Malware removal

Foreword

We do not trust in removal

Why? Microsoft stated The only way to clean a compromised system is to flatten and rebuild..
We share this point of view.

So why this Howto?

Even if we think removal is not reliable, many users wont take the time to reinstall their system from 0, and reinstall all patches, reinstall all applications, and load backups of all data, they want to remove it. So its better to provide some usefull information people actually use, even if its not that reliable, than providing nothing but “flatten and rebuild”

Removal

Closing the doors

Before we start to remove the malware, we have to make sure it does not come back right after we removed it.

Make sure you got:

  • all servicepacks for your operating system
  • all patches installed
  • a working firewall you can administrate
  • a working virus scanner
  • you dont use Internet explorer to surf the web

Hunting the malware

There are several utilities designed to be small and efficient to remove malware, without having to buy the whole product.

We’ll focus on “f-bot” by f-secure here. If you think we should add some other vendors product, mail us.

F-Bot by f-secure

Download http://www.f-secure.com/tools/f-bot.zip or if you lack winzip http://www.f-secure.com/tools/f-bot.exe

If you want to know what you are doing
have a look on http://www.f-secure.com/tools/f-bot.txt
else
just start f-bot.exe and hope it finds the malware, and is able to remove it.

 
howto/virus_removal.txt · Last modified: 2006/02/17 14:01
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki