Mark Russinovich (SysInternals) on using AutoRuns, Process Explorer & Process Monitor to nail malware:
ReplyDeletehttp://download.sysinternals.com/files/SysinternalsMalwareCleaning.pdf
I would only get combofix from bleepingcomputer.com. The author of combofix, sUBs, does not have a stand alone website. Here is a quote from a post on bleeping's forums:
ReplyDelete"www.combofix. whatever are sham sites.
Subs does not host a stand-alone website for Combofix. Let alone an unsupervised one without the proper disclaimers and instructions."
Also, add unhide.exe to your list, also available from bleeping. If after you remove a virus, the virus has changed the permissions on and registry enties on your data so you can't see it, this will "unhide" it.
I would only get combofix from bleepingcomputer.com, there are a few other malware removal sites, but I always remember this one. The author of combofix, sUBs, does not have a stand alone website or domain. Here is a quote from post on bleeping:
ReplyDelete"www.combofix. whatever are sham sites
Subs does not host a stand-alone website for Combofix. Let alone an unsupervised one without the proper disclaimers and instructions."
I would also add unhide.exe. Also available at bleeping. After you remove a virus, sometimes they hide your data via permissions and registry changes. This will fix that issue.
What Phil said about combofix, unhide..
ReplyDeleteAdd -
MalwareBytes - MBAM
http://www.malwarebytes.org
SuperAntiSpy - SAS
http://www.superantispyware.com