Avast WEBforum
Other => General Topics => Topic started by: Coolmario88 on March 28, 2015, 06:22:33 AM
-
What are some good tools other than avast ;D that is good to run on a infected machine to remove malware? I'm wanting to learn about tools there is to use to remove stuff like that..
Btw anybody that knows how to use OTL please tell me how can i learn to use it.. Thanks.
-
Malwarebytes / MCShield
Btw anybody that knows how to use OTL please tell me how can i learn to use it.. Thanks.
traing at uniteagainstmalware.com/
-
OTL has now gone to bed as OldMan has retired and is no longer supporting it
FRST has now take over as tool of choice although ZOEK is hovering around
Personally I like to see what there is before running automated tools :)
-
Hi Coolmario88,
Yes finding out what malware you are confronted with or whether you are to go after a false positive is always a first priority. With cold reconnaissance website analysis I do this all the time all of the time and in the long run the practice brings an awful lot of insight and where qualified removal experts like essexboy concerned, I guess they have gained so much experience that they can almost make a fair guess what is out there. Just like American Indian scouts knew when they found common plantain (Plantago Major) somewhere westerners must have been around, because they spread that ill weed with the soles of their shoes, like the old Roman soldiers with the soles of their sandals spread that common plantain over Europe. We as children used the fresh juice of the plant to cure blisters we got from stinging-nettle.
Whenever you want to learn malware cleansing ask essexboy if you can get an online training under his supervision. He is a teacher at G2G, one of the best online institutes to learn the art of malware cleansing. He might enroill you when he thinks you would qualify to be trained.
polonus
-
<snip>
Personally I like to see what there is before running automated tools :)
Very wise, if you use automated tools you soon lose the knowledge gained by manually checking.
-
<snip>
Personally I like to see what there is before running automated tools :)
Very wise, if you use automated tools you soon lose the knowledge gained by manually checking.
An automated tool should only be used when essexboy is on vacation or otherwise not available. :)
-
Hi bob3160,
In that case the victim should come here also and ask one of the other qualified removal experts, we are so fortunate we have a whole bunch of them hanging out here on the forums. ;D
Never use automated cleansing tools out on your own, you may ruin part of your valuable OS in the case of a false positive or whenever the registry get compromised you could be even in a worse predicament than you were before. ::)
polonus
-
Although tools can be very helpful, it all starts with the knowledge that the user has.
-
Hi bob3160,
In that case the victim should come here also and ask one of the other qualified removal experts, we are so fortunate we have a whole bunch of them hanging out here on the forums. ;D
Never use automated cleansing tools out on your own, you may ruin part of your valuable OS in the case of a false positive or whenever the registry get compromised you could be even in a worse predicament than you were before. ::)
polonus
You need to stop taking everything so seriously.... My reply was meant to be funny. :)
-
Hi bob3160,
I understood what you meant and how it was meant. I ironically replied in earnest ;D
We often miss out the tone and intonation when posting.
Well even emoticons won't always help to get across exactly what we mean,
sometimes a picture may help...
Damian
-
Thank you all for the well informed replies!
I'm wanting to learn because i am the one in my family with the computer smarts..
Thanks again for replying ;D
-
Guys kinda off-topic question here but..
I went to loveroms, and coolroms yesterday and well canceled the loveroms installer helper tool it put icon on desktop for if i wanted to return to it.. and coolroms i went through with.. One put adware on my machine.. I ran SAS, MBAM, TDDSkiller, Mbar, MBAM, Avast, Adw cleaner, hitman pro.. They are all now saying clean.. Should my Pc be reliable and safe? Avast detected the loverom files from the location in the screenshot attached.. Should removing these files be safe or would be best to rename to .backup until i find out if it was windows or some other app files?
-
If you need a check, start a new topic in V&W and post your logs there: https://forum.avast.com/index.php?action=post;board=4.0
-
If you need a check, start a new topic in V&W and post your logs there: https://forum.avast.com/index.php?action=post;board=4.0
if i see unknown activity i will then..
do you think i should take the programs word for it? one of the adware was an in browser ad display thing that only showed ads in search engines like google called Digital more.. nothing on the web about it that i can see.. but i got it 100% gone i think..
-
do you think i should take the programs word for it?
Without your diagnostic logs we could only guess. ;)
-
do you think i should take the programs word for it?
Without your diagnostic logs we could only guess. ;)
Alright :)
Is digital more ads adware or a virus?
-
Sounds like Adware, but as some Adware acts like Malware, it's hard to tell.
