Toolkit

Anti-Malware Removal: On-Demand – You need to run these manually to detect and remove malware

Malwarebytes Anti-Malware – Free version

SuperAntiSpyware – Free version.

ComboFix – Amazing little app for removal. Can detect lot’s of malware (including rootkits) and remove them. OS corruption can happen, although it’s pretty rare and usually nothing that a system restore can’t resolve.

TDSS Killer – removes TDSS rootkits and attempts to restore uninfected drivers. It’s not perfect. Sometimes it’ll remove the rootkit and it’s not possible to restore the un-infected driver. In that case you’ll want to use something like an UBCD4win to replace the deleted driver.

GMER Anti-Rootkit – It’s another rootkit scanner that I run as a second opinion after TDSS killer.

Rkill – Terminates malware processes (most rogue/fake applications) so that you can manually delete the malware or run an on-demand scanner.

Anti-Malware Prevention and Removal: Real-Time – These are allows updating, scanning and protecting your computer without you lifting a finger. Some are free and some are not.

Malwarebytes Pro – all the power of the Malwarebytes free scanner with always on protection. One of the best ways to spend $24.95.
Comodo Internet Security

Anti-Malware Boot Disks - Malware is completely unprotected and at your mercy

Dr Web’s CureIT Live CD – Great for detection and disinfection

Kaspersky Rescue Disk – Great for detection and disinfection

UBCD4WIN – Fully customizable bootable environment. You can load and scan with as many anti-malware applications as you want to.

Sardu Boot Disk – I haven’t used this yet, but I assume it’s another type of UBCD4WIN

Michael.B (Queensland, Australia)
Malwarebytes
Dial-A-Fix
Windows MiniPE (Boot from a CD or Flash Drive)
HiJackThis
C. C.
Saw your YouTube Video on Comodo Firewall, To make your next installation a little easier if you will look in Program Data under Comodo Downloads you will find the app installation file. You want have to download it every time you want to install. Tip I don’t use Comodo AV but if you will run the firewall in proactive mode and you will get the best protection.
Cantrell Computer Services
How do you guys feel about Threatfire as a second level of protection?
C C
Have tried Threatfire as layered protection and didn’t really like the results. I prefer running Immunet or Immunet/Clam AV as second level. Both are Cloud AV’s and made by the same vendor. Very small application and light on resources.
I use ESET NOD 32 as my primary AV and Immunet has caught everything that has slipped by NOD 32.
http://www.immunet.com/protect
http://www.clamav.net/lang/en/

malwarekilla
Clam-Av…lol…open source was never so bad.

C. C/
Oh well! It works for me and has a fair detection rate and my computer hasn’t been infected. Check it with Malwarebytes and SAS daily. I would rather trust ESET and Clam/AV than AVG, Avast, Avira, Microsoft AV which is junk.or other freebies. .
http://informatorultau.blogspot.com marsse
You should know that Avira and Microsoft Security Esentials are the best antiviruses. In addition to this, any supplimentary protection (like a firewall) will work with those two without any problems. I am waiting for the second part of the Comodo Internet Security review. Good luck, Matt!
C C
Hi Matt
Have tried those products and don’t care for them. Hitman Pro 3.5 has even removed Avira from it’s application.
I think you will be pleased with the results from the Comodo v4 review. Proactive mode is best way to run that firewall.
You can see the results from the latests firewall comparative at.
http://www.matousec.com/projects/proactive-security-challenge/results.php
C C
Mario
Hi Matt
I was wondering if you could help me understand why I’m not able to install Kaspersky Internet Security 2010. I was able to download it from the website. When it comes to the point where the ‘ File Progress’ windows opens, the installation is interrupted 5 times and ends with a message that says ‘ rolling back action’ . When that finishes I get a window that says ‘ Installation interrupted ended prematurely because of an error’.
I have uninstalled Mcaffee which was the previous anti-virus and also used CCleanner and Power Tools Lite. My computer has got a lot faster but it is still unable to install Kaspersky. I have 6 GB of free memory.
Do you know how this can be fixed ?
Appreciate your help.
C C
Mario
You can send an email at askus@remove-malware.com
Hope that is the correct address.
C C
Mario
Thanks for the tip. I have sent the email today.
Jerry Diecidue
Mario,
From your comments, it does ntot sound like you downloaded and ran the Mcafee uninstall tool which is needed in orfder to install a different AV program, especially KIS 2010 (is VERY sensitive to other AV programs.
The easiest thing to do is google “mcafee uninstall (or removal) tool and go into the result that brings you to the mcafee support site.
Download the tool and run the uninstall tool which will remove some hidden files that regular windows based uninstall programs always leave behind.
Let me know how that works.. By they way, I run KIS 2010 and am pretty happy with it..
Bryan
I found a good combination for me to be Microsoft Security Essentials, Threatfire, and Immumet. All seem together see to run pretty good. I have done some antivirus tests myself and nothing has slipped past all three. I also run malwarebytes a couple of times a week. bryan
C C
Sounds like a good setup Bryan. I’ve had to change things here on my PC also. ESET NOD 32 was not detecting Malware (URL Testing) and was having to many false positives. I changed to Panda Cloud AV (Free) after running a 15 URL (Malware Domain List) test on it,.
Results
10 Trojans detected
4 Adware detected
1 Trojan (Load.exe) missed and was very easily removed will Malwarebytes.
Changed firewalls also. I have run Comodo for the last three years but since the new release v4, it is still to buggy and I switched to Online Armor 4.0 Premium.
C C
Mario
Jerry
I ran the mcafee uninstall but it didn’t help. The problem does persist. I have written to kaspersky.ie.cs@digitalriver.com. I hope they respond.
Thanks for trying to help.
C C
Mario
You might try going to Computer/Local Disk C/Program Files/ and look and delete the files that your previous Kaspersky installations.Don’t know what OS your running but if it Vista otr Windows & you can check in Program Data file and delete those Kaspersky installation files also.. To get to Program data folder you will have do this first if your running Vista or Win 7. Control Panel/Appearance & Personalization/Folder Options/Show Hidden Files/under hidden files and folders select the option to show hidden files.and folders. Then go back to where you found the Programs Folder and the Program Data folder will be next one under Programs Folder. Open it and delete the Kaspersky Folder and files and try your installation again. If this doesn’t work go to the Kaspersky website at http://www.kaspersky.com.and go to the support page and fill out the online support form.
C C.
Morgan
i use to clean computer are Malwarebytes anti-malware, Superantispyware, combofix on xp and vista, Gmer for 32bit and Avira antivir Personal Free version and for live Cd Kaspersky Rescue CD and windows installation disc if the malware corrupt windows and use the product key on the computer of the person i using and reply back any that i should not use OK
Henk
Hi Matt,
Can you please tell me which remote software you’re using in helping out your customers. I found TeamViewer but I’m not sure about it.
From Greece, Crete…thanks
Henk
Gary S
I use Teamviewer. It works great. I just wish there was a Linux version also.
C C
Does anyone know anything about Mamutu Behavioural Blocker?
Mario
Hey guys:
Just to let you know that while running the Kaspersky antivirus tool kit just in case that was the cause of the ‘rolling back action’ I found a Symantec file that had not been deleted previously with the respective tool. After this, my son was able to finally install the Kaspersky Internet Security 2010. What a relief!
Thanks for all the help. Case closed.
Mario
Christos
I have KIS2010 and thats all.
jjbula
I use MSE with Threatfire and PrevX.
I’d like to use Panda Cloud instead of PrevX but I don’t think it’s compatible with MSE. I’m a still uncomfortable going with a cloud based AV as the core AV on my system.
I like AVs that scan all downloaded files and help keep you away from known bad websites. I don’t think Avira does that. Avira seems to have trouble with infected computers but is known to defend a clean system fairly well.
C. C.
Avira using dirty redirection tactics to redirect people looking for Avast to the Avira website.
http://www.avast.eu
Malware removal tools downloads at GeeksToGo.com
Malwarebytes, Combofix, Vundofix, SUPERAntiSpyware and more.
http://www.geekstogo.com/forum/Anti-malware-Tools-downloads-cat6.html
C. C.
Comodo Internet Security v4 not Bullet Proof according to Moderator at Comodo Forums
Allows possible malicious files to drop through sandbox and install on PC.
https://forums.comodo.com/virusmalware-removal-assistance/problem-with-cis-t54628.0.html
C. C.
T. Teller
Hi Matt
You said Returnil was made by Comodo during your recent Shadow Defender Review. Think you better look again,
http://www.returnilvirtualsystem.com/
Contact Information
Finland – Sales and Online Operations
Fredrikinkatu 45 A
00100, Helsinki, Finland
Phone: +358 442056919
email: finland@returnil.com
USA – Administration
email: usa@returnil.com
China – Sales and Engineering
1306 Room
Huijie Plaza
Xuanwu District, Nanjing city, China
Phone: +86-25-83196308
Fax: +86-25-83196309
email: china@returnil.com
Russia – Engineering
Office 328C, Building 3
15 Kondratyevskiy Prospekt
St.Petersburg, 195197, Russia
Phone/Fax: +7 812 4585601
email: russia@returnil.com

malwarekilla
@Teller – yeah, I mis-spoke. I had comodo time machine on the brain at that time.

C. C.
Outpost 7 Public Beta Testing Is Underway
http://www.agnitum.com/lp/outpost-7-beta.php
C. C.
ZoneAlarm Pro Promotion – One day only-April 13th
License valid for 1 year (4/13/10 to 4/14/11).
License valid for 3 PCs, new customers only, 1 per customer
http://promotions.zonealarm.com/security/en-us/cdn/pt/index.htm
IDENTITY GUARD® Basic ProtectionSM in also available for free for one year but must enter personal info and give credit card info..$4.95 charge per month after first 12 months if you decide to keep IDENTITY GUARD®.
BOB MONTGOMERY
JUST PURCHASED NOD 32 SMART SUITE , SO NOW WHAT SHOULD I ADD ON, THEY SUGGEST MALWARE BYTES IN TANDEM W/ NOD , IS IMMUNET PREFERRED OR WHAT COMBO
SEEMS A2 BIT DEFENDER AND MAMUTU ARE GOOD CHOICES
WHAT SHOULD I DO , NOD 32 W/ MALWARE BYTES , IMMUNET
OR PANDA / ONLINE ARMOR
C. C.
I would add Malwarebytes Free or Purchased .and SuperAntiSpyware. If you purchased Eset Smart Security it already has the firewall and Online Armor and other firewalls want be needed. NOD32 is the Stand alone AV and you will need a firewall with that app unless you are happy with Windows Firewall There is another program called Prevx that you can run with Eset as a secondary line of defense. I would get the free version it will scan and let you know if malware is on your PC. The paid version will also block and remove. .
C C
Hi Matt
Found a Japanese AV in Beta online and it uses 4 scanning engines. 3 anti virus F-Prot, Bit-defender and Norman. Has a very large signature update after installation. It’s been checked and everyone says it’s not malware.
Free Download
http://www.coranti.com/
C C
Malwarebytes Anti-Malware Version 1,46 Released Today.(4/29/10)
C C
If your a Comodo user you need to read this post by one of Comodo’s very own Malware Researcher or as of now, former Malware Researcher. The truth about these products is finally coming out..
http://forums.comodo.com/general-discussion-off-topic-anything-and-everything/the-reason-for-leaving-experience-t55867.0.html
John V
Re: http://remove-malware.com/toolkit/
Avira using dirty redirection tactics to redirect people looking for Avast to the Avira website.
http://www.avast.eu
C. C. March 31, 2010 at 2:37 pm
avast.eu might not be set up by Avira. See:
http://www.mywot.com/en/scorecard/avast.eu
Warning! This site has a poor reputation.
– “Phishing or other scams”
– “Ethical issues”
NormanSecuritySuite!!
Are you actually going to update this part Matt? xx
http://www.runescape.com spj18
hey matt i watched the panda av test vid the av kinda sucked ermm idk a good av tbh if u need help search malwareup.selfip in google and join teh site my mate owns it he tests dos viruses and stuff might help u out hope to see you then
Ben
Hello,
My computer got infected on July 2, 2010. I followed ur videos on youtube and swep my computer of the viruses. But now, i don’t have any internect connection and it wont connect cause it can’t find the IP Address? Does anyone know how to fix this problem??
Jerry Diecidue
Ben,
Some malware will change or add a proxy to your internet settings which will block internet access… Matt has instructions on how to fix this. I will copy and paste here…
Once you remove the rogue the proxy settings stay in place and that means you can’t get to the internet. Fixing this is really easy.
Open Internet Explorer
Click Tools
Internet Options
Connections
Click Lan Settings
Uncheck the first proxy server setting
Click OK twice.
You should be able to get on the internet with any browser now.
