manual virus removal

  • Thread starter Thread starter Spacey Spade
  • Start date Start date
S

Spacey Spade

Is there a website that can help me identify what malware/virus I have,
and how to remove it? Would be cool if there was a viral database,
along with manual removal instructions.
 
Is there a website that can help me identify what malware/virus I have,
and how to remove it? Would be cool if there was a viral database,
along with manual removal instructions.
Click to expand...

Several antivirus vendors offer online scans. From those you might at
least get a malware name (or names in the case of multiple
infestations) and be able to indentify files and folders containing
malicious code. Note that vendors don't necessarily use the same
malware names as other vendors. You'll have a alias name or names
to work with. Virus Bulletin has their Project VGREP which is a
attempt to help people find the names other vendors use when you
supply it with a name from a particular vendor. Armed with alias names
you can start trying to Google up descriptions, removal instructions,
or maybe even a removal tool. There's also Virus Total and jotti where
you can upload suspicious files and see what many av products
name the malware, if any.

Many av vendors and other sources supply detailed enough
descriptions that removal of some malware (certain Tojans) is fairly
straightforward. If you're extremely lucky and skillful using search
engines, you might be able to sleuth out a Trojan technical
description or removal instructions. But it's a long shot since not
all malwares and their variants are written up ... especially newer
ones. And if you're extremely lucky, you might be able to sleuth up a
specific removal tool from one or more of the vendor's sites.

But what about viruses which you can't remove manually? And what
about spyware/adware that only certain specialised scanners recognize?

Instead of taking that approach in the beginning, use a utility like
my KAVDOSNT (see my web site) and do a scan in either Safe mode
or from the boot disk I offer. Arm yourself as well with scanners
such as AdAware and Spybot. You'll be able to resolve your issues
much faster this way.

Art
http://home.epix.net/~artnpeg
 
From: "Spacey Spade" <[email protected]>

| Is there a website that can help me identify what malware/virus I have,
| and how to remove it? Would be cool if there was a viral database,
| along with manual removal instructions.

Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.


Then you will know what named infector it is and you can lookup the infector in the
respective AV library/encyclopedia (if the AV vendor has one).

You need to know specific information on a given infector to get specific instructions for
its removal. Otherwise, let anti virus/anti malware software do the work.
 
This was on someone elses computer. I removed it with F-Prot and it
came back. I removed it again, and this time it hasn't come back
(yet). The computer got infected when it didn't have an antivirus, and
I dropped the Kerio 2.1.5 firewall trying to get a connection working
with a bank. Bank swore* that it was on my side, but later it turned
out they have given me the wrong password. Bastards. I even sent them
the log files from Quicken and they never got back to me. That was
COMPASS BANK. Aaaah, I feel much better now.

I'm not sure about viruses. Can they infect windows files that are in
use by the system? If so, can an antivurs disinfect windows files that
are in use? Would I need to run an antivirus from a bootdisk, so that
all files in windows partition are accessible?

Spacey

* actually, they didn't swear, but they pretty well infered it
 
From: "Spacey Spade" <[email protected]>

Replies are inline...

| This was on someone elses computer. I removed it with F-Prot and it
| came back. I removed it again, and this time it hasn't come back
| (yet). The computer got infected when it didn't have an antivirus, and
| I dropped the Kerio 2.1.5 firewall trying to get a connection working
| with a bank. Bank swore* that it was on my side, but later it turned
| out they have given me the wrong password. Bastards. I even sent them
| the log files from Quicken and they never got back to me. That was
| COMPASS BANK. Aaaah, I feel much better now.
|
| I'm not sure about viruses. Can they infect windows files that are in
| use by the system?


No. They are often queued for deletion upon a reboot.


| If so, can an antivurs disinfect windows files that are in use? Would I need to run an
| antivirus from a bootdisk, so that all files in windows partition are accessible?
|
| Spacey
|
| * actually, they didn't swear, but they pretty well infered it

Sometimes it is a good idea to boot off another OS and scan the system. The following Multi
AV Scanning tool provides this capability.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
 
Back
Top