Malware removal software - any recommendations?

[Techniquest]

Hi all,

I'm currently using AVG to do a full virus scan on the laptop, and the results are, shall we say, less than positive. Many, many instances of files being infected with trojans it appears, pretty much all between the following three:

VBS/Generic
SHeur3.AQRA
Win32/Zbot.A

Problem I now have is curing the laptop of these ills. I should point out that I have AVG automatically scan the whole system once a week, so I'm annoyed it's not found any problems until this morning. They've all crept past ZoneAlarm somehow too, which I also find annoying.

However, I'm in need of advice on malware removal software. Anyone out there got any recommendations on software that works?

Thanks in advance all.

EDIT: Hmm, that's interesting. Upon completion of the scan not long ago, the end report said it found 67 infections, with 66 'healed' (which means moved to Virus Vault) according to AVG. One could not be healed, so further information was asked of it. I noted that it's in Google Chrome (that's getting uninstalled at the first convenience!), the filename ending "chrome.exe (356):\memory_20010000". Apparently the object is inaccessible, and is infected with that Zbot.A trojan (VBS/Generic is a virus apparently). Why it can't remove that last infection I don't know, odd.

 

[flymo]

Some info on the chrome executable file here.

http://comprolive.com/remove/harmful/exe/chrome-exe

I have no affiliation with this and as always use any or all such information at your own risk.

 

[BlythPower]

Malwarebytes should be good for detecting any nasties left after you've run AVG. Stay off the mucky sites in future!

 

[blackfive460]

Add SpyBot S&D to the list and would also add my vote for MalwareBytes. It's often necessary to run more than one malware removal tool to completely get rid of these. Make sure you update whatever you use with the latest definitions.

 

[Techniquest]

Downloaded and installed Malwarebytes, hopefully that'll get rid of the problems for now at least.

I'm not a fan of Spybot Search and Destroy from previous use of it, on another system, where whilst it would find infections, it didn't ever actually do anything.

The Chrome thing, I'll check out shortly.

I'll report back in a bit when Malwarebytes has completed a full scan. Thanks for the replies everyone.

 

[Geezertronic]

What have you been doing to get a virus (just being nosey )?

And what type of Internet connectivity do you have? I found that my wireless router (which plugs into the Virgin Media box and holds the external Internet IP address) tends to block 99.9% of virus attacks (my internal devices have 192.168 IP addresses) and the only attacks I could be at risk of are the ones where I click on something to cause it.

 

[Wyvern]

Are you using Windows?

Do you have the Malicious Software Removal tool?

 

[ukrob]

Once you are clean I would ditch AVG - it is bloated and not particularly good. Microsoft Security Essentials (free) is now one of the best.

 

[oldrailman]

Hi all, I got my laptop about a year ago and went straight for Norton 360 as I had already heard how good it was. It does a thorough job on disk cleanup and quickly identifies suspect websites. It has already stopped me going into several sites with a security risk. Cost is £54 a yearly subscription which covers upto 3 PCs, plus it will automatically update with latest security and antivirus downloads. It is active all the time your PC is switched on, constantly monitoring. As a recommendation, I trust it completely. Purely my personal view, but hope it hasn't muddied the waters as regards your choice.

 

[ukrob]

Norton is WORSE than free alternatives in addition to being very bloated and expensive. It is widely regarded as one of the worst anti virus programmes. You are paying £54 for nothing when free alternatives are better.

 

[oldrailman]

Norton is WORSE than free alternatives in addition to being very bloated and expensive. It is widely regarded as one of the worst anti virus programmes. You are paying £54 for nothing when free alternatives are better.

Well, I only know I've not had a day's prob with it, but thanks for your input.

 

[ukrob]

Well, I only know I've not had a day's prob with it, but thanks for your input.

I should add it is not opinion that it is not as good, it is fact, from regular checks on anti virus software's detection rates

When your year is up, please don't pay for it again when others are better and cheaper.

 

[mbonwick]

For getting rid of stuff that over programs have identified, ComboFix is my tool of schoice.

 

[MidnightFlyer]

Norton is awful, McAfee probably the best, but to be honest, if you stay on mainstream sites, and those you know are 99.9% unlikely to be infected (such as this etc), you should be OK, I know plenty of people with no security at all, and they are all fine

 

[Dai.]

Norton is WORSE than free alternatives in addition to being very bloated and expensive. It is widely regarded as one of the worst anti virus programmes. You are paying £54 for nothing when free alternatives are better.

Yes, this is true, Malware is a pest as well, you might want to try http://www.microsoft.com/security/malwareremove/default.aspx microsofts own version of malware removal.

