Using Dr.Web CureIt

Discussion in 'Malware Removal FAQ' started by chaslang, Jul 14, 2007.

Thread Status:
Not open for further replies.
  1. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Download Dr.Web CureIt and save it to your desktop.
    • After the file has downloaded, disable your antivirus program and disconnect from the Internet (unplug your cable).
    • Doubleclick the cureit.exe file and then click the Start button, then the OK button to perform an Express Scan.
    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
    • Once the short scan has finished, Click on the Complete scan radio button.
    • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
    • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
    • On the File types tab ensure you select All files
    • Click on the Actions tab and set the following:
      • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
      • Infected packages Archive = Move, E-mails = Report, Containers = Move
      • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
      • Do not change the Rename extension - default is: #??
      • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
      • Leave prompt on Action checked
    • On the Log file tab leave the Log to file checked.
    • Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log
    • Log mode = Append
    • Encoding = ANSI
    • Details Leave Names of file packers and Statistics checked.
    • Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.
    • On the General tab leave the Scan Priority on High
    • Click the Apply button at the bottom, and then the OK button.
    • On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.
    • In this mode it will scan Boot sectors of all disks, All removable media, and all local drives
    • The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.
    • When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.
    • Click 'Yes to all' if it asks if you want to cure/move the files.
    • This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)
    • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    • Save the report to your Desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
    • Now reboot your computer!! This is necessary because there could be files in use that will be moved or deleted during reboot.
    • After reboot, rename the DrWeb.csv fileto DrWeb.txt so that it can be uploaded here and then attach the DrWeb.txt log to your next reply
     
    Last edited: Jul 13, 2009
    chaslang, Jul 14, 2007
    #1
Thread Status:
Not open for further replies.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds