• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos24 Stats

Malware Removal Forum Recommendations

I have re-checked all of the original forums that I recommended several years ago, with the following results and addition:


Q Malware Removal forum

Started by a former member of the Norton forum (Quads) and continued on in his memory by a Norton Guru and trained Malware Removalist (dbrisendine).  Not affiliated with any AntiVirus company and done on a volunteer time basis, all malware removal is under the strict guidelines of trained removalists only.  Other boards are open to public input but malware removal is controlled to protect the end user.  Helpful steps on Creating an Account and the Logs needed to start the cleaning / help process can be found here (link is external).

http://qmalwareremoval.freeforums.net (link is external)

Bleeping Computer:

Always very good.  They run scans to check the system first before any removals, they use the latest tools, and if they run into trouble, they have the ability to fix Windows problems as well.  They have higher level specialists to handle the higher level infections.  They will ask you to remove illegal software and u-torrent.

Because they are so well known, it can be a lengthy wait to get assistance.

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

WhattheTech

Are effective at removing malware.  They do run some tools prior to looking at what is in a scan to see what is happening first.  They have lost a few bits and pieces that had to be repaired later.  That can happen in removals anyway, but I like to see them take a look first.  They are using up to date tools. Again, all cracked or illegal software must be removed before they will assist and they will not assist in future.

http://forums.whatthetech.com/index.php?showforum=27

GeekstoGo

Good forum.  They have a few of Bleeping members as well.  Lots of experience there.  Check logs before beginning the removal, and do it carefully in steps.  Also very strict on pirated software, cracks, etc. 

Can be up to a 3 day wait.

http://www.geekstogo.com/forum/forum/37-virus-spyware-malware-removal/

www.CyberTechHelp

Not as active.  Schrauber is very experienced and handles the higher level infections, uses up to date programs, runs scans first.  Few posts per day.  Probably not a long wait time.  Same rules for illegal software.

http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

Emsisoft

They like to get a scan using their own tool first, but they don't push it on users.  They are just used to getting the most out of it.  They also have some Bleeping people on board.  They are very strict.  You have 72 hours to do asked or your thread will be closed.  No illegal software-everybody is the same on that one.  Nobody likes to waste their time.  Their tools are up to date and they are very effective.

http://support.emsisoft.com/forum-6/announcement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/

Always check a forum personally to make sure that they are active and use modern tools. Read a few posts to see if they have lost a few operating systems, and familiarize yourself with what to expect before posting for assistance.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain

Replies

Kudos2 Stats

Re: Malware Removal Forum Recommendations

delphinium, who would you suggest for users with limited understanding ?

I know some of these sites use very advanced tools, and may be confusing for newbies when it comes to following instruction..

Windows 10 Home X 64 Norton Security Premium Current
Kudos2 Stats

Re: Malware Removal Forum Recommendations

Most of them use printed instructions and macros that users can read.  The first set of instructions on all the forums, for instance, read carefully before proceeding, can be a bit daunting, but they have to start somewhere.  Once the user makes the first post, explaning that they are unfamiliar with the procedures, everybody slows down a bit to get them through it.

It is one reason why it is a good idea to read through two or three similar posts, where they can stop, look at there own machine and gain a bit of understanding ahead of time as to what will be required.  If they have too much trouble in handling the cut and paste, and tools, and downloads, they would be wise to have a friend over to help them.  There is only so much that can be done on a forum.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos1 Stats

Re: Malware Removal Forum Recommendations

Hello

Another suggestion if going to one of the forums for help is to bring the computer and operating system cd to a computer shop. Granted, most likely it won't be for free and they may lose their data but they won't have to know how to follow the directions.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.17.0.183 Core Firmware 282 I E 11 Chrome latest version.
Kudos2 Stats

Re: Malware Removal Forum Recommendations

<< .... bring the computer and operating system cd to a computer shop  >>

YABBUT ..... not just any computer shop ......

Hugh
Kudos3 Stats

Re: Malware Removal Forum Recommendations

Yeah some computer shops are good when it comes to installing new / replacement hardware / Motherboard etc.

But when it comes to malware, they struggle to get their teeth into it.  Like the one who had Ransomware,  pulled the HDD and installed it as a secondary HDD on another system.  Scanned with programs / tools.

Put the HDD back into the infected system,    No go, still infected, and could not work it out, although I gave a head up ( The registry).

