DIY: Free tools for removing malicious software

...the stupid tools that are hired as IT staff. I only call these arrogant, pompous nitwits when I HAVE TO because of company rules. Often their odious shortsighted nostromes ARE wrong. After working in the computer industry for what...20 years, I have come to the point where thankfully I can usually avoid them for the whole term of my engagements at most companies.

for using clonezilla, do not forget the Tuxboot environment -> installs the latest version of clonezilla on an USB key to boot from USB. Tuxboot works also fo GParted, a low level formatter & partition handler for frre (only, when using GParted, do not forget to set the Boot flag on e new formatted C: drive)

kindly Included Microsoft Malicious Software Removal Tool in the article. The Malicious Software Removal Tool is an anti-malware utility that checks computers running Windows 7, Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove malware and any other infections found.

I have noticed in this article as well as in many others, that even 'professional' writers are failing to do 2 things regularly: Use spell check before submitting the final article, AND failing to re-read what was written for accuracy. For example, under Combofix, the word simple was used instead of simply. And under CCleaner, the very first word (Another) was mis-spelled. To me this looks very unprofessional, and it is becoming much too common in recent articles. But this writer is not the only one doing it. I have seen it in advertising as well. People are too much in a hurry, and they are relying on technology too much to do the word or re-checking for them. A program can't tell when the wrong word is used, just whether or not is spelled correctly. Writers need to slow down, take a deep breath, and double-check their work before they approve and post it.

I use these recommended free malware tools daily. These tools get the job done. If you don't use them, please continue to pay for other substitutes.

Hi - I only found CCLean interesting. Downloaded it and ran it, feeling kinda grateful. "BOOTMGR missing" ... ever seen that? I did. Tonight. And I've never seen it before. Ever. And when I say "never" I mean "Not at all" ... and I was using DOS before 3.2 ... No. Don't. w/respect, but not thanks --ben

Can I give a shout out to "Kaspersky Rescue Disk" (http://support.kaspersky.com/viruses/rescuedisk) Hijackthis (http://www.trendmicro.co.uk/products/free-tools-and-services/) and unhide (http://www.bleepingcomputer.com/forums/topic405109.html) which have helped me sort out a client's laptop this weekend.

I know its a total no no but I have found that I can install MSSE and both norton endpoint or MSSE and avira together. I have had to do these combos a few times now with users who either won't stay out of trouble or can't even recognize when they are in its neighborhood. And both have had no infections after a year or so. Also speed is reasonable still even on older hardware. Those who want to jump to an automatic wipe after an infection way want to consider that if that root kit is so hidded then maybe they are infected right now and have no hint of it. Better go and wipe /reinstall right now. Just in case. That said I do agree after < 1 hr maybe go to reinstall. I have done a few deep digs that took many hours and even after fully cleaning the PC it still had os damage that just could not be fixed. So much like a human patient even a full cure may not repair any of the damage already caused.

Do any of you commenters actually read what this guy has written? "And to be on the safe side, I prefer to run Combofix with the computer in safe mode." Clearly he doesn't have a clue about what he is writing and my best advice is that anyone seeking usable information should go find a forum with knowledgeable writers. It certainly isn't here.

CCleaner does a good job of general cleaning and registry cleaning. With CCEnhancer it does a Great job. CCEnhancer is the 'NOS' of CCleaner. Open CCEnhancer, download the latest updates, run CCleaner, and see the magic. Revo Uninstaller is not just an uninstaller which removes all the files, folders and registry entries related to the uninstalled application but much more than that. Run Revo go inside and discover what all it can do. Glary Utilities as the name suggests is a very effective multi tasker. My experience tells me it is better than Advanced System Care and other such utilities. I prefer to run the modules individually than going in for one click. I have been using these three for years without any problem.

CCleaner does a good job of general cleaning and registry cleaning. With CCEnhancer it does a Great job. CCEnhancer is the 'NOS' of CCleaner. Open CCEnhancer, download the latest updates, run CCleaner, and see the magic. Revo Uninstaller is not just an uninstaller which removes all the files, folders and registry entries related to the uninstalled application but much more than that. Run Revo go inside and discover what all it can do. Glary Utilities as the name suggests is a very effective multi tasker. My experience tells me it is better than Advanced System Care and other such utilities. I prefer to run the modules individually than going in for one click. I have been using these three for years without any problem.

This is a GREAT tool. I've been using it sinsev ersion 1.somthing and its only gotten better. Not only can you choose what to clean, you can also choose what registry items are detected. RECOMMENDED :)

from backups which are a part of weekly required job. still I have the job done in about an hour.

