Malware is becoming almost impossible to clean. Seriously. If a computer has been infected, it almost always requires a hard drive wipe and OS reinstall. That’s how advanced malware is today. It’s not uncommon for a computer to “look” perfectly clean while it is secretly “talking” to Eastern Europe and China…a high tech Chatty Cathy of sorts! Sorry to disappoint the antique toy fans, but that will be my last Chatty Cathy reference.
https://blogs.technet.com/b/security/archive/2012/09/19/microsoft-s-free-security-tools-windows-defender-offline.aspx
In some rare cases it’s possible to clean a computer that’s infected, but your best chance of doing so successfully would require running a scan on the infected hard drive from an alternate, uninfected computer. For this reason, I have been looking for a bootable CD with an anti-malware engine on it to attempt this process without the extra step of pulling the hard drive and accessing it from a clean computer (which by the way puts the clean computer in harm’s way and is not recommended).
I tried using the Symantec Endpoint Recovery Tool (SERT) and I have no doubt that it can work, but I ran into some challenges. For instance, the signature file had to be downloaded separately and imported by the AV engine. Sure, the concept makes sense. Why bother creating a new cd with new signatures every time you want to run it? Instead, just download the latest signatures and keep using the same disc. However, the process was not straightforward. For simplicities sake, I would rather just download an updated boot CD every so often with updated signatures embedded. This may not be a good solution if you are a technician cleaning computers daily, but for the majority of us it would not be much of a hassle to do this a few times per year or even once a month.
Microsoft offers one such solution for Windows computers and it’s FREE. I used it myself and it was easy and effective. If you create a bootable USB drive instead of a CD, there is an option to update the signatures similar to Symantec’s offering. However, I opted to create a bootable CD which was extremely straight forward. Besides, if you store anti-malware tools on a USB stick you run the risk of the writeable USB stick getting infected while trying to quiet down Chatty Cathy (oops). I would much rather just download a new copy of the CD whenever needed.
I plan on running this every month or so just to see if it finds anything on my primary work computer. It’s so easy to do, why not?
Microsoft Security Blog: Windows Defender Offline
Do you have any favorite malware tools we should know about? Share it with us in the comments below.
Thanks for reading and don’t forget to subscribe!
Very helpful. I am working with our agency security point person and will forward your blog for her references. Thank you.
I’ve recommend using Combofix to friends (http://www.bleepingcomputer.com/download/combofix/) to fix home computers.
For work however, I don’t trust any tool. Once a computer has been compromised…. you better off doing a backup and re-imaging the computer. I’ve witnessed fully patched machines with “managed” Symantec totally infected with malware. My logic … Why take the chance?… re-image.
I’m glad to see MS taking a bigger role on this with the defender online offering. About time. I hope they do more.
Thoughts on MS Forefront? Have you used it?
Great article. I hope other techs read it and share their tools of the trade.
I’ve used Combofix a number of times and it has worked for me, but I would use it as a last resort before a full wipe. I’ve also had Combofix successfully clean a computer, but leave the OS blue screening. That was probably the malware’s fault, more so than Combofix, but a rebuild was required regardless.
Forefront is a suite of products and I’ve used a couple of them. I have used the antivirus client, previously branded as Microsoft Forefront Endpoint Protection. It has been renamed as System Center 2012 Endpoint Protection, which makes sense because the management console is System Center. My overall impression is that it is a solid anti-malware product for the MS platform, but missing some of the more advanced bells and whistles. It probably warrants strong consideration if it had cross-platform support.
Sometimes… not all…. you might get away with deleting the user profile without having to wipe the machine entirely. Once again… better off redoing the computer.
Do we have campus licenses for System Center 2012 Endpoint Protection?? I only ask because Symantec tends to get on our way on our dev machines.
I will investigate further regarding licenses, but I am not aware of of an existing pool up for grabs. SEP has come a long way and used with proper exceptions it does not cause a major performance hit on most computers like previous versions did.
Ferma la prima persona che incontri per strada e chiedi loro di nominare un marchio di lusso: il più delle volte la risposta è “Rolex”, più precisamente “rolex replica“. La fama degli orologi Rolex non è stata raggiunta dall’oggi al domani, ma è stata il risultato di oltre un secolo di dedizione e competenza.
Dalla sua fondazione nel 1908 da parte dell’orologiaio della Manifattura
WOW! this article it really great i like it
Hey, i found a great site with so many games
Just click this >>> DetikToto <<<
Beyond its physical attributes, the samurai armor holds deep cultural significance in Japanese history.