-
Hi Coolmario88 and Asyn,
That is why despite of all critique I like the road-signs I get from WOT. If you had you would know not to venture out there or with caution:
https://www.mywot.com/en/scorecard/loveroms.com?utm_source=addon&utm_content=popup
In the meantime and while waiting for the qualified removal assitence, read here on the additional adware from loveroms dot com -Win32:Rootkit-gen [Rtk] :
http://greatis.com/cleanvirus/remove-malware/hw32-packed-71c6-loveroms-exe.htm
Re: https://www.virustotal.com/en/file/e35080388b436eef295c0de78e8e482aa7062b4bec588d3b7cb4a08b2af57dc7/analysis/
polonus
-
Thanks for your input Pol, seems it's time for Coolmario to post some logs... ;)
-
Thanks for your input Pol, seems it's time for Coolmario to post some logs... ;)
Again.... :( Wonder which or whose computer this is on ???
-
Thanks for your input Pol, seems it's time for Coolmario to post some logs... ;)
Again.... :( Wonder which or whose computer this is on ???
See: Reply #11
-
I did rootkit scans last night with TDDSKiller and Mbar both said i am clean.. Avast did detect those files and remove them though... is it best to just post logs to be sure?
If yes.. What tools should i run for the logs you want me to post?
-
Also if the logs show up clean.. Would the PC still be reliable? Somebody told me once a PC is infected it is never reliable again really.. If this is true should i just use the Gateway recovery tool to reinstal windows 8.0 and then install all updates to it then upgrade to windows 8.1 again?
-
Also if the logs show up clean.. Would the PC still be reliable? Somebody told me once a PC is infected it is never reliable again really..
depends on what infection
if file infector, yes http://miekiemoes.blogspot.no/2009/02/virut-and-other-file-infectors-throwing.html
What tools should i run for the logs you want me to post?
attach Farbar Recovery Scan Tool diagnostic logs ...there will be two
-
The damn virus came back! Avast is going crazy about it.. and my computer crashed about corrutpion and stuff.. I'm about to reinstall windows.. which will downgrade me to 8.0 but i guess i can upgrade to 8.1 again right?
-
why not attach the logs and let a certified malware expert have a look first ....
-
why not attach the logs and let a certified malware expert have a look first ....
You replied a little to late the process of a reinstall is happening now.. I tried to make logs with the ones you guys recommend like farbar.. It just crashed my PC
-
As I said in the PM if the folder is not deleted then there is the possibility it will re-spawn
-
You replied a little to late the process of a reinstall is happening now..
no it is you who dont wait for a reply before starting ;)
-
You replied a little to late the process of a reinstall is happening now..
no it is you who dont wait for a reply before starting ;)
I guess your right..
I think it was a file infector was part of it.. Avast kept on blocking the unity3d webplayer uninstall.exe before i went to loveroms and coolroms.. Maybe those sites made it worst.. At least now i'll have a virus free machine gonna use better common sense this time..
-
If it was a file infector then Avast would have been alerting on system files
-
Guys thanks for trying to help earlier.. I have learned something from all this..
Like don't go on shady sites, and stuff like that.. Tomorrow updating back to win8.1 and installing over a GB of updates..
I promise this may be last time my PC gets infected by my stupid act..
-
So does all downloaders similar to the one download (dot) com uses is and can cause what happened to me?
In other news I got windows 8.1 up and running again finally
-
Hey Pony :P
You should make regular images, and store them on an external HD.
Greetz, Red.
-
It is really easy to use Macrium to make an image
Download and install Macrium Reflect free (http://www.macrium.com/reflectfree.aspx)
CREATE EMERGENCY USB
Once installed run the programme
Insert a 4GB USB drive into the system
On the left of the dialogue select Other Tasks
Select Create bootable Rescue media
In the window that opens select Windows PE 5.0
Click Next
(https://dl.dropboxusercontent.com/u/73555776/macriumbootdisc.JPG)
Select Default base WIM on the next dialogue and press next
(https://dl.dropboxusercontent.com/u/73555776/macriumpe.JPG)
On the next dialogue select your USB drive and enable multiboot MBR/EUFI USB support (If available)
Click Finish and your rescue USB will be created
(https://dl.dropboxusercontent.com/u/73555776/macriumburn.JPG)
Once the burn has finished you will be asked to test the USB
Do this by rebooting the computer with the USB inserted
The computer should then start in the recovery mode
Exit from this and remove the USB
Keep the USB safe as this will enable an unbootable computer to boot
TO MAKE AN IMAGE
Connect your external Hard Disc
Run the programme and tick the partitions you wish to image (In my case I have selected System and OS )
(https://dl.dropboxusercontent.com/u/73555776/macriumselect.JPG)
Then click Image selected disc on this computer at the top left
Ensure that the correct partitions are selected to image
Under destination locate and select the external drive in my case G
(https://dl.dropboxusercontent.com/u/73555776/macriumexternal.JPG)
