*DIY Malware Repair



Rootkits | Bootkits | Spyware | Trojans | Key-Loggers
Viruses | Fake Antivirus | TDL4 | TDSS | Alureon

* Do-It-Yourself Virus removal for just about any Malware infection

scroll down for more information

 // More Information

Computer viral infections can be removed using the techniques listed below, ensure you have at least two complete backups of your computer. Disable your System Restore, and temporarily stop your Antivirus program.

Here are the steps we use to remove viruses:
1. Disable "System Restore" before you begin.

  • START
  • RUN
  • sysdm.cpl
  • OK
  • System Restore
  • tick / check Turn off System Restore
  • OK
3. Follow the instructions and watch this video.

4. Complete two full backups of all your data before proceeding.

5. Ensure you disable your Antivirus program.

6. Run ONE at a time

7. Save and review the various log files.

8. Go to the DOS Prompt then to your desktop

9. At the DOS PROMPT run COMBOFIX /UNINSTALL
2. Download and save the following software tools to your Desktop:

10. Re-Enable your antivirus program when you are finished.

11. System Restore should be re-enabled.

12. Restart your computer.

13. Reset Internet Explorer
  • Open Internet Explorer
  • TOOLS
  • INTERNET OPTIONS
  • ADVANCED (tab)
  • RESET
  • RESET
  • CLOSE
  • Exit IE and then restart it.
When IE restarts it will ask if you want to Use recommended security and compatibility settings, tick / check the box and follow the defaults, as you can modify your settings later.

14. How To Change your Start Page
  • enter your desired start-page URL (like http://google.com) into the address bar
  • TOOLS
  • INTERNET OPTIONS
  • USE CURRENT
  • OK.


 // Free Rootkit Scanners - Part One of Two

WHAT IS A ROOTKIT (RK)? It is a program designed to look like a portion of the operating system. The RK loads at a very low level, often lower (before) your Antivirus software.

WHAT DOES A RK DO TO MY COMPUTER? The RK disables your Antivirus, and then does its mischief. Typically this type of viral infection is developed by criminal gangs and their purpose is to make money by either redirecting your computer to a fake web site which offers to remove the infection (A Fake Antivirus Program or Fake AV) or sometimes to send spam from a computer and / or access personal banking or credit card information.

HOW CAN I REMOVE A ROOTKIT?
Here is a list of 100% Free Rootkit Scanners and Repair Utilities
1. Combo-fix FREE - bleepingcomputer.com/download/anti-virus/Combofix
This is a great Free RK Removal Program, but you must read and follow all of the instructions or your computer may become inoperable. Your existing Antivirus program must be disabled before use.

2. HitmanPro 30 Day Trial - surfright.nl/en/hitmanpro
This is a fast second opinion, Hitman Pro can run even if your existing Antivirus program is running / Active. Ensure you download the appropriate version 32 bit or 64 bit.

3. GMER - FREE - gmer.net
Yet another great RK removal tool. ENSURE you read and follow their instructions. It's nice to see there are a lot of nerds wearing white hats.

4. Kaspersky RK removal program - support.kaspersky.com/viruses/solutions?qid=208280684
Disinfects an infected computer. Download the TDSSKiller.exe and run the application. This program can run while your Antivirus is active. Kaspersky's RK remover is fast but looks primarily for TDSS, Aleron, and Tidserv type RK variants.

5. SOPHOS Anti-RK - Free RK detection and removal tool - sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx
Yet another RK scan, detect and repair tool. SOPHOS is one of the best Malware prevention systems and removal kit available. Highly recommended by nerds everywhere.

scroll down to see more


 // No Cost Rootkit Scanners - Part Two of Two

The secret to remove a RK and other Malware programs infecting your computer is use multiple Rootkit Scanner programs. Some of these programs give you a false positive. A false positive means the RK scanner program has mislabeled a good clean file as an infection and wants to delete it. SO, please be aware you should always have multiple data backups before using these programs. Because sometimes a false positive could be that "Mission Critical" piece of data. If you have never drilled down into the bowels of your computer and aren't sure what you are doing, maybe you should ask someone more qualified to help you.
6. UBCD4WIN bootable recovery CD - ubcd4win.com
Here is a alternative method to scan, clean and repair a RK that just won't go away! You will need to create a bootable UBCD4WIN CD on an un-infected computer. Here is a link to a video that explains how to create an UBCD4WIN bootable CD youtube.com/watch?v=ho_EQHkvcxM . You burn your own bootable recovery CD, you can add tools and programs which can target a specific RK. Since the Infected computer is running from the CD the pesky RK is offline, not marked as open and can be deleted. This is a great method to kill those RK's that just will not die.

7. Alternative UBCD4WIN bootable USB Flash Drive Video- youtube.com/watch?v=jdIKHdcMA0Y
It could be only "hard core" nerds get sweaty just thinking about all the possibilities of using a bootable UBCD4WIN USB flash drive to remove a RK. But if you have always wanted that pocket protector, this method is awesome. You create your own Bootable USB UBCD4WIN stick, it is portable and you can load practically every RK removal program on the USB flash drive, boot from it and clobber every nasty RK hiding on your computer. This method takes a bit of time as there is a learning curve, and requires another computer to create but well worth the time. Ensure you watch both videos and have a idea where you are going before your burn too much time. Some older computers may not boot from a USB flash drive so look at your computer BIOS before starting.
About the only thing you can't do is ignore them. Because they change things.
John Appleseed

 // Fake Antivirus Removal Cleaning and Repair

The issue is you have a Fake Antivirus Removal (FAVR) problem and you want to remove it. Use each of the following Phony AV remover programs one at a time.