Quads

Kudos6 Stats

Re: Malware Removal Forum Recommendations

Hello Delphinium,

I just read your post and had to reply because I've just been through this process.  My PC was infected with PUPS.  I spent over three days running scans, logs and a myriad of cutting and pasting processes.  It's not a process for the faint hearted like me, who was unfamiliar with the process.  But let me tell you, I learned a WHOLE lot.  To anyone who's unsure of themselves: Don't let the process intimidate you.  These moderators are business-like, but they are experienced and patient and know how to get you through the whole process.

There is a site moderator on the "Intensive Care" forum at Virturaldr.com who's amazing.  The amount of time he or she spent rescuing my PC blows my mind.  This moderator cleaned up temp files, history, erradicated old restore points and set a new one, along with numerous other kinds of clean up.  When all was said and done, my computer was pronounced CLEAN!

To finish the process, this site moderator added a list of software for me to run on my pc to avoid infestations like this again, along with other advice.  He added links to those things as well. The last instruction given me was:  "Let me know how your computer is running."  I'd buy that person a great dinner if I knew where they were!

The Bleepingcomputer.com website hosts another fine forum and offers links to well designed scanners, maleware, and junkware remover software. Lastly, I just want to write here that my appreciation goes to all forum moderators who spend countless hours helping people, either here or other fine forums.      Keep the faith,  Summer.

Kudos1 Stats

Re: Malware Removal Forum Recommendations

Thanks for the post VaSummer.  It can be quite a ride getting the computer out of a mess.  The forums that do the best jobs run a scan first to find out what is involved before fixing.  Then they can determine in what order  to run which tools to get things out, fixed, without wrecking something else.  Some malware has to be broken before any actual removal can happen or it puts itself back.

What amazes me about watching Quads work is not so much that he finds malware in those huge logs, but that he can look at them and know what is missing or not working.  He knows going in which Windows services will have to be fixed and what registry entries will have to be replaced or corrected.

I told Q I liked the old rootkit logs the best with the ======================Rootkit!  I can relate to that.

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos2 Stats

Re: Malware Removal Forum Recommendations

Hi all,

 delphinium has provided a highly valuable post in his first post of this thread.

So I thought to add some common instructions:

 

This is a good advice to people who have been warned by their AV program that an infected file has been found.

 

                                                 What to do if infected file has been found ?                 

 

Don't panic!
Open up a text editor like notepad / similar application or note down on a physical note pad and type detailed answers to the next questions according to the 10 steps proposed.

  1. Whats your operating system version including patch? What all security softwares were there installed during the detection?
  2. How was it detected? What was scanning, you yourself / on-demand or the back-ground / real time / heuristics scanner?
  3. When did the message occur on a download, unzipping, opening a file, mail or mail-attachment, etc.? A capture of the message screen as image can be helpful or what the message says and where the suspicious file was detected.. Visit KB articles of the security software  and see what ot removed. (Only detected file or registry entries or other related files)
  4. What was the source of the file, where did the file come from?.: e.g. address, URL, source. Was it reliable?
  5. When was it downloaded or received? (Ie, newly downloaded or resisded on system for a long time undetected?
  6. What is the exact file name with extension?
  7. What was the exact wording of the message that the AV program  came up with? This is important for later. It can be found on logs or history sections and may be in Qurrantine section also.
  8. Now go back and do nothing yet. Scan the particular file once again with your AV product(note to perform an update of AV before this step) to recheck for False Positive. The message is in the same wording: maybe positive alert. If the message is not in the same wording or the scan does not find  up anything this could be a  false positive.
  9. Check with an on line scanner or update to Virustotal for a second opinion.

                                          VT resides at http://www.virustotal.com/index.html


10.  Note: You can do an URL scan or file-scan. Also give the MD5 hash that is given further down the scan result page under additional information. This can help to identify the malware file.
URLs: Other scan results can be found for a suspicious URL or link at:

                vscan        http://vscan.urlvoid.com/file/
                Sucuri       https://sucuri.net/

FILES: For filescans alternative scanners are:

                VirSCAN   http://virscan.org/
                Metascan http://www.metascan-online.com/

11.Go get informed ask a Virus Encyclopedia or Virus Central. Remember Google is your best friend, also put a question on a forum.

12. Make an informed decision on the basis of what you have found.

13. Inform others about what you have learned, if the file came from a reliable source, author, programmer etc. send a friendly e-mail with your findings.  If you send a suspicious file there for detection password zip this as an attachment and put the password in the mail only if suggested. Most security product sites have their own method of submission. This will help all and in case of a non-detect they will add it to detection database for next update or in the case of a false positive remove that with a next virus update.

