Question...

Discussion in 'The Lounge' started by PunyN00b, Jun 18, 2012.

  1. PunyN00b

    PunyN00b Private E-2

    Didn't really know where else to put this since it's not really a request for assistance, just a general question.

    I've noticed in the malware removal forum that the removal process in the Read Me First thread has changed. Combofix and SuperAntiSpyware are gone and appear to have been replaced with RogueKiller and Hitman Pro. Just wondering, is there any particular reason for this? Also, what do you guys think of D7?
     
    PunyN00b, Jun 18, 2012
    #1
  2. LauraR

    LauraR MajorGeeks Super-Duper Administrator Staff Member

    The Read & Run Me has been changed so that they can better fight the Malware that is out there now...a lot of which has evolved to block Combo Fix. They will still be utilizing it, however, it will be later in the process.

    The creators of malware adjust their crap to make sure that the antimalware software out there can't fight it, therefore you have to use different tools after a while.

    The rest of it...I can't speak to. Maybe someone else can.


    I miss the days when you just had Norton installed on your computer and it would not only block the sad malware, but it would actually get rid of it. Sadly, pretty much all of the malware out there now requires manual removal to get rid of. I figure there are thousands of shops and repair techs out there making a lot of money on reinstalling people's OS's.
     
    LauraR, Jun 18, 2012
    #2
  3. sikvik

    sikvik Corporal Karma

    Not sure as to why ComboFix was removed. May be running the /uninstall switch as thisisu, mentioned.
    http://forums.majorgeeks.com/showthread.php?t=260432

    But there has to be more than just that. Sure sUBs the developer will sort it out.

    RogueKiller by Tigzy is also brilliant in killing malicious processes that try to stop other malware cleansing apps from running. It's used often enough. Maybe it was included in the R&R due to the current crop of infections.

    Maybe a team member from the malware removal team will drop in here with comments. They are very busy.

    Cheers..
     
    sikvik, Jun 18, 2012
    #3
  4. PunyN00b

    PunyN00b Private E-2

    Absolutely. I work for probably the biggest one out there and I can attest to the truth of this. Doesn't really help that we have an approved set of tools that we can't go outside of due to legalities and such. But even doing my own work on the side and using stuff outside of that toolset some of this stuff is just plain nasty, and backing up and restoring is probably the best way to go in many cases. Generally speaking you can kill a lot of things by manual removal of stuff in AppData and Program Data, running HijackThis, System Explorer, and Autoruns and then running whatever virus scanners you're going to use (Malwarebytes, SuperAntiSpyware, Combofix, TDSSkiller, Norton Power Eraser, Kaspersky Rescue CD, Bitdefender Rescue CD, aswMBR, Ultra Virus Killer, Comodo Cleaning Essentials, D7, AVZ, Trend Micro Fake AV Removal Tool, etc...). You can even identify and kill some of the nasty bootkits out there if you know what you're looking for in diskpart. Obviously this isn't going to fix everything though. Especially on things such as the Fake AV programs that hide your desktop, start menu, etc... and fool people into thinking all their files are gone, the infections that hijack the desktop settings in the registry and set it to a blank background with hidden icons every time you reboot (this stuff can be fixed manually if you know what you're looking for, and Tweaking.com's Windows Repair Tool can take care of a lot of it too). The rootkits that inject themselves into all kinds of important system files and drivers are a huge headache as well.

    I was just kinda curious about Combofix in particular because it seems like it does a pretty good job if you use it under the supervision of somebody that knows how to write scripts for it. I guess it's just going to be used on an as needed basis then.
     
    PunyN00b, Jun 18, 2012
    #4
  5. LauraR

    LauraR MajorGeeks Super-Duper Administrator Staff Member

    Ah, okay, so you do repair yourself. That'll most likely change things as you have the infected machine in hand. If the malware blocks a specific tool, you probably know how to get around that, or what to run if you can't. The problem that our forum malware techs run into is that they are counting on people who mostly only have a basic knowledge of computers in general and are reliant on the scans the people can run.

    I'm sure you've seen how the more effective a removal tool is, the more likely you are to see the malware set up to block it from running.

    Once in a while I'll check out the malware threads and I believe I've even seen where they've blocked people from downloading from MajorGeeks.

    I do know that ComboFix will still be used as it's a great tool. I think they've just changed out the initial scans. They've had to evolve with the malware, which as you've stated, has gotten much more clever.

    I did find this interesting that you said:

    I guess a lot of the tools out there that are some of the best are free and not for commercial use.
     
    LauraR, Jun 18, 2012
    #5
  6. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi

    Combofix is a tool that will kill specific malware and as such it may not be a great tool to use straight off the bat so to speak so it was removed from the initial malware removal instructions as are a few other items, as you will know if you are in the industry of security and malware removals that options change over time as the malware writers to get clever and circumvent some removal tools, not that this has happened with Combofix but its a tool left best to serve a specific purpose.

    As you mentioned all in one scanners are not going to fix the harder malware as its specific to the PC, hence why Majorgeeks used custom tools as in MGTools to root out said malware, although these tools need to be reviewed by a malware expert manually as its not an automated process, as malware can uniquely change file names etc

    I personally think we need to change how we attack malware and in part its not cure but prevention and this is the hardest part to get across to users as they love their free music, vidoes and software.
     
    DavidGP, Jun 23, 2012
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds