Malware Free? ... How to Tell for Sure ?

Status
Not open for further replies.
S

SuperBusa

Joined
Mar 2, 2009
Messages
2,371
Location
WA
Some of you know I got some nasty malware on my machine a month ago or so. I was able to recover it with various ISO image boot disks with various diagnostic, fix-it tools and scanners on them, and once I was able to reboot I scanned the machine with about 8 different malware scanners which found and cleaned a few things up. Reference threads if interested:

http://www.bobistheoilguy.com/forums/ubb...403#Post1724403

http://www.bobistheoilguy.com/forums/ubb...109#Post1761109

So, as the question implies ... is there any way to know a machine is 100% clean? I know some people are going to say no, and that the only way to know for sure is to flatten the HD and reload from ground zero. I don't want to do that ... so there must be some way to have confidence the machine is clean of malware.

If the programs I've used: Microsoft Security Essentials, Malwarebytes' Anti Malware, SUPERAntiVirus, A-Squared, Norton, McAfee and Spy Sweeper all do not detect any malware, would you say it's good to go?
 
I have found that the security warnings ARE the vicious malware that crash the thing. It sure looks authentic. Don't be tempted to go there. Just back date make sure your original protection is intact or you'll wind up on the phone talking to India. I am NOT a computer guy.
 
Anything online is a risk. Even with a new OS load you still are at risk...

With that said, looking at all the scanners you have run (as long as you updated them with the latest/greatest definitions) I'd feel about as safe as you could be.

Just my 2 cents....

Bill
 
Originally Posted By: Bill in Utah
Anything online is a risk. Even with a new OS load you still are at risk...


I hear you, and agree. What I'm wondering about is if all the scanners have cleaned up my machine completely, or at least good enough to where the malware is not operational anymore.

Originally Posted By: Bill in Utah
With that said, looking at all the scanners you have run (as long as you updated them with the latest/greatest definitions) I'd feel about as safe as you could be.


Yes, they all get updated before scanning. I'm now using Microsoft Security Essentials as my main real time protection, and have it do a quick scan every day and I do a full scan manually every week or so. I've disabled McAfee, and might just uninstall it ... I can however use it manually to scan if I wanted to.

I update and use the other scanners manually now and then to cross check each other. Only thing they find now is the occasional adware cookies, but seems all the real malicious stuff has been cleaned up permanently. Webroot Spy Sweeper seems to do a good job of blocking cookies in real time too.
 
No matter the operating system be it Linux, Windows, Mac O/S, etc., if you are connected in any way to the internet, there is a risk of being infected.

I use Linux much of the time and there is less risk and the same goes for Mac O/S but neither Mac O/S or Linux is without some risk.

That said I find the as anti-virus software goes, Windows Security Essentials works well.

If you are going to uninstall McAfee, there is a program on their web site you need to download to completely remove it.

For those using Norton, they have a tool on their web site for removal of their products.
 
Originally Posted By: SrDriver
That said I find the as anti-virus software goes, Windows Security Essentials works well.


I think Microsoft Security Essentials is one of the best real scanners ... it's caught some real time stuff on my machine and took action. Only thing I wish SE had was a log that showed when it did scheduled scans, etc. You don't really know if it's doing them unless you are at the machine when it starts scanning.

Originally Posted By: SrDriver
If you are going to uninstall McAfee, there is a program on their web site you need to download to completely remove it.


What program is that ... Revo Uninstaller? (I have it). McAfee Security Center does show up in "Add or Remove Programs" in Control Panel and has an uninstall button there.
 
Originally Posted By: SrDriver
Here is a link regarding removing McAfee.

Link To Removal Info.

You need this tool to completely remove the stuff.


Thanks SrDriver ... I'll check that out.
thumbsup2.gif
 
Download and run the free version of Hitman Pro. It will locate Rootkits that the majority of signature-based security solutions miss, including the TDL3 Rootkit infection (aka Google Redirect Virus). If the free version finds anything, you can buy a 1 month license for ~$10. I bought a 1 year license for ~$20 and use Task Scheduler to run the program daily. Just search for how to "remove TDL3 Rootkit" if you want to see how well this program works.

http://www.surfright.nl/en/hitmanpro
 
Using Windows 7 64 bit with Microsoft Security Essentials I also have been using Immunet Protect along side of it.

Both seem light on resources & I have not had any issues while testing Immunet Protect.

Link to Immunet Protect web site

It may not work with all other anti-virus programs but I did use it with Panda Cloud Anti-Virus.

I also use the WOT plugin for firefox - extension when using Google Chrome.
 
Originally Posted By: Lyondellic
Download and run the free version of Hitman Pro. It will locate Rootkits that the majority of signature-based security solutions miss, including the TDL3 Rootkit infection (aka Google Redirect Virus). If the free version finds anything, you can buy a 1 month license for ~$10. I bought a 1 year license for ~$20 and use Task Scheduler to run the program daily. Just search for how to "remove TDL3 Rootkit" if you want to see how well this program works.

http://www.surfright.nl/en/hitmanpro


Looks like a good scanner. So if it finds something with the free version of Hitman Pro, do you have to purchase the license before it will clean up the found malware?
 
Link Below to the free Sophos Anti-Rootkit program that will scan and remove hidden rootkits from your computer.

Link To Rootkit Remover

Have your checked the hardware firewall settings in your Cable/DSL Modem and Router? That could help by beefing up the settings some.

Hope this helps!
 