Combo-fix FREE - Http://bleepingcomputer.com/download/anti-virus/Combofix
This is a great Free FAVR, but you must read and follow all of the instructions or your computer may become inoperable. Your existing AV program must be disabled before use.

HitmanPro 30 Day Trial - http://surfright.nl/en/hitmanpro
This is a fast second opinion, HitmanPro can run even if your existing AV program is running / Active. Ensure you download the appropriate version 32 bit or 64 bit.























GMER - FREE - gmer.net
Yet another great Free FAVR Program. ENSURE you read and follow their instructions. It's nice to see there are a lot of nerds wearing white hats.

Kaspersky FAVR program - http://support.kaspersky.com/viruses/solutions?qid=208280684
Disinfects an infected computer. Download the TDSSKiller.exe and run the application. This program can run while your AV is active. Kaspersky's RK remover is fast but looks primarily for TDSS, Aleron, and Tidserv type RK variants.

The goal of this web page is to present the steps you should follow to remove Malware infections using these FAVR Tools. Ideally, you should follow the steps in sequence, but some infections may prevent using several cleaning programs.  If you cannot use one of the cleaning utilities, go to the next step and see if it removes the infection(s). Try using EVERY cleaning program to ensure the infection(s) has been removed.  Malware infections are designed by Cyber-Criminals to steal your personal information and these unauthorized programs are very sophisticated and difficult to remove. It may take many hours or several days to scan, clean and repair your Malware infection (s).  Please be patient, follow the steps, read the instructions and keep your "fingers crossed". Sometimes the only way to repair your computer is just never give up. 

 // Top 10 Free Antivirus ISO's to create bootable recovery CD's or bootable USB Flash Drives 1/2

  About
Individual Antivirus ISO's are used to create (using the free ISO CD Creator for some of the below ISO's) standalone bootable antivirus repair Anti-virus Bootable Rescue CD Disk. Because your infected computer boots from the following CD's, the infected file isn't marked as open or marked as un-deletable by the operating system's attributes. You would want to use more than one of the following bootable anti-virus CD's to ensure the infection has really been removed. CD's are cheap and using 5-6 would just about guarantee the malware infection has been removed.
  Help
4. F-Secure This is their easy clean system Not a bootable CD - Use to remove threats

5. AVG ISO Comprehensive Top 10 Free Antivirus toolkit to repair your computer system

6. Trinity ISO Free Linux Top 10 Free Antivirus CD to repair and rescue your Windows operating system

7. Dr Web ISO -FTP site - read their PDFs before you use

8. Antivir ISO - Download only, contains no usage information

9. Avira ISO - Download the Antivirus file, run and a bootable CD is created

10. G-Data Beta ISO - This is BETA so use with caution
  Resources
Use the following to create your own Top 10 Free Antivirus bootable CD's

ISO-CD Creator - This is a CD image burner to create the following bootable CD's form the ISO images below

1. BitDefender ISO How to create a Top 10 Free Antivirus Bitdefender Rescue CD - Step-By-Step instructions

2. Sophos ISO This is an emergency solution which may cause data loss, read the directions before you begin to create your Top 10 Free Antivirus CD

3. Kaspersky ISO This is a bootable Top 10 Free Antivirus DOS CD - read the instructions ... again please backup your data before using this or any of the bootable CD's

scroll down for more information

 // Top 10 Free Antivirus ISO's to create bootable recovery CD's or bootable USB Flash Drives 2/2


Requirements:
A CDROM DVDROM writer, a package of blank CD/DVDs and a bit of patience.

CD / DVD Tips:
Here is a You Tube video showing how to create a bootable ISO Image youtube.com/watch?v=bgi9D6Z8gTY

Create the Boot CD/DVD on an uninfected computer, handle the media on the edges, i.e., no finger prints on the media. Also buy sleeves or CD cases to store the media. Ensure you keep the burnt media out of the sun and away from heat sources. Label the media with an indelible marker, adhesive labels tend to have bubbles and ridges which can cause your CD to get stuck. If you cannot remove a cd, insert a straightened paper clip into the little hole you will see on the face of the CD/DVD burner.

As with all methods to remove viruses, multiple tests ensure the viral infections will be identified and then removed. There is no single test by which all viruses can be seen then removed. A multiple systems procedure takes more time but then increases the probability of seeing then removing the Malware. The experts who have created these removal tools also have described best practices the clean and repair your infected computer. By reading their instructions you dramatically improve your chances of success.

Additionally, ISO's can be restored to USB Flash Drives and then booted if the computers BIOS is tweaked to look at the bootable drive before attempting to boot from the infected hard disk. Not all computers allow one to boot from a USB Flash Drive, but many if not most the newer computers allow this method. Review this YouTube video youtube.com/watch?v=jdIKHdcMA0Y to see how one tech used this method to create an UBCD4WIN bootable flash drive.

WARNING: USB Flash drives can be infected with viruses. Ensure you use a flash drive that allows you to Write Protect. Typically there is a switch on the USB Flash Drive that when switched prevents anything to be written to it. Otherwise, if your Boot sequence isn't correct you might infect the USB Flash Drive and then infect every computer into which the stick is plugged into. Please review this URL before infected your other computers tomshardware.com/news/usb-flash-virus-secure,6564.html Please don't spread your malware infection because you are impatient and don't want to purchase a write protected USB Flash Drive!