[Prestige]

maybe one with the most common virusses removal (so darkcomet, simple keyloggers etc) and for virusses wich work with services against botkill

[1nT0x!c@t3d]

I'd like to see a toolless removal. I've used mbam, combofix, etc, but I've never seen anyone attempt to remove malware when they have almost no options. I'ts something I want to be able to do, for extreme cases.

I can definitely do that, although there isn't really a purpose for a removal without any tools as disabling or bypassing the malware is generally better, and from there run a fix with another program. Kind of hard to explain here.

What would you like to see? A way to run AVs or AMs when the malware denies .exe files running, bypassing browser redirects, malware removal through programs which use cmd?
Also, there are plug-in-and-go malware removal tools, so if you get it on a USB and load it from the USB, you can still launch an .exe. Please be more in-depth with your request, but I'll start working on it.

I'm referring to when malware denies exe's, or malware so new that most av's don't detect it. Or malware that changes extensions. (I.E. Security Defender; It changes extenstions so that they run itself.) But as you said, most of the time that wont be an issue, as rkill can be renamed to almost anything, and then you can run a tool such as combofix.

hirens boot cd. find 15.2 (pretty sure this is the latest version)

i can and will at some time write up a comprehensive malware removal guide.

basic steps are these.
1. burn the hirens iso you downloaded
2. boot from it on the infected machine
3. find the maicious exe. (or .dat or other file) and delete them
4. search the remote registry for keys with the name of the program you found in step 3.
5. repeat 3 and 4 as many times as necessary. sometimes there are multiple exes in question.


so where are these malicious programs located? well if your in a live environment, on the infected computer, and you know when the infection occurred then you can browse the remote HDD by date modified and find them that way.

they usually reside in c programdata or c users [user] application data local and roaming

sort those folders by recent activity. the programs in question stick out like a sore thumb. they have random file names or names that shouldn't exist in said location. "windowsupdate.exe" is a good example. "wsgwsgwsgwsg.exe" is another one.

they will have some sort of start up entries, some easy to find, some very tricky.
you will need a remote registry program, and so part of the suggestion of hirens boot cd is that it has just such a program installed with it.

anyway thats the real basic quick intro as to how it goes down. this process takes 5-10 minutes. after that is all said and done i reboot, and scan with tdsskiller and hitman and mcafee stinger to double check both the work i just did and to check for bootkits.

[w00t]

If you run high-risk systems, wipe the Windows pagefile. I've seen viruses that make themselves persist by sitting in there.