My Threat Removal Process

[Gnosis]

For what it is worth, I like to first scan with HitMan Pro. If it finds something ugly, I then use HijackThis and check every box and click fix (I can do that because I always make sure any non-threatening line items are marked as safe so when I do get an infection I can check all boxes without fear--restore points and backups intact).

After those two steps I go to safe mode with networking and update MBAM, SAS, Dr. Web, and Avira. I scan with their on- demand scanners and remove any threats.

Then I reboot and run TDSS Killer and Norton Power Eraser with its rootkit scan.

I finish up with GMER. Then I utilize SpyDll Remover or Process Hacker 2 to make sure there are no unusual processes running.


You might ask, "Why doesn't that lunatic scan with GMER right out of the gate?". The simple answer is that I want rapid intelligence pertinent to the most serious threat to my system, followed by a quick disable of some of its activities, and then retreat to a safe haven in SAFE MODE to start hammering on the pest(s).

It sounds like a lot, but the Safe Mode operations are the only slow part of the process.

By the way, sometimes I like to use the AutoRuns EVERYTHING tab to complement Process Hacker 2 and SpyDll Remover.

If I have a BROKEN ARROW, I call it in to the appropriate techs so we can break out ComboFix together. Hooyah!!!

Note: I am in no way criticizing the MRGW, as it is much more thorough than my method would be for the typical user. I think MRGW is fine and gracefully evolving. I just wanted to share.

 

[moonshine]

With this Removal Process you can remove any malware, I think so,

 

[jamescv7]

That process will performed when a highly infected occurs then surely no more traces/malware will be exist.

 

[Gnosis]

Well, thanks for your approval, but I admit that it may not be for everyone. It is just a routine that I have used many times and I am comfortable with it. I guess the crucial aspect must be that you do not damage your system more than the malware does when you attempt to remove said malware. Preferably, you do not damage your system at all. LOL

 

[moonshine]

I usually use my SARDU bootable disc immediately even though its I should use MBAM,SAS and HMP first , I tried it on one of our school's heavily infected PCs and the PC was usable again after running Kaspersky Rescue CD, DrWeb LiveCD and Avira Rescue System,

 

[jamescv7]

Actually in case the computer cannot boot up due to the infection a bootable CD is a way to go.

 

[moonshine]

A Bootable disc is always the way to go because malware won't be able to interfere with the scans,

 

[Ink]

Don't forget netbooks and some laptops do not have a CD/DVD drive.

 

[jamescv7]

Yes agree stormgtr. if you have money you can buy an external CD/DVD and plug into laptop but if not a usb can use it for bootable.

 

[win7holic]

if not have CD or DVD drive.. use USB bootable for removal..
like hiren's or SARDU

 

[Gnosis]

Point definitely taken on bootable scanning with a USB stick or CD. That is the way to go. I am a little behind the times with respect to that. I need to get up to date.

 

[212eta]

I use the following Tools:
-Avira Rescue CD, F-Secure Rescue CD, and Dr.Web Live CD/Dr.Web LiveUSB.
-MBAM, SAS, Hitman Pro, and ComboFix.
-GMER, Kaspersky TDSSKiller, UnHackMe, and Teazer Rootkit Razor.
-Avast MBR Scanner, MBR rootkit detector, and MBRCheck.

 

[Gnosis]

Updated: For my final step (BROKEN ARROW), replace ComboFix with Bootable Kaspersky Rescue on Sardu, etc., where applicable.