Jump to content

EXPERT Malware Guide !

operat0r_001

By operat0r_001
in Security

 Share

Recommended Posts

operat0r_001 Newbie

operat0r_001

Posted
Posted

Most my scripts are for XP only !!!

my quick notes on malware removal

* in normal mode run this cleaner http://rmccurdy.com/scripts/quickclean.exe ( temp/password/cache file cleaner that supports multi users )

* boot safe mode with networking support

* do a fast scan http://www.pandasecurity.com/homeusers/solutions/activescan/

* if it finds anything buy an account and scan again and clean

* do a fast scan to make sure it does not find anything. ( if it finds items after a second scan and clean you need help from a pro )

* do a full scan and clean if you want to run a fast check again to make sure nothing is still running before you boot normal do it.

* boot normal mode and look in process explore for any badies ...

more advanced stuff:

* http://rmccurdy.com/scripts/quick_reportNkill.exe ( reports all dlls and task then kills all task from the user that run it FROM system basicly to quicky find malware I run this and anytihng left over is a service or malware )

* open and run http://rmccurdy.com/scripts/procexp%20as%20system.exe ( it runs process explore as system ! AKA you can kill any task :P )

* search process explore for any unknown exe's and kill the handle .. if you cant kill the handle then kill the task..

* if you get the "windows is shutting down" countdown type in command prompt 'shutdown -a' it will abort the shutdown and you can continue the search ..

* for root kits I use sdfix just google and follow the directions...

* check system32 folder order by DATE and look for any NEW files "EXE and DLL especially" and move them to a backup folder ( just in case windows will not boot ) basicly if its malware you will see like 10 files all dll and exe types maybe some other extention so you just grab them all..

* LUA !!! ( more info here http://rmccurdy.com/email.html )

* always check and backup the sevices key and run keys for badies !

any questions you have just reply to the thred I can help anybody just dont @#^T%ing reinstall .. you just going to get owned again.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...