 

[Geezertronic]

Norton is awful, McAfee probably the best, but to be honest, if you stay on mainstream sites, and those you know are 99.9% unlikely to be infected (such as this etc), you should be OK, I know plenty of people with no security at all, and they are all fine

McAfee is almost as bad as Norton. Work use McAfee and for some reason it thrashes the CPU when doing an update which means every day at around 5pm, my laptop and servers run slow almost in unison

 

[Broken Viking]

Hail, Techniquest!
I must admit that I like to keep things as slim and light as possible on the system services front as I like to keep my Windows installations as unfettered as possible. That said, here's how my system security setup looks:

• Restricted user account in Windows: For general computing and system operation, I use a Restricted type account. In the event of alien code execution (Running of programs from "outside" that I wasn't aware of) this limits the scope of what such code can do, and usually restricts any settings changes to that account alone (But not always).
• AVG Antivirus Free is my usual anti-virus/anti-malware suite of choice. That said, the free edition doesn't have the same features as the paid version, and - Although it has found malware planted by myself when testing it before now - The free version is only advertised as an "Anti-virus" program, which isn't the same as an "Anti-Malware" program. (Virus != Malware, Malware != Virus...Though both share commonalities).
• Mozilla Firefox with the NoScript Addon and a very restrictive set of blocking rules for the latter is what I'd recommend for web browsing. A lot of sites don't play well with Javascript turned off nowadays, but all legit sites - Including RailUK (Which is one of the only three domains in my whitelist) - Will happily provide alternatives for users who turn Javascript off.
• Network protection is accomplished by using both the firewall built into my network router (Which has ports opened only for the services that I use) and a local Firewall on each machine on my network. This means that though I might leave Port 80 open to the Internet for service of web documents, all machines on my network bar the web server have that port blocked. Therefore, an attack on port 80 would only expose my web server to a (D)DoS attack.
  An additional benefit of this setup is that I can keep internal-use-only services (E.G: Remote Desktop and Windows File/Print) inside the network by making sure the relevant ports are blocked from outside by the router...Although if a targeted attack compromised one of my net-facing systems, it'd be possible for that system to then be used as a drone for running attacks from inside the network if I didn't spot the intrusion in time!
• Backups - To protect my essential data (Which thankfully is all plain-text files! ) from destruction in an attack - I backup to non electronic media...Either by dumping it to the printer as Base64 encoded output (Which could be scanned/OCR'd back in later if need be) or by writing smaller streams of data to punched tape. For most users with less stringent storage requirements than mine however, regular backups to an external HDD and twice-yearly backups to DVD-ROM should be adequete.

I'm currently using AVG to do a full virus scan on the laptop, and the results are, shall we say, less than positive. Many, many instances of files being infected with trojans it appears, pretty much all between the following three:

VBS/Generic
SHeur3.AQRA
Win32/Zbot.A

The annoying thing about AVGs detection of "VBS.Generic" viruses (Basically; Any virus written in Visual Basic script) is that AVG has a habit of jumping on any VB script that can perform a file read/write or execute a program. As I use VB scripting extensively for internal batch jobs (Far quicker/easier than compiling a program every time) I've often found that AVG has a habit of false alarming on half of the code that I've crafted from my own hand. As a consequence, I have to disable AVG's resident protection before running or devving any of my scripts...

And what type of Internet connectivity do you have? I found that my wireless router (which plugs into the Virgin Media box and holds the external Internet IP address) tends to block 99.9% of virus attacks (my internal devices have 192.168 IP addresses) and the only attacks I could be at risk of are the ones where I click on something to cause it.

Bear in mind that a firewall only protects against attacks instigated from the Internet, and doesn't stop viruses/malware coming through. If an attack or infection is kicked-off by a download of some kind (E.G: A malicious program downloaded to thy browser by on-page Javascript) the firewall won't protect against it at all. This includes botnet and other "Hijack" programs where the downloaded malware periodically opens a connection from your PC (I.E: From Inside your network) to the botnet server...Not the other way around, as many people seem to think!

Farewell...And hope this helps!
>> Death <<

 

[Geezertronic]

Bear in mind that a firewall only protects against attacks instigated from the Internet, and doesn't stop viruses/malware coming through. If an attack or infection is kicked-off by a download of some kind (E.G: A malicious program downloaded to thy browser by on-page Javascript) the firewall won't protect against it at all. This includes botnet and other "Hijack" programs where the downloaded malware periodically opens a connection from your PC (I.E: From Inside your network) to the botnet server...Not the other way around, as many people seem to think!

The most common type of attack is porn scanning these days which gets blocked on my router (since there are no port forwards configured). The only way any system on my local network can be compromised is by something I click on.

PS: I am an IT Consultant by trade and design, build, configure and secure Internet-based systems for a living

 

[Techniquest]

Sorry for the delayed reply, been busy playing Racedriver Grid since I last posted.

Well MalwareBytes, whilst it did find 2 infections and did something with them, it didn't cure the problems I've been having. Someone else on another forum recommended StopZilla, which I installed and got onto the task of scanning.

It found 2 infections MalwareBytes didn't find at all, however during the scan I encountered a problem. The fan's gone and stopped working, so no matter what I do with the laptop, it overheats rather quickly. When it overheats too much (usually between 2 and 3 hours after booting up), the system shuts down. Which occured twice whilst running StopZilla, which by then had now found 9 infections, 7 of which were repeats.

I've not tried running the laptop again yet, as I now either need to get a new fan installed (not cheap!) or a laptop cooler device that sits under the laptop. That's not as expensive, but still out of my price range as things stand.

Thanks Death for your informative post, although some of it went whoosh over my head I'm afraid! Sounds like you've got things sussed with protecting your system. For the record, I also use AVG Free. I've also got ZoneAlarm on, which I thought would help protect me somewhat but evidently not.

I connect to the Internet via a Netgear wireless router, which is connected to a Virgin Media non-wireless router.

I found too that all of the problems I was having only started after reading the Daily Mail article in a thread about some professor getting bowled out by ticket restrictions at Darlington. About 30 minutes later, whilst continuing to read the thread, AVG went mad! Advice read elsewhere has suggested it's possible some dodgy code could have been embedded into a Temporary Internet File/cookie after reading that article, with it kicking things off.

So I'm now going to be clearing my Temporary Internet Files folder out daily, same for cookies. However, I need to find a permanent solution to my cooling needs for the laptop first (I'm posting this on a mate's PC), until then the laptop is, in my eyes, OOS.
--- old post above --- --- new post below ---
EDIT: I've been seeing quite a few people here and elsewhere recommending Microsoft's security tools. I might well give it a go then.

Also, thanks to everyone who's contributed to this thread

 

[ainsworth74]

or a laptop cooler device that sits under the laptop. That's not as expensive, but still out of my price range as things stand.

A cheap workaround that I've used myself several times when money has been tight is to rather than buy a cooling tray do the following. Prop up the laptop on some sort of desk, either with supports at all for corner or just two at the back, try to get a gap of around an inch or so underneath. Then simply find electric fan of some sort (doesn't really matter what sort) and aim its air flow underneath the laptop through the air gap that you now have. That will hopefully cool your laptop for not much at all (assuming you have a fan already). It isn't elegant and it isn't portable but it works.

 

[Broken Viking]

I found too that all of the problems I was having only started after reading the Daily Mail article in a thread about some professor getting bowled out by ticket restrictions at Darlington. About 30 minutes later, whilst continuing to read the thread, AVG went mad! Advice read elsewhere has suggested it's possible some dodgy code could have been embedded into a Temporary Internet File/cookie after reading that article, with it kicking things off.

It could just be coincidence of course...But if that was the case, it sounds like someone's managed to XSS attack the Daily Mail page somehow, or trojanised it. Either way, I'd suggest that anyone who read that page without an active script blocker perform a full malware scan just to be on the safe side.

If I find myself with time later on (Not likely...I've been on this thing for three hours today already!) I'll have a peek at the page in question and see if I can spot 'owt.

 

[Techniquest]

Nice one. It could of course be coincidence, but my level of trust is rather low!

I gave up with the broken fan yesterday, and the fan we use for cooling the place down when it gets too hot is also broken, so no good trying that one. I did try just propping it up and seeing if a bigger airflow would help, but not really. So I'm currently trialling a mate's laptop cooler, it works like a dream!

So I took the chance to wipe out the problems and use the system recovery program that comes with the laptop. That seems to have done the trick of removing the problems, although I forgot to backup my photos, which means I've lost several hundred of them AVG and ZoneAlarm are, of course, installed and running again, and Firefox now actually loads and works!

Now to decide with spyware and/or malware scanning software to download and install, ready for future attacks. I'll still be ensuring I clear out my Temporary Internet Files and cookies folders regularly mind. I've got the ZoneAlarm toolbar installed and operating in Firefox too, which supposedly checks webpages to ensure they're safe to view. No problems so far with anything I've viewed, although you'll have to forgive me for being paranoid!

Thanks again chaps for the advice.