BlitzBlank 1.0 – Removes infections that nothing else removes

Tips to Detect Virus Files and Infected files

How to detect virus files?

Virus files now a days are more improved and hard to find than earlier, now some files have nice icon so user cant imagine that file is virus or unwanted. Normal Properties of virus or infected files, that always tries to connect internet and get other unwanted softwares or files to the victims computer.

Some Trojan files like Sality.AA copies its file to windows\system32 with same file size, so it can identify easily, some may in hidden, and creates files in all folder with same name as folder. For Example, i have a folder in C:\myfolder, when this trojan infect the system, creates files in that folder with name myfolder.exe with size ~499 KB, if we open that file nothing opens but system will get busy. Like that so many files where created in those Drives and folders.

How To Delete these files:

Use Windows Search utility or any alternative, before that find file size of file created, like myfolder.exe, if this filesize is 499 KB, add file size in Search parameter so you can easily delete all folder named execute files.

Note:

If any exe file is running, you cannot delete some files, before that end those suspected file processess. You can use Windows Task Manager or any Alternative Task Processes lister like Process Explorer.
Get Process explorer from
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
http://en.wikipedia.org/wiki/Process_Explorer

From Process Explorer you can delete files, download this free program.

Detect Infected Virus Files.

To Detect infected files is simple. If you think your normal application tooks more time than normal, it may be the cause of virus infection. Bitdefender is the Best Antivirus software can be used in Disinfection of virus infected files.

RootRepeal – The New and Great Rootkit Detector and Remover

RootRepeal is a new rootkit detector currently in public beta.

It is designed with the following goals in mind:

1. Easy to use – a user with little to no computer experience should be able to use it.
2. Powerful – it should be able to detect all publicly available rootkits.
3. Stable – it should work on as many different system configurations as possible, and, in the event of an incompatibility, not crash the host computer.
4. Safe – it will not use any rootkit-like techniques (hooking, etc.) to protect itself.

Currently, RootRepeal includes the following features:

1. Driver Scan – scans the system for kernel-mode drivers.  Displays all drivers currently loaded, and shows if a driver has been hidden, and whether the driver’s file is visible on-disk.
2. Files Scan – scans any fixed drive on the system for hidden, locked or falsified* files.
3. Processes Scan – scans the system for processes.  Displays all processes currently running, and shows if a processes is hidden or locked.
4. SSDT Scan – shows whether any of the functions in the System Service Descriptor Table (SSDT) are hooked.
5. Stealth Objects Scan – attempts to determine if any rootkits are active by looking for typical symptoms.
6. Hidden Services Scan – scans for hidden system services.
7. Shadow SSDT Scan – counterpart to the SSDT Scan, but deals mostly with graphics and window-related functions.

* – falsified files are files which have their size mis-reported to the Windows API.  Some rootkits use this to hide data.

RootRepeal is currently in public beta.  Whereas every effort has been made to ensure compatibility with every system configuration on Windows 2000, XP, 2003 and Vista, it cannot be guaranteed.  There is always some risk when scanning for rootkits.  Before running RootRepeal, please make sure you have backups of all important data and have saved all open documents.

System Requirements

• Microsoft® Windows 2008 Server; Windows Vista®; Windows XP Professional or Home Edition; Windows 2000 with Service Pack 4; Windows 2003 Server
  Note: Only x86 versions of Windows are supported.
• 128MB of RAM.
• 600KB of hard-drive space.

Download: RootRepeal.rar
MD5 (of the EXE): 880D7A26B7BB6B00A0709E75F149B83D
SHA-1 (of the EXE): 1943798277BBB1C396A980C58D077F5A57636932

VirusTotal Scan: http://www.virustotal.com/analisis/dd2d8492185ded564fdae8f5a1d85946123c346086763a238b0d74f1e2848259-1250214648

NOTE : Because, as mentioned above, there is always an element of risk when scanning for rootkits, the author offers NO WARRANTY for RootRepeal.  USE AT YOUR OWN RISK!