14.Do not play with malicious files. Handle them cautiously.

 

Copy of message posted to new post in tech outpost. Courtesy : partially to polonus in avast webforums, edited by me to include more detail and readablity.

regards, CV | There is no ONE TOUCH KEY to security . Be alert and vigilant. . | Always have a Backup Plan!
Kudos0

Re: Malware Removal Forum Recommendations

Can you recommend a computer shop? Is Best Buy good, Office Max or Office Depot? Staples?  I'm having extreme fustrations dealing with this dllhost.exe com surrogate issue and now Powershell not working.  I'm in the forum and all I'm finding so far is recommendations for other sites to go to. Is there a document that has step-by-step instructions? Doesn't anyone know the real answer to addressing this issue?  This has been going on (as far as I can remember) for about two weeks now. I've already been researching since 7AM and it is now 10AM.  This is not the first time; cumulatively, probably a good 24 hours of my life.  What's really scaring me now is that I read a post that stated this virus copies key strokes!  I'm running Windows 7. 

Kudos0

Re: Malware Removal Forum Recommendations

I seem to be infected with Powelik and AdClicker. I've tried Norton, MalwareBytes, and SpyBot. They all find things to delete, but they don't seem to be catching this since I still get little messages from Norton telling me that it has "blocked" activity from Powelik and AdClicker. At first, I thought it was blocking things trying to get in, but then I noticed that I was seeing Powelik a lot, so I assume it's merely trying to grapple with something that is already in the system.

I also tried Norton Power Eraser after seeing it recommended on the Symantec site.  It found one dll file to fix, but that apparently wasn't enough either.

I was going to seek help at the malwaretips.com forum after seeing some promising discussions there, but in preparing for them I tried downloading the Fabar Recovery Scan Tool so I could do a scan.  Norton saw it and deleted it as not being safe, so I thought I'd better check around some more to see if they were legit.  I do see that Bleepingcomputer is recommended here and that is where I was getting the file from, so maybe I just need to figure out how to turn Norton off long enough to run the scan?

Any recommendations?  So far it's mostly a nuisance that causes Norton pop ups and slows down the internet a bit, but it's starting to get on my nerves now.  I'd prefer not to take the computer in to get it removed since I kind of need it for school work right now and can't afford for the Geek Squad or someone to have it for several days.  :)

Marc

Kudos0

Re: Malware Removal Forum Recommendations

Kgaskins,

Before you go to a shop take a look at one of the free malware removal forums that you have seen listed here. They are all staffed by trained volunteers and do not change for their services.

By the time a document was created to do a step-by-step cleanup of a system it would be obsolete. The malware removal forums work one on one with users having problems. When their instructions are carefully read and followed exactly the process can be painless and relatively quick. Some complex problems will take longer.

Stay well and surf safe

Dick

Dick Win 10x64 current current NSBU
Kudos0

Re: Malware Removal Forum Recommendations

MarcinMN,

Did your computer get fix? I have the same problem, infected with Poweliks, lots of dll *32 in processor. Did you find the solution for it?

Thanks,

Becky

Kudos0

Re: Malware Removal Forum Recommendations

There is NO quick fix.  Please sign up for assistance from one of the sites listed in the first post.

Thanks.

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Malware Removal Forum Recommendations

I think we must restrict (or lock? ) this information thread from being going to a problem discussion and solving thread to preserve its intention.
regards, CV | There is no ONE TOUCH KEY to security . Be alert and vigilant. . | Always have a Backup Plan!
Kudos0

Re: Malware Removal Forum Recommendations

Comment Promoted To: 

I am currently working with on of the recommended sites, but can someone answer these questions?

1 - Need MS Office documents from infected computer. Could these files be infected? Will they be clean once the malware process is complete?

2 - Just bought a new computer to replace the infected one ( good timing..lol) but want to pass the infected laptop on to kids. Will restoring it to factory specs eliminated the Trojan? Or again just wait til after removal process and then restore?

3 - I use Norton 360, and ran other free programs. Trying to figure out HOW the computer got this trojan, saw it was some MS vulnerability. Will any software presently block this intrusion from infecting any computer? Norton catches it..but it didnt prevent it from occurring. Everything was updated daily. Just want to understand how this happened to prevent it again. The usual safety precautions were all observed.

Thanks for the help :)

This thread is closed from further comment. Please visit the forum to start a new thread.