operat0r_001 Posted November 18, 2008 Share Posted November 18, 2008 Most my scripts are for XP only !!! my quick notes on malware removal * in normal mode run this cleaner http://rmccurdy.com/scripts/quickclean.exe ( temp/password/cache file cleaner that supports multi users ) * boot safe mode with networking support * do a fast scan http://www.pandasecurity.com/homeusers/solutions/activescan/ * if it finds anything buy an account and scan again and clean * do a fast scan to make sure it does not find anything. ( if it finds items after a second scan and clean you need help from a pro ) * do a full scan and clean if you want to run a fast check again to make sure nothing is still running before you boot normal do it. * boot normal mode and look in process explore for any badies ... more advanced stuff: * http://rmccurdy.com/scripts/quick_reportNkill.exe ( reports all dlls and task then kills all task from the user that run it FROM system basicly to quicky find malware I run this and anytihng left over is a service or malware ) * open and run http://rmccurdy.com/scripts/procexp%20as%20system.exe ( it runs process explore as system ! AKA you can kill any task :P ) * search process explore for any unknown exe's and kill the handle .. if you cant kill the handle then kill the task.. * if you get the "windows is shutting down" countdown type in command prompt 'shutdown -a' it will abort the shutdown and you can continue the search .. * for root kits I use sdfix just google and follow the directions... * check system32 folder order by DATE and look for any NEW files "EXE and DLL especially" and move them to a backup folder ( just in case windows will not boot ) basicly if its malware you will see like 10 files all dll and exe types maybe some other extention so you just grab them all.. * LUA !!! ( more info here http://rmccurdy.com/email.html ) * always check and backup the sevices key and run keys for badies ! any questions you have just reply to the thred I can help anybody just dont @#^T%ing reinstall .. you just going to get owned again. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.