This was taken from here… http://remove-malware.com/antimalware/anti-malware-howto/cant-access-the-internet-after-removing-a-rogue/
Hope this helps
James
I personally like MBAM Paid instead of the free version, just for it’s IP blocking. Norton 360 does the dirty work with SONAR and the firewall on agressive, including heuristics.
I am not really a believer in cloud AV, as despite it’s light load on the box, the constant internet connection means you’re helpless if you’re infected badly.
Ben
Jerry, bro, your awesome!! Thanks alot bro!
A48GOBLEN
what do you think about drive sentry an also what is you opinion on sd-fix
faq
how to download viruses for testing some antiviruses
Bobby V.
Chello, Matt. Saw yya post about Panda cloud on youtube, problem is audio is low, so I had to turn vol. up! Like what what you say about Avira version 9 which is what i use, and have for more than 5 yrs. Took look at Avira ver. 10. Not too please on some of the changes that was made. For instead, an extra window to close at the end of a scan. Unless that can be configure to where it will be as it is in ver. 9, not mention ver. 8. It remind me of older version, when I start using Avira personal free. I as of yet to find out if it can be reconfigure or not. Otherwish, it is one of the best freeware antivirus, I have use since the day’s a dos, when I was using Norton.
BV
Matt
Panda cloud full version is incorporated into the panda antivirus pro which protects you even if the license expires because it still uses cloud and has all the other gismos. Full protection with no updates but clouod support and free-best combo.
kev
once they implement DACS into Comodo’s antivirus it will be the best av bar none because will be able to scan unknow files with all av engines eventually and i’m sure they’ll make it to where it will scans both unknown files running both in and out of memory and theres nothing the other av’s can do about it that i know of
kev
once comodo gets DACS and they make it scan all unknown files in and out of memory with DACS then comodo will have the best av engine because it will use all av engines. it’s like having virus total scan your whole computer. you can read about DACS and killswitch based on processhacker on comodo forums. those 2 things are in comodo’s new project called comodo cleaning essentials (cce). it will be bootable. so you can say bye bye to having to make a ubcd4win all the time and having to have a xp disc to make it. this will be ubcd4win on steroids because you download it once (no install required) run it, update it, scane it and done. you just killed all malware. and i think it’s coming with repairs built in kinda like SAS so you fix setting malware changed while it was on the system. comod will save the world.
athithan
after avira’s license expires is it just going to stop working or like avast can i get a another license? thanks
Alan B.
Sardu is more like a combination of different, bootable Anti-Malware boot discs. However, you can put different things such as different linux distros, and different utilites such as Ophcrack.
Bry
@malwarekilla That’s a simple well-rounded list so far.
UnHackMe (http://greatis.com/unhackme/) should definately get added to the list. It’s perfect for removing those nasty driver rootkits on boot.
NOTE: if you don’t know your drivers be very careful!
http://www.youtube.com/user/godanddevilsucks?feature=mhee Trying2singopera
do you recommend Comodo Internet Security 2012?…..I have heard too many bad things about it……please comment

Toolkit

Search for it…

Subscribe / Connect

Recent Posts

Pages