Malware and how to deal with it
Updated: Jun 29, 2011
I like to show the whole URL of a site so if you print this page, the whole URL is on your printed copy. Top sites or software are highlighted in yellow.
These sites help you remove malware from your PC.
- http://www.spywareinfoforum.com/ - get help removing spyware/malware.
Software: Malware scanners/removers
- aswMBR - http://public.avast.com/~gmerek/aswMBR.exe
- CCleaner - removes temp files, invalid registry entries, other things. VERY GOOD. http://www.piriform.com/ccleaner
- Combofix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix. Do not click on the Combofix window while it is running, or it will stall.
- GMER - http://www.gmer.net/. Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector
- HijackThis - http://go.trendmicro.com/free-tools/hijackthis/HiJackThis.msi. Creates a log of various processes running on a Windows system.
- List of rootkit scanners - http://spywarewarrior.com/viewtopic.php?t=17607
- Malwarebytes Anti-Malware - http://www.malwarebytes.org/
- MiniToolBox - http://download.bleepingcomputer.com/farbar/MiniToolBox.exe
- Rootkit Unhooker - http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE
- SecurityCheck - http://screen317.spywareinfoforum.org/SecurityCheck.exe
- Spybot Search and Destroy - http://www.safer-networking.org/en/download/. Searches for and removes many types of threats.
- TDSSKiller - http://support.kaspersky.com/downloads/utils/tdsskiller.zip
DNS lists - list of sites which install spyware/malware, in various formats
- Blackhole DNS files - http://www.malwaredomains.com/wordpress/?page_id=66 (domains.txt, also BOOT file in MS format, zone file in Bind format)
- Malware domains block list - http://www.malwaredomains.com/. Lists bad sites. Creates Bind and Windows Zone files, also in Adblock and ISA format.
- MVPS HOSTS file for Windows - http://winhelp2002.mvps.org/hosts.htm. Used to replace Windows HOSTS file to redirect bad sites to your local PC. Your local HOSTS file affects any internet service, any browser, any FTP, etc.
- Zeus blacklist of domains - https://zeustracker.abuse.ch/blocklist.php. List of one domain per line. Might be useful for Leechblock.
DNS Servers that block malware
- MaraDNS - http://www.maradns.org/. Open source DNS server software you install on your unix machine.
- Norton DNS servers - 198.153.192 .1 and 18.104.22.168. Plug these into your Internet DNS settings.
- OpenDNS - http://www.opendns.com/. Allows you to block categories of sites, updated by them. This also means, if you have a dynamic IP, you must install their systray app to keep their site aware of your new IP. Free.
These sites talk about current threats, and methods to deal with them.
- Emergingthreats.net - Emergingthreats.net.
- Internet Storm Center blog - http://isc.sans.edu/. Talks about internet threats and has copies of the MS Black Tuesday report (reporting security fixes).
- Rogue anti-spyware products and websites - http://www.spywarewarrior.com/rogue_anti-spyware.htm. Also has list of valid anti-malware products. Very good list here.
- Virtualization, HIPS, Sandbox, and system hardening apps - http://spywarewarrior.com/viewtopic.php?t=22195
- Noscript, free Firefox add-on. - https://addons.mozilla.org/en-US/firefox/addon/noscript/ Stops scripts on websites from executing.
- Virus Total - http://www.virustotal.com/ - submit viruses and malware here. Submit a file to them to scan with 42+ virus scanners via email. See http://www.virustotal.com/advanced.html. Send email to firstname.lastname@example.org with subject of "SCAN". You will get a text report back after the file is scanned. Attached file must be less than 20mb in size.
This is Yellow