2011/10/12

E-Virus (Part III): I have a PC infected! Now as I clean it?

After confirming the presence of one or more e-virus on your PC,

... you should read up as much as possible about the characteristics of those viruses that are present (mode of distribution, payload, removal instructions). If you know your enemy it's easier to defeat him! 


In fact, if you know the name of the virus and how it is dangerous, it is possible to find a specific removal tool freely available from software companies like: Symantec, Kaspersky, McAfee, TrendMicro, etc.. 
For example, there are removal tools for the most common viruses such as: Melissa , Bagle , MyDoom, Sasser , Conficker, Zeus, etc.. 

Otherwise, you can use tools to remove general (broad spectrum) such as:
Obviously you can increase the benefits of these products by performing sequentially scanning of the PC by the use of different tools. 

Sometimes however, you might need to do multiple scans with different products but you can not install too many anti-virus simultaneously on the same PC due to speed and compatibility issues. Besides, the sequential installation and removal of different antivirus is a costly and long process, but you can avoid this using free online tools for virus scan and removal offered by some software companies (the only constraint is need to be online to scan).
Here there are some examples of online malware removal tools:
Of course, all these operations are feasible if the virus has not completely compromised  the access to your PC.

If you can't start the operating system then you can use antivirus software from a CD or bootable USB key (Rescue CD). These systems are typically available as .ISO images and you must create a CD / DVD or install it on bootable USB sticks, so you can operate apart from the operating system (Windows / Linux) that is installed on the infected PC . You have only to carefully verify that the BIOS first boot device is selected to the CD or USB external drive.
Some available tools are:
9) COMODO Rescue Disk CD
Once you start the CD you can scan the hard drive and require the deletion / correction of the infected files.

PERSONAL EXPERIENCE:
I have often used some of these tools along with excellent results. In particular ComboFix has been decisive with the most "insidious" viruses
Regarding the now infamous "worm" Conficker - Downadup, I can indicate the presence of specific free removal tools from almost all antivirus manufacturers. Among these however Bitdefender provides also a free removal tool that works on the whole LAN and not only on the individual PC ( Network Downadup Removal Tool ). 
Sometimes even after the virus removal, the operating system is "unstable" because it is partly damaged by the virus itself. In these cases a viable technique, apart from the total re-installation of the O.S., is to go back the System Restore a few days before the virus infection (feature available from Windows XP ).


Tags: , , , , , , , , , , , ,

2011/08/05

E-Virus (Part II): Maybe your PC is infected by an e-virus... how to verify its presence?

Depending upon the operation level of the PC you can work in various ways:

A) You can start the PC and enter your username and password.
In this case you can use some tools:

1) Using the free tool GMER you can both see if a rootkit is present, and disable or remove the indicted service / process (E-virus) from the memory and from the next boot starting process. To recognize the services / processes infected by E-viruses might be useful to look for files with very odd names (eg: rytrewxz.dll). GMER usually marks them in red and / or specifies the (*** hidden ***) attribute which means "file hidden to the user." In case that the message: "WARNING! GMER has found system modification, Which Might Have Been Caused by ROOTKIT activity. Do you want to fully scan your system? " appears, it is evident that GMER has identified a rootkit in the system and ask to start the full scan of your PC.


2) If you simultaneously press the keys CTRL + ALT + DEL and access to the Windows Task Manager you can see all the processes active in the PC memory and identify those that have random names such as those cited in case (1), possibly you can kill ("terminate") them, by temporarily removing them  from the memory.

3) Using the free tool McAfee Stinger you can identify and remove the most common e-VIRUSES. This is an automatic procedure since the tool detects both infections in place (memory files), and infected tracks and files in the analyzed hard drive. The tool shows which kind of many "problems" it could identify and provides eith their eradication.

4) Using the free tool Prevx you can identify both a rootkit either that kind of insidious virus that is installed in the MBR (Master Boot Record) of the hard disk. The free version detects and lists all the E-viruses present in the system but it does not eliminate them. However, it may be useful to detect the name of E-virus that infected your PC or the kind of epidemic in progress.

5) The free service OpenDNS for malware detection is totally automatic. When it detects a suspicious activity, the message  "Malware / Botnet Activity Detected" appears on the control panel of OpenDNS

 6) Using the free software "Bitdefender 60-Second Virus Scanner" that precisely in 60 seconds performs a scan of your PC to check for viruses in memory or in "sensitive" areas of the Operating System. It uses cloud technology so you need an internet connection. 
B) If it is NOT possible to boot the system. 
In this case we can use some of the tools described in the following study; 
E-Virus (Part III): I have a PC infected! Now as I clean it?
Insights: 
E-Virus (part I) How to recognize the symptoms of a E-FLU or if your PC has got an E-VIRUS?

Tags: , , , , , , , , , , , ,
Subscribe to: Posts (Atom)