Monday 18 February 2013

Portable tools to have handy

You never know when you would need them, but having them on you can be your first or best line of defence against rootkit or malwares. When a machine won’t allow you to install applications, this portable apps might be the only way to remove rootkits.
Before you run a scan on a machine, it’s always best to reboot the machine in Safe Mode. This can be done by restarting your system and tapping the F8 key until the Safe Mode menu appears. When that menu appears, select Safe Mode With Networking.

1. Rkill : is a program that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.
As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.

2. Combofix : It scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program.

3. Kaspersky TDDSKiller :   Kaspersky focuses only on the TDSS rootkits (Rootkit.Win32.TDSS, Tidserv, TDSServ, or Alureon).  Kaspersky’s TDSSKiller can also remove the Sinowa, Whistler, Phanta, Trup, and Stoned rootkits.

4. BitDefender Rootkit RemoverBitdefender cleans infections with Necurs (the last rootkit standing). New rootkit definitions are added as they become known; because of this, you will want to make sure you check the Bitdefender site and download a new version of the tool frequently. I personally use this last, when cleaning a system.

No comments:

Post a Comment