1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virus Removal??

Discussion in 'Software' started by elli5on, May 15, 2007.

  1. elli5on

    elli5on Kilobyte Poster

    340
    0
    33
    Just a quick query more than anything guys..... How do you remove your viruses?? And more to the point, how do you detect them?? Which files do you look into, and what interface or structue do you follow to remove them??
     
    Certifications: A+ N+
    WIP: Thinking of MCDST
  2. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Best to try and prevent your PC getting a virus to be honest! :biggrin

    I’m using NOD32 anti-virus which so far has been great. In regard to virus removal there is generally options in the AV software for what is to be done with infected files, such as delete or quarantine.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  3. elli5on

    elli5on Kilobyte Poster

    340
    0
    33
    So sparky. You are actually saying you have full faith in Anti Virus software?? And how about those who dont actually have an anti virus.... Clog up there pc with viruse's and then the pc begins to slow down immensly. What process is ''in your opinion's'' ideally the best way of removing... Or even finding which files contain viruse's??
     
    Certifications: A+ N+
    WIP: Thinking of MCDST
  4. elli5on

    elli5on Kilobyte Poster

    340
    0
    33
    And dont worry, my baby is virus free. I keep him cleaner than soap.

    Just curious, as somtime's i find that an anti virus does not always remove all viruse's
     
    Certifications: A+ N+
    WIP: Thinking of MCDST
  5. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    In a work environment you can invest in a decent firewall that can block viruses and spyware. In regard to PCs lock down IE (no ActiveX for example) and also filter email before it gets to the users inbox.

    No system is perfect but prevention can help.

    If the PC is full of viruses (say it was a home based PC and loads of crap has been downloaded and installed) and running slow unfortunately the only way to be absolutely sure is to format the hard drive and start over.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  6. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Thats true. If you read some of the AV reviews in PC magazines you generally find that some AV products miss certain viruses when they are tested.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  7. elli5on

    elli5on Kilobyte Poster

    340
    0
    33
    Yep, Just as i thought. See a friend of mine has brought over her pc. Now the scan anitionally showed 13 viruses. To which i duly obliged in removing them ''As you do''.

    Another problem was everytime the pc booted, the system32 folder always seemed to open as soon as it entered into window's. I simply ran a system restore before removing the virus, which appears to have stopped the particular folder opening. Would you say that's done the job?? Or should i dangle the old wreck outta the window, and drop!! LoL

    Just findit starange that some pc companie's advertise virus removal. Are they simply running an anti virus?? Or do they know something we dont
     
    Certifications: A+ N+
    WIP: Thinking of MCDST
  8. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    See, here's the thing with AntiVirus companies. They all have a vested interest in selling you the ol' "YOUR PC IS INFECTED AND MUST BE CLEANED!!! EVERY 5|<r1Pt |<1DD13 IN MALAYSIA KNOWS ALL YOUR BANKING PASSWORDS!!! THE END OF THE WORLD IS NIGH!!!" routine. Witness the berk from Sophos that they wheel out on telly every time there's a Worm outbreak trotting out the prophecies of doom.

    This is usually followed by a round of bunfighting between them all giving it large about how they were the 'first product to detect so and so virus' and that only their product has the latest and greatest neuralheruristicnetworkvirtualsandbox technology which allows them to analyse every computer connected to the InterWeb every five milliseconds and report back to their 800 teraflop storage warehouse in a bunker deep inside a mountain in Antarctica.

    In reality, most of them have pretty much the same effectiveness ratio - some deal with threats quicker than others, but the vast majority of vendors respond to a new threat within 24 hours and ALL of them should clean the bog standard (ahem) 'viruses' that most ordinary users would fall victim to (most aren't even viruses per se - despite what the AV client reports - they're usually spyware or trojans). The only thing you have to decide is which company's product interface pisses you off the most. Personally, for me, I wouldn't touch anything released by Slimeantec with a bargepole - Norton is the most hideous piece of shite I've ever had the misfortune to use - but I'm sure there are people who would give you the oppostie opinion.

