Tip & How-To about Computers & Internet
Top Five Tools for Malware Removal.
Malware has been part of dealing with computers eversince operating system's technology came into existence. The more the OS gets better through time, malwares gets more complicated too. Today, the use of computers is virtually a requirement on almost every offices and home, so the knowledge of removing Malware became a must on all IT/Technical Support people. But how about the common Home users? How about the "not so geek" guys? I am writing this Tips and Tricks, to provide an edge to the common computer users in dealing with the ever so dreaded Malware.
Malware removal requires a lot of time, patience, and research as each infection differs on how it affects the operating system and other programs. In this small write up, I would like to discuss the top five tools that I use to deal and remove malware infection from my home computer.
Malwarebytes - Malwarebytes has been part of my routine in removing malwares. It's very easy to use and very powerful in detecting and removing known infections. When you are dealing with Rouge/Spywares and unable to launch or download this tool, I suggest you try to boot to safemode with networking, and try it from there. Most Rogue/Spywares are disabled during safemode.
You can download it here.
OTL by Old Timer - OTL by Old TImer is a very powerful scanning/removal tool. This tool is for intermediate users so I strongly suggest you read the tutorial before using it. You can use this to scan your computer for running processes and services and for files that are recently created or modified. Although, it will require time to read the scan logs, these logs are quite complete and reliable. You can apply fixes you prefer like removing temp files, deleting restore points, replacing the HOSTS file and target files you want to delete simultaneously through the script.
Download it here.
Avenger2 - Avenger is famous for deleting files that are hard to remove. I used this after pinpointing the infected files and registry keys for deletion. Be reminded that Avenger bypasses the Operating System permission for file access, so if you are unsure about the files you are deleting, it is always recommended to back it up or create a system restore point to serve as a way-point just in case something goes wrong.
Download it here.
Process Explorer - As the title itself implies, this is a tool to explore real time processes that are running in the background. You can use this to check which file is associated with the infected process and which registry entries are responsible for calling it out. Process explorer shows you information about which handles and DLLs processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
Download it here
Autoruns - One of the best tools I've ever use in handling Malware Removal. This has the most comprehensive knowledge of auto-starting locations of any startup monitor which means, if the process is running automatically after or during the windows boot up process, it will be displayed in Autoruns.
Autoruns shows you the currently configured auto-start applications as well as the full list of Registry and file system locations available for auto-start configuration. Autostart locations displayed by Autoruns include logon entries, Explorer add-ons, Internet Explorer add-ons including Browser Helper Objects (BHOs), Appinit DLLs, image hijacks, boot execute images, Winlogon notification DLLs, Windows Services and Winsock Layered Service Providers.
Download it here
Remember that, in dealing with Malwares, the most critical part is pinpointing which files, services, dlls or registry keys are calling it's main core process. It takes time and practice to be very good in doing this, so if you fail to do it at first and second try, do not fret. You'll get better if you don't stop learning.
Posted by Christophe... on
Jul 21, 2010 | Microsoft Windows XP Professional SP2
Nov 02, 2009 | Microsoft Windows XP Professional With...
Apr 11, 2008 | Microsoft Windows XP Home Edition
758 people viewed this tip
Usually answered in minutes!