The latest version of RootRepeal can always be found at the static links http://rootrepeal.googlepages.com/RootRepeal.rar, or http://rootrepeal.googlepages.com/RootRepeal.zip (see below for more mirrors, in case the bandwidth limits have been exceeded).

Note: This site has recently been exceeding bandwidth, so if any of the above download links are unavailable, please use one of the following:

http://ad13.geekstogo.com/RootRepeal.zip
http://ad13.geekstogo.com/RootRepeal.rar
http://rootrepeal.psikotick.com/RootRepeal.zip
http://rootrepeal.psikotick.com/RootRepeal.rar

For more info about this project :  http://sites.google.com/site/rootrepeal/

Removal tool for Mal/FakeAV-BW, Generic FakeAlert!hr, Packed.Win32.Krap.an (winupdate.exe, exec.exe, ppal.exe, MSe5ad.exe) Malware

Read more

How To Remove and fix Virus.Win32.Sality Win32/Sality.ah Win32/Sality.ag with Kaspersky Tools

The recommendations given concerning disinfection of a computer from Virus.Win32.Sality should be applied only if NO Kaspersky Lab product is installed on an infected computer, and/ or if the computer is already infected and a Kaspersky Lab product cannot be installed by regular means. Kaspersky Lab experts also recommend using Rescue Disk to disinfect an infected computer.

The SalityKiller.exe utility given in this article allows detecting and disinfecting only the following Sality modification Virus.Win32.Sality.aa, Virus.Win32.Sality.ag.

In order to disinfect a computer from Virus.Win32.Sality.aa, do the following:

If infected computers are in the local network under domain control:

Step 1. Preparation to disinfection:

• Download the file SalityKiller.zip
• Unpack the file SalityKiller.zip
• Run the file SalityKiller.exe on each computer in turn (for example, through Kaspersky Administration Kit, or the server group policy).
  • on all computers on which the domain administrator can register and work

While disinfecting this group of the computers do not log on under domain administrator on any other computers to prevent further spread of the infection in the network.

• • on all other computers

Do not stop or terminate work of the utility until all computers in the network have been disinfected.

Step 2. Algorithm of computer disinfection.

Computers on which you log on under a domain administrator rights should be disinfected first. Once these computers are disinfected, start disinfecting other computers in the network.

• Run the utility SalityKiller.exe on the infected computers once again (no additional commands to run the utility are needed).
• Make sure the anti-virus icon in the tray has turned red thus indicating the anti-virus software is fully functional. If otherwise, reinstall the anti-virus via Kaspersky Administration Kit.
• Update the anti-virus databases (signature threats) for the Kaspersky Lab’s product installed on your PC. If you cannot download the updates from the Internet, update from the zip-archives. 
  • how to update Kaspersky Lab’s products version 5.0 from the zip archives.
  • how to update Kaspersky Lab’s products version 6.0 from the zip archives
  • how to update Kaspersky Lab’s products version 7.0 from the zip archives
• set the full scan options to their maximum scan level
• run full computer scan

Step 3. Signs of a disinfected/ clean computer

• Kaspersky Anti-Virus is running and works in normal mode
• full computer scan does not detect infected objects on the computer

Step 4. Cleaning the registry of infected computers in the domain network:

• download the file Sality_RegKeys.zip
• unpack the file Sality_RegKeys.zip
• run the file Disable_autorun.reg from the archive Sality_RegKeys.zip

  You can also disable autorun from all devices by running the SalityKiller utility with parameter -a.

