A few times, just for the heck of it, I had VirusTotal [a virus-
testing web site] test some malicious email attachments. The detection
rate was always low. Anyone who ran these malicious EXE files, the day
I got them, could have been infected even if they were running up-to-
date antivirus software....
[To use AutoRuns, a free anti-virus program from Microsoft] you have
to be well schooled in the internal architecture of Windows to know
which programs are legitimate....
This machine had some well defended malware. Even after using AutoRuns
to prevent the obvious malware from auto-starting and then rebooting,
it remained infected [including] Browser Helper Object[s living]
inside Internet Explorer and Windows Explorer. Even if it [the BHO]
doesn't run automatically at system startup, it will run the first
time either of these two programs runs.
F-Secure...said the machine was not infected with a rootkit. But
then, I ran the GMER rootkit detector which warned of hidden files and
a hidden service. I had GMER remove these, rebooted and scanned with
it again. This time too, it found a hidden file and service. Again I
had it remove things, rebooted and re-scanned. Finally, it came up
[Next] I downloaded the latest version of MBAM on another machine and
then installed it in the infected machine using a USB flash drive. The
reason for the flash drive was that I was afraid to connect the
infected computer to my LAN until it had been, at least, somewhat
MBAM [detected and removed] over 100 infections...[rebooted...then] I
connected the suspect computer to my LAN and downloaded the latest
MBAM updates which included an update to the software itself, from
version 1.31 to 1.32. A full scan with the latest and greatest copy of
MBAM found about 40 or so additional infections.
But this was just the beginning... I next ran four antivirus programs
and this is where things got interesting.
I started with the free online NOD32 scanner from Eset [which] found a
handful of infections and removed them. Next, I ran the BitDefender
online scanner which also removes the malicious software it finds. It
found and removed about 20 infections. [Then] Kaspersky...gave the
machine a clean bill of health, so I thought I was done.
But, the machine had no antivirus software installed. So, with the
owners consent, I installed Avira's AntiVir, my favorite among the
free antivirus programs. A full scan with AntiVir turned up another
...it found multiple instances of the Drop.Softomat.AN Trojan and a
single copy of the Trash.Gen Trojan....
The only conclusion that I think is fair to draw, is that among the
free antivirus programs, Avira's AntiVir is a good choice. It found a
dozen infections after three competitors had their crack at it.
Then again, this may have all been a waste of time. Although the owner
of the computer reported afterwards that it was again working
normally, the operating system may still be infected. Had I thrown
another antivirus program or two at it, addition malware might have
Malware can be so hard to remove that walking away from an infected
copy of Windows and, instead, restoring a known clean copy (such as
the factory fresh state) will often be the right approach.
Or, you could just install Linux.