User education is the most important part of defense. Of course sometimes they get bored and wander. But its not a losing battle here. MSE, SEP, and Malwarebytes are of my favorite. I see a couple of recommendations here that I will look at further. Good work.

hitman pro has been the most succesful I have seen. faster than all of them

I had an evil bout with rogue adware at the New York Times last fall. BTW, I did not click on anything - I was simply reading the news at their site and my computer became infected. That was when I seriously began questioning how a computer can become infected by simply browsing a website and also being fully "secured" via great virus protection, firewalled, etc... I was also beta testing a Firefox plugin called "Cocoon" www.getcocoon.com (unfortunately not using Firefox when I went to the NYT's site) and decided to use Firefox + Cocoon after the NYT's infection, (even though it was in beta at the time, to guard against potential malware drive-by-downloads.) I have not been disappointed by this plugin. Basically it does not allow malware to touch your computer because everything works off their servers. It did go in to subscription mode last month (though there is a 45 day free trial.) I'm still stoked with the potential that this plugin has in terms of Internet Security! With the toolkits that cybercriminals have access to now -- they are not directing attacks so much at operating systems anymore, but more toward browsers.

Seeing as the responses here are all over the ice, it's clear no one is an expert and their are multiple attack angles that work. Wipe a machine? I guess I'm the only one with crummy luck. the cure was worse than the disease, I had to fight with MS for a week to get them to reactivate a licence. Never again. I'll just switch to Linux.

1 - No, you don't run ComboFix in "Safe Mode" - try reading the actual instructions sometime. 2 - No, you shouldn't use ComboFix as your first response to malware - there are any number of 'targeted' tools that are much better suited than this sledgehammer. 3 - No, MSE is not (entirely) without cost - if you are beyond the 10 user limit. Then you need to move to the paid for Endpoint protection. I was concerned that so much bad information was posted in a publication that I have respected for so many years - until I read your 'bio'. "Fiction Writer" (obviously) and a LINUS user. 'nuff said.

i usually use microsoft security essentials and its ff the hook!!! Big up

Just last week it got rid of a rogue av when everything else (McAfee, Malwarebytes, SuperAntispyware etc) was 'diverted' to the rogue, even in safe mode. Presumably because it wasn't installed, just run, so the rogue couldn't bend it in the registry. Rebuilding is often best, but sometimes, as with that one, it would have been a complete pain - Vista, lots of apps with no source, Vista, obscure drivers, Vista, slow PC. And there again, it was Vista. (We did try to persuade the client to let us upgrade to Windows 7, but no luck.) Once the rogue was killed there was very little other infection evident - McAfee had kept out a lot, but, as usual, seems pretty hopeless with rogue AVs.

Most "free" anti-malware apps are not free in a corporate environment. It is my understanding that the free version of Malwarebytes is for domestic use only. Likewise, MSE is only free for domestic users and networks of 10 pcs or less. "...And to be on the safe side, I prefer to run Combofix with the computer in safe mode..." This is directly against the stated directions from Combofix's developers: http://www.bleepingcomputer.com/forums/topic286856.html Indeed, Combofix is something I would only use if the pc had a fierce malware infection which did not respond to anything else. "...Combofix is my first line of defense tool..." No way should it be a first line of defence tool. http://www.bleepingcomputer.com/forums/topic273628.html

sunt f multumita de acest site.ma invata multe lucruri utile din IT.

The Ultimate Boot Disk for WIndows has been the #1 recovery solution for me. Lots of free tools in it, connects to the web (to research while cleaning and disinecting) and even recovered a lost partition once on a customer's PC. I had a ransomware on my home PC that gave me no access to lots of important files and booting up with this, I was able to change the ownership of all the files and gain access once again. And this software, unlike Hiren's, is all legal

I agree that most of the time a full wipe is the best way to fix an infection. We will take a look at a newly hijacked pc for no more than an hour, if it is caught in time and the user does as instructed when confronted with a "you computer is infected" message in a web browser, then we usually can get it clean quickly, otherwise we have found that almost every min past 30 is wasted trying to clean a PC. I didn't read all the comments so I am sure this is a dup, but I would have to add HijackThis and Spybot S&D to "the" toolkit. As well as a PE boot environment like BARTs

You left out Avira anti virus in your write-up. I've used it to manage a network of about 15 online systems for close to 2 years now and I must say I've never experienced any major systems downtime due to viruses. Though I also use Malwarebytes and CCleaner to bolster my network defences. Will try out Combofix soon. Thanks for the tip. Finally network admins will always have to be on top of their networks as users are either too dumb, lazy or outright rebellious to keep simple rules which ultimately produce healthy networks.