• Click Yes to confirm adding the information to the registry

• once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key: 
  • under Windows 2000 run the registry file SafeBootWin200.reg
  • under Windows XP run the registry file SafeBootWinXP.reg
  • under Windows 2003 run the registry file SafeBootWinServer2003.reg
  • under Windows Vista run the registry file SafebootVista.reg

If infected computer are not in the network

• Disable the technologies iSwift and iChecker, if one of the following products is installed and running on your PC:
  • Kaspersky Anti-Virus 7.0
  • Kaspersky Internet Security 7.0
  • Kaspersky Anti-Virus 6.0
  • Kaspersky Internet Security 6.0
  • Kaspersky Anti-Virus  2009;
  • Kaspersky Internet Security 2009;
  • Kaspersky Anti-Virus  2010;
  • Kaspersky Internet Security 2010;
  • Kaspersky Anti-Virus 6.0 for Windows Workstations
  • Kaspersky Anti-Virus 6.0 SOS
  • Kaspersky Anti-Virus 6.0 for Windows Servers
• Download and unpack the file SalityKiller.zip
• Run the file SalityKiller.exe

With an installed Kaspersky Lab product you might be prompted to allow any activity to the process Sality_killer.exe

• • Go to Start > All programs > right-click Startup > select Open

• • Right-click any place in the Startup folder
  • In the menu select New > Shortcut
  • In the Create Shortcut window click Browse
  • Browse the folder into which the file SalityKiller.exe was unpacked
  • Highlight the file SalityKiller.exe
  • Click the OK button
  • Click Next
  • Click OK

• Download the file Sality_RegKeys.zip
• Unpack the file Sality_RegKeys.zip
• Run the file Disable_autorun.reg from the archive Sality_RegKeys.zip

  You can also disable autorun from all devices by running the SalityKiller utility with parameter -a.

• Click Yes to confirm adding the information to the registry

• Update the anti-virus databases (threat signatures) for the installed Kaspersky Lab’s product. If you cannot download the necessary databases (threat signatures) form the Internet, update the databases from the zip archives:
  • how to update Kaspersky Lab’s products version 5.0 from the zip archives
  • how to update Kaspersky Lab’s products version 6.0 from the zip archives
  • how to update Kaspersky Lab’s products version 7.0 from the zip archives
• set the full scan options to their maximum scan level
• run full computer scan
• once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key: 
  • under Windows 2000 run the registry file SafeBootWin200.reg
  • under Windows XP run the registry file SafeBootWinXP.reg
  • under Windows 2003 run the registry file SafeBootWinServer2003.reg
  • under Windows Vista run the registry file SafebootVista.reg

You can restore the registry branch SafeBoot which is needed for a PC to be able to boot in safe mode, by running SalityKiller.exe with parameter -j.

Additional parameters to run SalityKiller.exe from command line:

-p <path> – scan a specific folder;
-n – scan network disks;
-r – scan flash drives, scan removable hard disks connected via USB and Fire Wire;
-y – close the window when the utility finishes;
-s - scan in “silent” mode (without opening console box);
-l <file_name> – write log to the file;
-v – detailed logging (must be used in combination with -l);
-x - restore possibility to view hidden and system files;
-a – disable autorun from any devices;
-j – restore the registry branch SafeBoot (if it is deleted, the PC will not be able to start up in Safe mode);
-m – monitoring mode to protect the system from getting infected;
-q – scan the system and then go to monitoring mode;
-k – the utility will scan all disks, detect files autorun.inf created by the virus Virus.Win32.Sality and eliminate them. It will also delete the executable file linked by autorun.inf, even if such file has been already disinfected.

How to remove International dialer Trojan on 3D Anti Terrorist (Windows Mobile) (Video)

You will need a Reg Editor, Notification queue Manager, File Explorer

( we are using http://www.dotfred.net/TaskMgr.htm in the video )

Related Blogs

HouseCall – Free Online Virus Scan NEW v7.1

HouseCall is Trend Micro’s highly popular and capable on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plugins, and other malware.

HouseCall 7 features an intuitive interface and the ability to perform fast scans that target critical system areas and active malware. It also leverages the Trend Micro Smart Protection Network™ to help ensure that scans catch the latest threats.

HouseCall 7.1 improves on the recently released HouseCall 7.0 by providing a full system scan option and an option to scan only specific folders. It adds support for 64-bit versions of Windows Vista™ and Windows™ 7.

HouseCall provides a quick and easy check for threats regardless of the protection status of your existing security solution. For more information about HouseCall, please read the Frequently Asked Questions.

What’s new in HouseCall?

• Full system and custom scan options allow users to specify which folders to scan (new in 7.1).
• Quick scan option offers targeted scanning of critical system areas and active threats, reducing scan times to within a few minutes.
• Stand-alone, browser-independent implementation eliminates compatibility issues associated with browser-activated scanners.
• Smart Scan technology refers to patterns in the cloud, delivering the latest protection while reducing download times.
• Smart Feedback shares threat information with the Smart Protection Network, which correlates data from a global intelligence network to quickly discover new threats.
• Review and restore lets you check and compare scan results and recover files.
• Enhanced detection and cleanup addresses rootkits and other sophisticated threats.

Download HouseCall 7.1 (32-bit) | Download HouseCall 7.1 (64-bit)

Getting Started with HouseCall

1. Click Download HouseCall to begin. Please note that HouseCall requires a small download before it can scan your computer.
2. You can choose to save a copy of the launcher (HousecallLauncher.exe) and use it to quickly starts scan. Remember to visit this page occasionally to get the latest copy of the launcher.
3. It is recommended that first-time users select the Quick Scan option, which is available in addition to the Full Scan or Folder Scan options.
4. Enabling the Smart Feedback setting helps increase the strength of the Smart Protection Network by sharing malware and threat data as part of our global neighborhood watch program. No personally identifiable information is gathered as part of participation.

Related Blogs

Removal tool for Sus/Delf-J, Trojan.Heur.GZ.kGX@bKStsDeG (Foto_253.com, javahr.exe, javahr2.exe, javahu.exe) Trojan

Read more

Removal tool for Mal/FakeAV-CO, Downloader-CEW (Vvavia.exe, Vdl.exe, Vdk.exe, Vdj.exe) Malware

Submited By Diego
 

Read more

AVG Rescue CD A powerful toolset for rescue & repair of infected machines

The AVG Rescue CD is a powerful must-have toolkit for the rescue and repair of infected machines. It provides essential utilities for system administrators and other IT professionals and includes the following features:

• Comprehensive administration toolkit
• System recovery from virus and spyware infections
• Suitable for recovering MS Windows and Linux operating systems (FAT32 and NTFS file systems)
• Ability to perform a clean boot from CD or USB stick
• Free support and service for paid license holders of any AVG product
• FAQ and Free Forum self-help support for AVG Free users

Key technologies

• Anti-virus: protection against viruses, worms and Trojans
• Anti-spyware: protection against spyware, adware and identity theft
• Administration toolkit: system recovery tools

The AVG Rescue CD is essentially a portable version of AVG Anti-Virus supplied through Linux distribution. It can be used in the form of a bootable CD or bootable USB flash drive to recover your computer when the system cannot be loaded normally, such as after an extensive or deep-rooted virus infection. In short, the AVG Rescue CD enables you to fully remove infections from an otherwise inoperable PC and render the system bootable again.

Apart from the usual AVG functions (malware detection and removal, updates from internet or external device, etc.), the AVG Rescue CD also contains the following set of administration tools:

• Midnight Commander – a two-panel file manager
• Windows Registry Editor– simple registry editor for more experienced users
• TestDisk – powerful hard drive recovery tool
• Ping – to test the availability of network resources (servers, domains, IP addresses)
• Common Linux programs and services– vi text editor, OpenSSH daemon, ntfsprogs etc.

Free of charge

The AVG Rescue CD is a free-to-use product that anyone can download. This also covers any new program versions and virus database updates. If you have any other paid AVG license, you are also entitled to receive our full technical support.

Download:

Download Rescue CD (for CD creation)

Download Rescue CD (for USB stick)