Category Archives: InfoSec

9 Tools to Help You Recover from Malware

So I was at my parents’ house this weekend, and my dad asked a very simple question… “Could you take a look at my computer?  I can’t run CCleaner.”  I thought to myself… That’s great!  He has been running CCleaner regularly!  But when I sat down to take a look, things only got worse.  Windows Update wouldn’t start, CCleaner wouldn’t start, Microsoft Security Essentials wouldn’t start properly or update, and AVG Free wouldn’t install.  That is not good.  Here is a list of tools I used to scrub his machine, and boy did i need them all, and for different reasons.

  1. MalwareBytes Anti-Malware
  2. PortableApps
  3. SpyBot Search & Destroy
  4. SuperAntiSpyware
  5. CCleaner
  6. HijackThis
  7. AVG
  8. Microsoft Windows Defender
  9. Belarc Advisor

Virtumonde is not your friend

I was the victim of a very annoying piece of malware. I have been avoiding the corporate install of Internet Explorer for months now, and I have been using Firefox 2 and 3 instead. I am sure I was doing something I should not have been, because for the last two weeks these strange popups have been plaguing my Firefox browsers, and my machine has been running like there was taffy on my hard drive. I tried to remove the trojan with Spybot S&D, and that did not work. It did identify a Browser Helper Object (BHO) and some registry entries that I could not get rid of. That is when I knew it would be bad. Derek recommended that I try Macafee Avert Stinger. That was no help either. I tried HijackThis. That was informative, but not as helpful as I had hoped. So I did some more digging online, and an article recommended Malwarebytes’ Anti-Malware (MBAM). That was a big step forward. It clearly identified my problem as the Virtumonde Trojan. There were 59 DLLs, BHOs, data files, and registry entries all over my computer from this one trojan. I used MBAM to remove all of them, but the BHO registry entry was stubborn. This meant there was still more. I did some research on Virtumonde, and found that a tool called ComboFix will wipe it out entirely. It took about 20 minutes to run, rebooted my machine, and took another 20 minutes to complete. But when it was all done, I was trojan free. No more popups when I use Firefox, and my machine is fast again. Now… if only I knew what I did that was so bad…