    There are seven things I like to tell people when they are worried about getting viruses/have had viruses and had to go through the painful process of reinstallation/system cleansing - Zeb's 'Seven Steps To Computer Security On That T'internet':

    1 - Stop looking at porn on the Internet
    2 - NEVER click 'OK' or the 'X' to close a pop-up - ALWAYS kill it from the taskbar
    3 - Stop looking at porn on the Internet
    4 - Use Firefox
    5 - Stop looking at porn on the Internet
    6 - Don't use Kazaa or other cruddy P2P software
    7 - Stop looking at porn on the Internet

    Hope that little stream of consciousness babble helps. For what its worth, any PC that was reported as having 13 separate viruses is highly unlikely to have been successfully cleaned totally. You might tell your friend that they are heading towards 'Format & Reinstall Country'
     
    Certifications: A few
    WIP: None - f*** 'em
  9. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Quoted for Truth.

    For #2, you can also use CTRL-W to close a pop-up window.

    And stop looking at pr0n on the Internet.

    Not to mention the rootkits which are most likely silently hidden that WON'T be detected... simply because they mask themselves from the OS itself.

    I currently use TrendMicro for my everyday virus protection.

    How do I remove viruses? Depends on the virus and how it's deployed. Even if a virus is automatically quarantined or removed, I *always* check to see what damage has been done, if any... starting by checking for strange processes running on the computer, then by checking the startup areas of the Registry (I'd highly recommend you familiarize yourself with HKLM/Software/Microsoft/Windows/CurrentVersion/Run, RunOnce, and RunOnceEx). Some viruses can be removed by stopping the process and deleting the corresponding file. Others require a more rigorous removal procedure, especially if the virus process respawns as soon as it's deleted. But regardless of the virus found, I'll Google its file name to find out what damage might have been caused and how others have removed it.

    ...all that said, if you've got a rootkit, you'd best salvage data, perform a complete wipe, and reinstall from scratch.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  10. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Oh yeah - Rootkits are super little things. Gotta love something that hides so deep down that the OS doesn't even know its there...

    You like Trend? We've got it as our bulk gateway scanner at work - I HATE the UI for it. It seems to have the most roundabout way of configuring rules I have ever seen. Not sure what the 'Home' version is like, but the corporate one has rules inside of rules on top of rules. All I wanted to do when I first took over managing it was configure it just to perform AV scanning - it took me the best part of two days to finally figure out how to turn off all the compliance bollocks that goes along with it. To this day I cannot find how to remove (or even raise) the restriction on the number of items a mail can contain without being summarily dropped from the process queue, nor can I find a way to bypass scanning of password-protected zip files from trusted senders...

    And as for manual removal - I've never had a virus or worm or anything like it on my network at home, so can't say how I'd go about getting rid of one in my environment. In the working world I've always either flattened the box and rebuilt it from scratch or reimaged it, depending on where I've been at the time. I love to look in depth at things like virus infections, and spyware (I used to spend hours cleaning CWS variants off boxes) but I just don't have the time at work really :(
     
    Certifications: A few
    WIP: None - f*** 'em
  11. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    I like Trend for home use, but I also didn't like the Enterprise UI. I almost didn't recommend it to the company I just left, but Symantec Corporate left much to be desired as well. After a one-on-one Webex session with Trend to figure out how to get the reporting features I wanted, I recommended the switch from Symantec to Trend. Call your Trend sales rep and tell them that you need some hand-holding support to get your stuff going right... they should hook you up quickly. After all, you don't have the time to dink about looking for the way to configure it correctly, right?

    TrendMicro is about to release their Enterprise version 8 (if they haven't already). They have supposedly rebuilt their anti-spyware engine from scratch after hiring the guys who created CWS Shredder. Thus, their AS capabilities should be vastly improved over their previous product as well as competitors. From what I understand, their technology is already present in TrendMicro Internet Security 2007.

    We usually reimaged virused boxes if I couldn't find and eliminate the threat within minutes... and if we had a recent working image. Sometimes it was easier to pry the virus out than to reimage, then reinstall all the patches and apps and crap that had been applied since the previous image.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!

Share This Page

Loading...