Created minipack for stubborn trojans, viruses and rootkits

Discussion in 'Off Topic Area' started by jroe52, Sep 17, 2009.

  1. jroe52

    jroe52 Valued Member

    I do a lot of remote vnc and other tech support... this saves me alot of time on slower internet connections. The goal of this pack is so you can get rid of stubborn rootkits, then use malwarebytes, spybot and antivirus software to remove the rest.

    Often new viruses/rootkits are blocking apps such as malwarebytes, spybot etc. This pack helps me get rid of those issues, then finish with a thorough av and malwarebytes scan, restoring their abilities to run again.

    from my website:

    Download "Roes minipack":
    Quick tips:

    -hostsxpert can help prevent/stop browser hijacking and redirecting by spyware
    -dialafix can help fix not-responding issues, crashing, frozen IE and other errors in win2k and winxp
    -ccleaner can clean temp files and the registery, however check out TEMPER too
    -temper can clean the temp files of every user on the machine, ccleaner and ATF-cleaner cannot.
    -Sophos AntiRootkit can help remove hidden rootkits and trojans that malwarebytes, mcafee and other tools cannot detect.
    -winxp-quicktweak.reg (disables 3rd party apps in IE spyware, error reporting, dr watson - tweaks system and allows machine to be added to domain)
    can't scan with malwarebytes or other apps? Run hijack this first, use the analyze site and delete the virus in memory.
    -after this your utilities should/may work:)

    1. Dial-a-Fix
    -i checked ideal defaults. It's not necessary to fix time, windows updates or windows installer unless needed
    -if it is taking longer than 5 minutes that usually means IE is hosed and this needs to finish being scanned with dial-a-fix
    -if you recieve errors, most likely the user doesn't have admin rights or they have ie8 which is not supported
    -does not work in vista/windows 7.
    -fixes crashing, frozen webpages, white IE webpages and alot of "not responding" type issues

    How to guide:

    Hostsxpert helps prevent browser redirection and blocks many virus websites from the user's pc. It can also lock and secure the hosts file.
    a. launch hostsxpert
    b. Hostsxpert > import options > replace hosts file (select file) (may need to click “Make Writeable?”) >select the hosts file in the minipack's folder
    c. Afterwards “Make Readonly” to stop hijacking / redirection by viruses.
    The “make read only” feature is a security feature on its own since it stops browser redirection/search redirection

    3. TEMPER: Multiuser Cleanup - use with caution
    -this amazing utility takes about 2 minutes to scan.
    -do not check/delete what you are not familiar with
    -ideal for multi-user machines, you can delete temp and temporary internet file folders!
    -does not work with vista
    -other applications such as ccleaner and atf cleaner only delete two user's accounts:
    current user and "all users account". many assume "all users" means all user folders on the machine, it does not. This is
    a special windows folder where "all users" on the machine can share desktop icons etc.
    -this is the only known utility that scans all temp files of the system

    4. ccleaner portable:
    -doesn't require install
    -ideal settings checked. it's nice for the user not to lose their browser history so keep this unchecked.
    -empty prefetch incase virus is stored in prefetch
    -registery settings have been unchecked to reduce scan times of non-security sections of the registery

    launch ccleaner.exe
    a. in "cleaner" click "run cleaner"
    b. registery (only if needed, don't use if not needed): "Scan for Issues" then "Fix selected issues"
    -if you make a backup save it somewhere safe so the user doesn't reinstall the backup


    5. Hi-Jack this: use with caution. (ASK FOR HELP)
    "Do a system scan and save a logfile"
    warning: IF YOU UNCHECK any important files you will destroy the machine
    -if you do not recognize it, it does not mean its a virus GOOGLE IT!

    a. scan with a log file
    b. copy/paste file into the IE shortcut > "Analyze Hijackthis Logs", paste in the white box > "analyze"
    only check in hijack this the red "x" sections found on the analyzation site.
    -this can kill other viruses that will then allow you to scan with malwarebytes.

    TIP: ie frozen or hosed on the machine?
    If in vnc you can copy the log file, and paste it in a browser on your machine to analyze:
    -remeber only follow the RED-X suggestions
    - yellow question marks are usually landesk/mcafee/vcpi tools!

    TIP: can't use malwarebytes or other apps? Use hijackthis first!

    How to use:

    6. Malwarebytes use a full or quickscan and remove everything found. Make sure to update first.
    -malwarebytes not running? try hijackthis and then try malwarebytes again after following the "analyzation results".
    -still not working? try sophos anti-rootkit WITH CAUTION.

    How to guide:

    7. Sophos Anti-Rootkit has replaced Panda antirootkit.
    -takes about 5 minutes to find most rootkits
    -a 10-15 minute scan can find everything but isn't always needed (if after 5 minutes you see a list of 20 viruses you
    could stop it and begin researching)
    -not everything found is a virus. for instance it will detect ccleaner and hijack this as a rootkit
    -make sure that you google everything. usually there is a trend. you might see 20 files with "UAC" in it
    in this example, UAC features from Vista do not exist in Winxp which can be a red flag to delete these group of files.

    TIP: in a hurry? After launching sophos only check "running processes and windows registry", if it does not fix your issue then come back
    and scan the "local hard drives" option. I find that all 3 is the best, but i only wait about 5-10 minutes before stopping the scan since at this point
    most items will have been detected.
    -if still hosed, allow the scan to finish.

    8. winxp-quicktweak.reg
    -this is a tweak file to reduce system performance issues from error reporting and doctor watson
    -also helps disable 3rd party apps in IE to reduce toolbar/app infection in IE
    -includes the reg fix to add a machine to the domain
    -requires reboot to take affect
    -also reduces performance caused by some visual features in xp

    feel free to ask me for any research or questions:)
    Last edited: Sep 17, 2009
  2. jroe52

    jroe52 Valued Member

    afterwards scan with malwarebytes ( and make sure you have good av software, basically anything not mcafee or norton lol. so try avg, antivir, or avast all free at

    if anyone is new to fixing/cleaning up.. i wrote a primitive never completed guide here:

Share This Page