Click next and a summary of actions will be shown
If you are happy click finish
(https://dl.dropboxusercontent.com/u/73555776/macriumconfirm.JPG)
You will be asked to confirm the backup
Select OK
Once it has completed select close and unplug the external drive. Job done
(https://dl.dropboxusercontent.com/u/73555776/macriumcomplete.JPG)
To use the image from an unbootable computer
Start the computer with the recovery USB
Plug in the external drive and just follow the prompts :)
-
It is really easy to use Macrium to make an image
Download and install Macrium Reflect free (http://www.macrium.com/reflectfree.aspx)
CREATE EMERGENCY USB
Once installed run the programme
Insert a 4GB USB drive into the system
On the left of the dialogue select Other Tasks
Select Create bootable Rescue media
In the window that opens select Windows PE 5.0
Click Next
(https://dl.dropboxusercontent.com/u/73555776/macriumbootdisc.JPG)
Select Default base WIM on the next dialogue and press next
(https://dl.dropboxusercontent.com/u/73555776/macriumpe.JPG)
On the next dialogue select your USB drive and enable multiboot MBR/EUFI USB support (If available)
Click Finish and your rescue USB will be created
(https://dl.dropboxusercontent.com/u/73555776/macriumburn.JPG)
Once the burn has finished you will be asked to test the USB
Do this by rebooting the computer with the USB inserted
The computer should then start in the recovery mode
Exit from this and remove the USB
Keep the USB safe as this will enable an unbootable computer to boot
TO MAKE AN IMAGE
Connect your external Hard Disc
Run the programme and tick the partitions you wish to image (In my case I have selected System and OS )
(https://dl.dropboxusercontent.com/u/73555776/macriumselect.JPG)
Then click Image selected disc on this computer at the top left
Ensure that the correct partitions are selected to image
Under destination locate and select the external drive in my case G
(https://dl.dropboxusercontent.com/u/73555776/macriumexternal.JPG)
Click next and a summary of actions will be shown
If you are happy click finish
(https://dl.dropboxusercontent.com/u/73555776/macriumconfirm.JPG)
You will be asked to confirm the backup
Select OK
Once it has completed select close and unplug the external drive. Job done
(https://dl.dropboxusercontent.com/u/73555776/macriumcomplete.JPG)
To use the image from an unbootable computer
Start the computer with the recovery USB
Plug in the external drive and just follow the prompts :)
Does this restore my PC to the date the image was made if ever needed? Also does it have to be a USB drive or SD card will do?
-
Hi my friend :)
Does this restore my PC to the date the image was made if ever needed?
That is the whole idea : You make an exact copy of the partition(s) you want, and you can restore it any time.
I personaly make an image every week. And of cource before a Windows update, Avast! Beta install etc.
Also does it have to be a USB drive or SD card will do?
It should be a bootable device, so you should make the SD slot bootable in the BIOS. If that is possible with you.
Maybe Essexboy can advise you better :)
Greetz, Red.
-
Btw. a nice tutorial from Essexboy :)
Greetz, Red.
-
What are some good tools other than avast ;D that is good to run on a infected machine to remove malware? I'm wanting to learn about tools there is to use to remove stuff like that..
Btw anybody that knows how to use OTL please tell me how can i learn to use it.. Thanks.
I'm partial to AdwCleaner and JRT. Easy to use, fast and effective.
-
Essexboy, yikes, that doesn't look that easy, but I guess after you've done it a few times it would be. I use Drive Snapshot, just 2 or 3 buttons to click, thats it. Not sure how effective it is though as I haven't had to do a restore yet.
-
After you have done the initial USB set up and set the parameters. The hardest part is remembering to plug in the USB drive for a backup :)
-
Essexboy, yikes, that doesn't look that easy, but I guess after you've done it a few times it would be. I use Drive Snapshot, just 2 or 3 buttons to click, thats it. Not sure how effective it is though as I haven't had to do a restore yet.
You seem to forget that Windows already comes with a very reliable Imaging tool.
I've used it often and have never had a problem.
Simple to set up in Windows 7 and for Windows 8, 8.1 and Windows 10.
Simply follow the directions in the video to create a desktop shortcut to access the function:
https://youtu.be/m5h9Kug5HTI (https://youtu.be/m5h9Kug5HTI)
-
I actually use Windows and Snapshot for backups Bob.
-
AOMEI Backupper is one that has yet to fail for me and it's free as is Macrium Reflect.
As it was pointed out before make weekly backups. Doing this will mean you may lose
only one weeks worth of work but it saves all of those weeks before. It takes less time to
restore a backup than to re-do what may have been lost.
-
Read here why uBlock is very good when we compare it to ABP -> https://forum.avast.com/index.php?topic=169054.0
Why uBlock prevents loading this website: http://members.tripod.com/ See: https://www.virustotal.com/nl/ip-address/209.202.252.50/information/
This is a Suspicious Cloud destination, Symantec detects Suspicious.Cloud.5, a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.
Avast detects Win32:CIH there.
polonus