pyehouse
30Aug/110

Malware .. Plague of the Internet

So you think you may have become infected with malware (that is, a virus, a trojan, a keylogger, a rootkit or any other number of bits of malevolent software). First off, realize that many types of malware can be cleanly removed. The counterpoint to that is that not only are other types extremely hard to get rid of, they can even confound anti-malware kits you might have installed or are considering installing to clean things up. Sometimes the safest approach might even be to physically remove your infected hard drive and connect it as a passive drive on another clean machine with cleanup tools which can then work with the infected drive without actually fighting against the malware installed on it.

Here are some sites with some apps that can help:

http://www.gmer.net - this site contains three tools:

  • GMER itself does very thorough scans and can attempt to clean some types of malware (they recommend that you rename it to something random before running so as to disallow malware on your system from trying to halt its execution)
  • catchme, which tries to detect whether you have a rootkit running
  • mbr, which tries to detect whether you have a MBR (Master Boot Record) infection, one of the thorniest types of malware to clean because you can’t (normally) clean it while booted up from the infected drive

http://support.kaspersky.com/viruses/solutions?qid=208280684 - this site links to Kaspersky’s TDSSKiller application which can disinfect certain rootkits

http://www.bleepingcomputer.com/download/anti-virus/combofix - this site links to ComboFix, an application that is updated regularly to find and eliminate a variety of malware infections. The warnings indicate you should only run it when you are told to do so by the helpers at bleepingcomputer.com so take it with a grain of salt

http://www.malwarebytes.org/ - this site links to MalwareBytes’ Anti-Malware (aka MBAM) which with the free version can do after-the-infection cleanup in some cases, but they also have a paid version ($25/yr) which tries to actively prevent infections.

http://download.bleepingcomputer.com/grinler/unhide.exe - this application is used to unhide your start menu and folders after certain applications hide them in an attempt to make you think your machine was damaged and that the malware can fix it if you provide a credit card number.

This list is by no means exhaustive. There are other tools available as well. More importantly these tools are explicitly NOT antivirus tools along the lines of Symantec, Security Essentials, Sophos, Avast and others. With the exception of MBAM, they don’t have a resident mode to monitor your machine to try to prevent outbreaks or instantly clean up infections in real time. They are mostly intended to clean things up when requested. And nothing replaces contacting an actual computer support technician to have a look. Additionally these tools are typically updated frequently to respond to the most recent outbreaks. This means you shouldn’t just download a copy and expect it to be equally effective six months down the road.