malware removal - kiosk mode

malware removal

take malware seriously, never assume
no symptoms doesn't mean you're clean

quick removal

if you're facing a large or unknown infection start here AdwCleaner - toolslib.net/downloads/viewdownload/1-adwcleaner toolslib.net/downloads/finish/1/ removes lots of common viruses and bad browser extensions. portable, "uninstall" removes itself and quarantine Junkware Removal Tool (JRT) - www.malwarebytes.com/junkwareremovaltool/ downloads.malwarebytes.com/file/jrt/ thisisudax.org/downloads/JRT.exe www.fosshub.com/Junkware-Removal-Tool.html removes common garbage software, no options and removal is automatic RogueKiller - adlice.com/softwares/roguekiller download.adlice.com/RogueKiller/RogueKiller.exe download.adlice.com/RogueKiller/RogueKillerX64.exe www.fosshub.com/RogueKiller.html removes most common viruses. hosts, DNS, MBR, hidden/deleted shortcuts -> plugin and IE history scan adlice.com/softwares/wigi download.adlice.com/WIGI/WhyIGotInfected.exe TDSSKiller - support.kaspersky.com/us/viruses/disinfection/5350 media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe www.fosshub.com/TDSSKiller.html specialized in removing rootkits

full scan

aswMBR - public.avast.com/~gmerek/aswMBR.htm files.avast.com/files/rootkit-scanner/aswmbr.exe www.fosshub.com/aswMBR.html rootkit scanner using avast virus definitions I rarely have to run this Avira PC Cleaner - www.avira.com/en/downloads#tools install.avira-update.com/package/pccleanerwebloader/win32/en/avira_pc_cleaner_en.exe avira scanning portable. pretty good detection rates requires install, portable after "install" to usb drive ComboFix - bleepingcomputer.com/download/combofix/ bleepingcomputer.com/download/combofix/dl/12/ www.fosshub.com/ComboFix.html sweeping removal of common malware, resets a lot of defaults, xp to 7 only I find this tool kind of ancient and don't/can't run it anymore Emsisoft EEK - emsisoft.com/en/software/eek dl.emsisoft.com/EmsisoftEmergencyKit.exe one of the best free malware scanners. can take forever to update and scan ESET Online Scanner - www.eset.co.uk/Antivirus-Utilities/Online-Scanner download.eset.com/special/eos/esetsmartinstaller_enu.exe eset scanning portable, good detection rates requires install and internet connection Kaspersky Security Scan - kaspersky.com/free-virus-scan www.kaspersky.com/acq/kss-thank-you requires install Malwarebytes - malwarebytes.org downloads.malwarebytes.org/file/mbam requires install, uncheck free trial before finishing I usually don't bother with this anymore Sophos Virus Removal Tool - www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx downloads.sophos.com/tools/withides/Sophos%20Virus%20Removal%20Tool.exe limited options but fairly good scanning, requires install Stinger - www.mcafee.com/us/downloads/free-tools/stinger.aspx downloadcenter.mcafee.com/products/mcafee-avert/Stinger/stinger32.exe the only good mcafee product. I rarely use this anymore

analysis/manual removal

HijackThis - sourceforge.net/projects/hjt sourceforge.net/projects/hjt/files/latest/download manually analyse common malicious regristy keys. why did trend micro buy this -> Log analysis hijackthis.de ESET SysInspector - kb.eset.com/esetkb/index?page=content&id=SOLN762 download.eset.com/download/sysinspector/32/ENU/SysInspector.exe download.eset.com/download/sysinspector/64/ENU/SysInspector.exe kind of like hijackthis but much more in-depth, used for manual removal Process Explorer - technet.microsoft.com/en-ca/sysinternals/bb896653.aspx live.sysinternals.com/procexp.exe detailed process management Process Hacker - processhacker.sourceforge.net processhacker.sourceforge.net/downloads.php advanced task manager and much much more VirusTotal Uploader - www.virustotal.com/en/documentation/desktop-applications/ www.virustotal.com/static/bin/vtuploader2.2.exe upload files or running applications to virustotal for analysis. context menu upload portable after installation

prevention

Blocking - kiosk.neocities.org/block.html the vast majority of malware enters through the browser setup an adblocker, it's the first line of defence CryptoPrevent - foolishit.com/cryptoprevent-malware-prevention/ foolishit.com/cryptoprevent-malware-prevention/portable-edition/ download.foolishit.com/CryptoPreventSetup.exe download.foolishit.com/CryptoPrevent.zip blocks crypto viruses and others running from appdata, temp directories, and through other workarounds