Tools for Virus Removal : The ones I like to use!

In this post I want to talk about virus removal tools that I like to use when I need to remove a virus.   Some thing to consider when using these tools are:

Each of these have to be dealt with differently because each requires something different.  Like rootkits if you have one installed and know that it is a rootkit you only options are to download some rootkit removers like:

  • Sopho’s Anti-rootkit remover —  This is good for those more known viruses and can remove several types of rootkits.   This isn’t the only one I use, but it is a part of group that does the rootkit removing for me.
  • Microsoft Rootkit Revealer —  This is good for proving there is a rootkit.  I’ve not seen it not detect a rootkit.  Most of the time when I find a rootkit from the other rootkit revealers this one actually dos better with information.
  • Panda Anti-Rootkit Remover — This one is another one I use when the other ones can’t remove it.  Each one does remove certain rootkit differently and works better than the other.
  • Aries Rootkit Remover from Lavasoft — This is good for those really tough rootkits but have some great benefits for removing some of the really tough rootkits.

These are the ones that work well with me when it comes to removing the rootkits.  I’ve not had one of these to remove a rootkit but that depends on how you deal with the virus in the first place.  Now for Anti-spyware and Anti-Virus software here are some of the tools that I suggest:

  • HijackthisRun it, and when you get the LOG file you will want to go to HijackThis Log Analysis Site 1 and HijackThis Log Analysis Site 2, and see what it says.  This is the best software because it will scan all of the registry and tells you like a wiki what might it be.
  • MSCONFIG — Sometimes it is hidden but if you check through the MSCONFIG for any files that might not need to load. Also check the services tab and see if there is any services that may not be needed.
  • Pctools Antivirus Free Software — This is a free software so what can I say.
  • AVG Anti-Virus Free Edition 7.5.503 — This is another free one that can remove viruses really easily. Download this and you don’t have to worry to much.
  • Avast Home Edition — AVG does better than this one but people seem to like this so I have to add this for people who like this better than the others.
  • Clamwin Free Anti-virus — This is a good one because this is open sourced and easily can help detect so many viruses. This is good for those people who like open sourced.

These are just  the ones that I like to recommend that does pretty good on removing the viruses but there are others that I recommend on my Malware Resources that people have recommend to me but I haven’t tried them out yet.    Some of the Spyware and Adware removal and here are some of my favorites:

  • SuperAntispyware — Easily remove pests such as WinFixer, SpyAxe, SpyFalcon, and thousands more! Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System.
  • Malwarebytes can provide the needed assistance to remove the infection and restore the machine back to optimum performance.
  • Ad-Aware — This is a very good tool to get rid of some of the most annoying little viruses that try to fool you that you have a virus.
  • Windows Security Trojan Scanner — a Free online scanner to let you see if you might have a Trojan.
  • SmitFraudFix — A great little program to get rid of those Desktop hijacks, those programs that take over your browser or other file system.

If your current antimalware software let an infection through, you may want to consider purchasing the PRO version of SUPERAntiSpyware or Malwarebytes License to protect your computer in the future. SUPERAntiSpyware Professional or Malwarebytes License features highly advanced Real-Time Protection to ensure protection from installation or re-installation of potential threats as you surf the Internet (Both are trusted Vendors by CCSS Forums).

These are just a few that I like to use when it comes to fighting those virus programs and the people behind the virus programs.   If you consider how hard it is sometimes to recognize a virus, you can see the problem with some of the programs they can sometimes  say a file is a virus and delete it and the next thing you know it won’t boot into Windows.  This is what needs to be considered whenever you see a warning on your system so you must be careful when you remove files.  You should always have backups that is what I always recommend because the likely hood of something terrible happening to your data.  You should come up with a way to back up your system every week like a sunday back or even a Monday while your at work backup.

Figuring out the Email-Worm Win32.Zafi.b

This is another just I just saw on the web and wanted to talk about what this little Worm does and what it’s known Aliases:

Email-Worm.Win32.Zafi.b (Kaspersky Lab) is also known as: I-Worm.Zafi.b (Kaspersky Lab), W32/Zafi.b@MM (McAfee), W32.Erkez.B@mm (Symantec), Win32.Hazafi.30720 (Doctor Web), W32/Zafi-B (Sophos), Win32/Zafi.B@mm (RAV), PE_ZAFI.B (Trend Micro), Worm/Zafi.B (H+BEDV), W32/Zafi.B@mm (FRISK), Win32:Zafi-B (ALWIL), I-Worm/Zafi.B (Grisoft), Win32.Zafi.B@mm (SOFTWIN), Worm.Zafi.B (ClamAV), W32/Zafi.B.worm (Panda), Win32/Zafi.B (Eset)

[ad#ad2-left]This worm spreads via the Internet as an attachment to infected messages, and also via local and file-sharing networks.
It is written in Assembler, and packed using FSG. It is 12800 bytes in packed form, and 33292 in unpacked form.

This Worm seems to be running through email and file sharing sites, One thing it tries to do is stop the process and deletes:
fvprotect.exe
winlogon.exe
jammer2nd.exe
services.exe

It attempts to detect antivirus program files on the computer and overwrite them with a copy of itself.

[ad#ad2-right]It also attempts to conduct DoS attacks on the following sites:

www.2f.hu
www.parlament.hu
www.virusbuster.hu
www.virushirado.hu

This seems to be a very big virus and can be removed with the use of Kapersky Virus removal tool for free for this type of virus. In order to prevent this virus in the future the user has to remember about not getting opening unknown documents or emails and not running any unkown program from an unknown file sharing.   Also remember you need to have an anti-virus  and also a firewall to protect yourself in the future.

Sites that you need not Visit:

[ad#ad2-right]I’ve had some Anti-virus problems in the past few weeks and have been trying to see if it is my system or if it was just luck of the draw.  So I did some research and found some sites that you should not go to, or download from.   These sites have been know to spread the fake anti-virus malware software.   So I wanted to warn people of some common websites that have been known to have viruses on them:



  • hxxp://movieportal2008q.com/freemovie/Movie/xxxx/x/ — this site usually tries to send you the “Trojan.HTML.Zlob.AG” Virus.
  • hxxp://porntubedot.com/xxxxxxxx/WatchFreeMovie.php –This site usually tries to send you the “Trojan.Dropper.SMN” Virus.
  • hxxp://handballfondi.it/xxxxxx1.php — This site is one of the new Malware sites that looks like Youtube,   When you go to this site they say you need a special to play a video clip.  Most of the time when you get something like this, it is going to try to install Malware. A good broad set of Codecs that you may want to download is called Klite Mega Codec, which if you us that you should never need to download any other codec to play a movie clip from any site online.
  • hxxp://0scanner.com/—censored—/ —  This site usually tries to send you the “Adware.FakeAntiVirus.L” virus.  Another site trying to install malware. [ad#ad2-left]

If you want to check your system, here are some places to go to get a free Anti-virus check:

If you have any other ways sites that we should avoid by all means comment about it. I would love to hear sites that you know are bad!!