Wednesday, July 7, 2010

My Latest Malware kit

Over the the years I’ve found malware getting harder to defeat every time I try to disinfect a machine. A few years ago running AVG antivirus and Spybot Search and Destroy, pretty much did the job. But in the last 2 years or so I’ve had to refine my techniques as malware became more prevalent and harder to remove.  It seems organized criminals are now the driving force behind most of the “quality “ malware out there. There’s big bucks out there to be made stealing peoples identities, or turning their computers into spambots.

Last year I blogged about turning away from my old reliable programs and how I had adopted some new tools for doing automated cleanups. This year I’ve picked up some new tools, largely in response to what I was seeing when trying to clean up some really horribly infected machines.

My tools are similar to what I was using last year,Malwarebytes and Superantispyware   are still my favorite tools. Only one change there really, Superantispyware now is my primary malware tool. I was getting consistently better results with Super and it was removing many issues that Malwarebytes could find but not remove. Superantispyware also comes in a portable version, I keep a copy on a thumb drive for emergencies. For an antivirus I’m using Microsoft Security Essentials, its free, lightweight and effective which meets all my requirements. For a paid antivirus I like NOD32 from Eset, NOD32 is the best AV in my opinion and I will install it on users computers who are prone to getting infected. http://www.eset.com/. NOD32 is reasonably priced and if you’re going to pay for an AV, this is the way to go. http://www.superantispyware.com/ , http://www.malwarebytes.org/

These tools are going to do a great job of protecting most peoples computers if they are reasonably competent online. If a computer comes to me that’s really badly infected, I’ll first run Kaspersky rescue boot CD. Kaspersky Rescue CD is a Linux based Live CD that runs the Kaspersky antivirus prior to trying to boot into Windows. This can be very time consuming, in one case it took 27 hours and Kaspersky found over 1500 infections, but afterwards I was able to boot into Windows and run my regular tools which found another 150+ after 3 reboots and scans. But in the end the machine was clean.

Another program I use as a second opinion is called Hitman Pro.http://www.surfright.nl/en/hitmanpro  Hitman Pro is cloud based scanner that uses Esets cloud based scan as well as 3 others to double check your computer after a cleanup. I just started using Hitman Pro, but so far I’m very impressed. Lastly I use Process Explorer and Autoruns from Sysinternals, now a Microsoft property. Learning to use the Sysinternal tools takes time, but its time well spent for anyone who wants to get serious about knowing what goes on, on their computer. http://technet.microsoft.com/en-us/sysinternals/default.aspx