Author Topic: Who uses the Claymania Procedure?  (Read 2344 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33316
  • malware fighter
Who uses the Claymania Procedure?
« on: November 21, 2005, 04:32:42 PM »
Hello Forum Foks,

Who uses the Claymania Procedure for
Generic Trojan / Adware Removal Procedures?


Claymania Procedure
------------------------------------------------------------------------

    *Generic Trojan / Adware Removal Procedures *
    (*3 different procedures* you can try for malware removal)*
    *By: David Lipman

    *Procedure #1 *

       1. Download the following four items (links will open a new
          browser window)...

          McAfee Stinger
          http://vil.nai.com/vil/stinger/

          Trend Sysclean Package
          http://www.trendmicro.com/download/dcs.asp

          Latest Trend Virus Pattern Files. (example; lpt285.zip***)
          http://www.trendmicro.com/download/pattern.asp
          (*The file name lpt285.zip is simply an example name of the
          file and you'll find the filename posted at TrendMicro will
          have a higher number than 285. Each time TrendMicro produces
          new Pattern Files the number in the file name will be
          incremented accordingly.)

          Ad-Aware SE (free personal edition)
          http://www.lavasoftusa.com/

       2.

          Create a new directory.
          On drive "C:\"
          (e.g., "c:\New Folder")
          or the desktop
          (e.g., "C:\Documents and Settings\username\Desktop\New Folder")

          Place SYSCLEAN.COM (the Trend Sysclean Package referenced
          above) into the new directory you created. Extract the latest
          Trend Virus Pattern Files (Example: lpt$vpn.285 and
          WHATSNEW.TXT) from the zip file you downloaded above into the
          same new directory you created. The Trend Pattern File
          contained in the ZIP file *must be placed in the same
          directory* as SYSCLEAN.COM!

          *Important*: The TrendMicro Pattern file is updated reguarly.
          Aywhere from once per day to a few times in a day. Always make
          sure you have the latest version of SYSCLEAN.COM and the
          Pattern File before you scan your platform. The McAfee Stinger
          Internet worm and Trojan removal tool is upgraded
          periodically. Always make sure you have the latest version of
          McAfee Stinger utility before you scan your platform.

       3. Install and Update Ad-Aware with the latest definitions.

       4. If you are using WinME or WinXP, disable System Restore.
          http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

       5. Reboot your PC into Safe Mode [F8 key during boot process].

          How to Boot Into Safe Mode:

          Generic
          <http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam>

          Windows XP
          <http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx>

          How to perform a clean boot in Windows XP
          <http://support.microsoft.com/kb/310353>

       6. Using McAfee Stinger, the Trend Sysclean utility and Ad-Aware,
          perform a Full Scan of your platform and clean and/or delete
          any infectors and/or parasites found (a few cycles may be needed).

       7. Restart your PC and perform a "final" Full Scan of your
          platform using McAfee Stinger, the Trend Sysclean utility and
          Ad-Aware.

       8. If you are using WinME or WinXP,Re-enable System Restore and
          re-apply any System Restore preferences (e.g. HD space to use
          suggested 400 ~ 600MB).

       9. Reboot your PC.

      10. If you are using WinME or WinXP, create a new Restore point

        End of Procedure #1

        * * * Please report back your results * * *

    *Procedure #2 *

    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script
    Interpreter
    { http://kixtart.org - Kixtart is CareWare } 4 batch files, 6
    Kixtart scripts, one Link
    (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and
    WGET.EXE. It will
    simplify the process of using; Sophos, Trend, Kaspersky and McAfee
    Anti Virus Command
    Line Scanners to remove viruses, Trojans and various other malware.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in
    C:\AV-CLS}
    This will bring up the initial menu of choices and should be
    executed in Normal Mode.
    This way all the components can be downloaded from each AV vendor?s
    web site.
    The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu
    and Reboot the PC.

    You can choose to go to each menu item and just download the needed
    files or you can
    download the files and perform a scan in Normal Mode. Once you have
    downloaded the
    files needed for each scanner you want to use, you should reboot the
    PC into Safe Mode
    [F8 key during boot] and re-run the menu again and choose which
    scanner you want to
    run in Safe Mode. It is suggested to run the scanners in both Safe
    Mode and Normal
    Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more
    comprehensive PDF
    help file.

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder
    C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow
    WGET.EXE to go through
    your FireWall to allow it to download the needed AV vendor related
    files.

    End of Procedure #2

    * * * Please report back your results * * *

    *Procedure #3 *

    Download/install/run Art Kopp's modified version of a Kaspersky
    based AV scanner engine
    http://www.claymania.com/KASFX.EXE

    End of Procedure #3

  As found on the Net cached from:
^© /Claymania Creations/ 2001 - 2005. All rights reserved.

Updated: October 3, 2005

greets.

polonus
« Last Edit: November 21, 2005, 04:34:52 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!