Originally Posted By: SrDriver
Link Below to the free Sophos Anti-Rootkit program that will scan and remove hidden rootkits from your computer.

Link To Rootkit Remover


Looks like another good rootkit virus scanning tool. Will check that one out too.

Originally Posted By: SrDriver
Have your checked the hardware firewall settings in your Cable/DSL Modem and Router? That could help by beefing up the settings some.

Hope this helps!


Not sure what kind of firewall settings are on the modem, but I believe it's active - will have to go look at the settings. How should the modem firewall be set up?

Of course the Windows XP (with SP3) firewall is turned on.
 
I'm running XP Pro on my computer.

I use Zone Alarm for the firewall
AVG Antivirus.
Then I update and run Combofix, Malwarebytes, & Spybot Search and Destroy at leat once a week unless I need to sooner for some reason. I also use ATF cleaner, and Vundo Fix, from attribune.org when I want to clean things up.

So far this has kept my system running great, and free of junk.
 
Originally Posted By: SuperBusa
Originally Posted By: SrDriver
Link Below to the free Sophos Anti-Rootkit program that will scan and remove hidden rootkits from your computer.

Link To Rootkit Remover


Looks like another good rootkit virus scanning tool. Will check that one out too.

Originally Posted By: SrDriver
Have your checked the hardware firewall settings in your Cable/DSL Modem and Router? That could help by beefing up the settings some.

Hope this helps!


Not sure what kind of firewall settings are on the modem, but I believe it's active - will have to go look at the settings. How should the modem firewall be set up?

Of course the Windows XP (with SP3) firewall is turned on.


Your best bet is to contact your ISP and ask them about the settings or check on the internet web site of the company that made your modem/router.

These are some of the reasons that I run Linux most of the time on both my desktop and laptop.

I would rather be using my computers rather than scanning it all the time with various and sundry products in an effort to keep the bad guys out.
 
Here's a full review by PC Magazine of Hitman Pro 3.
http://www.pcmag.com/article2/0,2817,2348581,00.asp

Conclusion:
Its small download and lightning-fast install mean that Hitman Pro can be searching for targets on your system in mere moments. If it doesn't find anything, great! Your 30 days of free malware removal don't start until the first time you invoke its cleanup abilities. It does a decent job of cleanup, but it doesn't include real-time protection, and it leaves behind more executable files and other junk than many other anti-malware programs. Hitman Pro is best used as part of a multi-tool solution.

Sounds like it's not bad, but leaves behind more files than it should when it cleans malware off the machine - probably no malware software is perfect in this respect anyway. It will clean for free for the first 30 days after the first clean-up is executed, per above statment.
 
So, speaking of firewalls ... is the Windows XP firewall good enough without having some other or secondary firewall, or a firewall also running on the modem?

How would you setup a firewall system for Windows XP with Service Pack 3? Anyone ...
 
Originally Posted By: SuperBusa
Originally Posted By: Lyondellic
Download and run the free version of Hitman Pro. It will locate Rootkits that the majority of signature-based security solutions miss, including the TDL3 Rootkit infection (aka Google Redirect Virus). If the free version finds anything, you can buy a 1 month license for ~$10. I bought a 1 year license for ~$20 and use Task Scheduler to run the program daily. Just search for how to "remove TDL3 Rootkit" if you want to see how well this program works.

http://www.surfright.nl/en/hitmanpro


Looks like a good scanner. So if it finds something with the free version of Hitman Pro, do you have to purchase the license before it will clean up the found malware?


If Hitman Pro detects an active infection, especially a nasty Rootkit, then it is up to the user if they want to shell out ~$10 to remove the malware. A total system scan takes about 53 seconds on average, which is about the same amount of time that it takes Prevx to scan my system.

I like to take a layered approach to keeping my computers clean and these two programs work as advertised. As for Hitman Pro leaving traces behind, I am honestly not sure. So far I have been lucky, but I also credit using Win7 (x64) which is highly resistant to Rootkits. The majority of signature-based solutions will miss active Rootkit infections during scans because of the way that they mimic system files. I believe that we will be seeing more Rootkits and less viruses in the future.
 
Originally Posted By: Lyondellic

If Hitman Pro detects an active infection, especially a nasty Rootkit, then it is up to the user if they want to shell out ~$10 to remove the malware.


From what I read on PC Magazine's website about Hitman Pro 3, it sounds like you can use it for 30 days free, and it will remove malware for the first 30 days free. So you had to pay to activate the malware removal function? ... maybe it's now different than when you first used it?

In the last paragraph:
"Your 30 days of free malware removal don't start until the first time you invoke its cleanup abilities."

http://www.pcmag.com/article2/0,2817,2348585,00.asp

See "Active free 30 day license" option on this screen shot.
http://www.pcmag.com/slideshow_viewer/0,1205,l%3D241285%26a%3D241267%26po%3D7,00.asp?p=y
 
Status
Not open for further replies.

Similar threads

JHZR2
Getting a shop to fix my car
2
Replies
26
Views
4K
JHZR2
y_p_w
Trevor Jacob pleads guilty to obstruction for covering up deliberate crash where he bailed out
Replies
13
Views
1K
ctechbob
O
  • Locked
How to cut and program transponder key - 2003 Honda
Replies
11
Views
4K
Oro_O
Jackson_Slugger
A short history of US fighter aircraft — from biplanes to stealth jet
Replies
19
Views
2K
Kira
D
  • Locked
Older computer, what to do?
Replies
15
Views
3K
Dave Sherman
Back
Top