Well from my personal standpoint, I've used all of these tools and can say without a doubt that they are not the best tools, but are the only first line of "FREE" defense out there that does a pretty decent job. I've worked on hundreds of computers that are, have been, or (I know because of the user), will be infected again with some sort of virus, malware, spyware etc. I've successfully cleaned a lot of different computers with these programs, but some were total losses that had to be re-built. The worst part about re-building a computer either personal, or business is the fact that if they don't have backups, and you know most of the people who ask you to fix their computers in the first place won't have them, is the fact that they ALWAYS want you to recover their precious vacation photos from 1999 that they never printed. Usually re-build and recovery takes twice as long and can be more difficult that just taking the 2-3 hours to completely clean out a system. Yeah, you run the risk of something that still might be infected, burried deep in the bowels where only the wickedly evil tend to tred, but until there is a REVENGEWARE software built to attack back, we're all going to have to deal with this for the long term. As of right now, I don't know of any one single "FREE" program that will effectively block all variants of spyware, malware, viruses, etc. that's why you have to pay the money for something that will work. With the free antivirus / spyware / malware programs firewalls, etc. there will always that one computer that has all the firewalls up, all the antivirus software installed, yet somehow they call you up to remove the fake antivirus that keeps popping up. If there is such a "FREE" solution out there that someone has invented, that person either is beyond filthy rich, or is not likely to be heard from again.

Many of my residential clients were using AVG (paid) or AVG Free. These are low-risk folks. EVERY machine with these products loaded was hit by some sort of malware. For the folks who would not or could not pony up, I migrated them to Avast! free, and have been very impressed (once it is properly configured) by how light-weight AND robust it is. It blows MSSE out of the water. And of course, prior installations of ANY real-time anti-malware need to be removed. The worst offenders in terms of poor installation and dirty removal are McAfee and Norton, which are also the worst in terms of overhead. Also, Trend has a decent on-line scanning tool for machines whose connectivity isn't hosed.

As a tech, I like to understand the malware, how it got on the system, what it's trying to do, how can I prevent it from being deployed on other systems. As you go through the cleaning process you can start to find out this information. For basic malware that only effects a particular application or process, you may be able to clean it just fine and can verify this if you understand it. Regardless of if you understand it or not, sometimes it just takes more time to clean it and this is when you would deploy a new image. Of course the best thing is prevention, keeping your software patched, having a firewall properly configured, running an anti-malware program, make regular backups and using your knowledge not to click on every link that is sent to you.

A few years back I was helping a university clear out a major infection of malware. We were using a pirce of software from McAfee. For whatever reason it only worked on floppies [who has them now?] and CDs. Problem was that the definitions were getting so big that it could run correctly even with a DOS extender late on. So McAfee discontinued it. But it worked well until it reached the definition limit. Funny but true - the worst computer was at the security desk at one building!

I have been using Hirens for a few years now and it comes with a lot of useful tools such as HijackThis, most of the sysinternal tools, some AV products and the newer version also include rootkit tools like GMER. Although most of the tools don't remove the problems, it can help in finding where they are hiding. I would also have to agree that sometimes a complete wipe and reinstall is the answer, sometimes I find it helps to spend some time researching the problem cause what I have found is that if one machine gets infected it might not be long until more are infected. If you just format and reinstall you might not find out where the problem is coming from and once the machine has been redone give it some time and the infection is back. Not sure about you guys but formatting and reinstalling just because there is some malware can get a bit tiresome especially if you are in a company. If it is for a home user then I would try and find out a bit more about the infection before reinstalling. Just had to add my 2 cent :)

There is a computer i inserted a new formatted hard disk loaded with win xp professional, so when i try putting the system on it only shows some cmos errors at first time and i hit f1 but it didn't boot to windows i shut down and i try booting again, it brought up the same error and i noticed i had to set the time and date, after that i expect to continue booting so it shows me the options at boot menu like....boot in safe mode,from networking or start windoes normally. but i have a problem the keyboard doesn't move again to select the options...i try again samething, i removed the cmos clean it, samething change memory slot just show me cmos error all that but when i have the date inserted it still freezes the keyboard and will not boot when it count to zero.

Horribly simplistic article. Too many of the supposed "pro's" here aren't very confident in their abilities. Clean up is possible, but you have to know what you are doing. There are much better tools out there and the person doing cleanup has to have some knowledge too. This article helps no one, except maybe wannabe tech's that will end up messing up others computers.