I do a lot of remote vnc and other tech support... this saves me alot of time on slower internet connections. The goal of this pack is so you can get rid of stubborn rootkits, then use malwarebytes, spybot and antivirus software to remove the rest. Often new viruses/rootkits are blocking apps such as malwarebytes, spybot etc. This pack helps me get rid of those issues, then finish with a thorough av and malwarebytes scan, restoring their abilities to run again. from my website: http://www.5secondnews.com Download "Roes minipack": http://www.5secondnews.com/uploads/3/7/2/3/372306/roes_minipack_-_v4_lite.exe Quick tips: -hostsxpert can help prevent/stop browser hijacking and redirecting by spyware -dialafix can help fix not-responding issues, crashing, frozen IE and other errors in win2k and winxp -ccleaner can clean temp files and the registery, however check out TEMPER too -temper can clean the temp files of every user on the machine, ccleaner and ATF-cleaner cannot. -Sophos AntiRootkit can help remove hidden rootkits and trojans that malwarebytes, mcafee and other tools cannot detect. -winxp-quicktweak.reg (disables 3rd party apps in IE spyware, error reporting, dr watson - tweaks system and allows machine to be added to domain) can't scan with malwarebytes or other apps? Run hijack this first, use the analyze site and delete the virus in memory. -after this your utilities should/may work 1. Dial-a-Fix -i checked ideal defaults. It's not necessary to fix time, windows updates or windows installer unless needed -if it is taking longer than 5 minutes that usually means IE is hosed and this needs to finish being scanned with dial-a-fix -if you recieve errors, most likely the user doesn't have admin rights or they have ie8 which is not supported -does not work in vista/windows 7. -fixes crashing, frozen webpages, white IE webpages and alot of "not responding" type issues How to guide: http://www.maximumpc.com/article/broken_windows_fixed_quick_with_dial_a_fix 2. HOSTSXPERT: Hostsxpert helps prevent browser redirection and blocks many virus websites from the user's pc. It can also lock and secure the hosts file. a. launch hostsxpert b. Hostsxpert > import options > replace hosts file (select file) (may need to click “Make Writeable?”) >select the hosts file in the minipack's folder c. Afterwards “Make Readonly” to stop hijacking / redirection by viruses. The “make read only” feature is a security feature on its own since it stops browser redirection/search redirection 3. TEMPER: Multiuser Cleanup - use with caution -this amazing utility takes about 2 minutes to scan. -do not check/delete what you are not familiar with -ideal for multi-user machines, you can delete temp and temporary internet file folders! -does not work with vista -other applications such as ccleaner and atf cleaner only delete two user's accounts: current user and "all users account". many assume "all users" means all user folders on the machine, it does not. This is a special windows folder where "all users" on the machine can share desktop icons etc. -this is the only known utility that scans all temp files of the system 4. ccleaner portable: -doesn't require install -ideal settings checked. it's nice for the user not to lose their browser history so keep this unchecked. -empty prefetch incase virus is stored in prefetch -registery settings have been unchecked to reduce scan times of non-security sections of the registery HOW TO USE CCLEANER: launch ccleaner.exe a. in "cleaner" click "run cleaner" b. registery (only if needed, don't use if not needed): "Scan for Issues" then "Fix selected issues" -if you make a backup save it somewhere safe so the user doesn't reinstall the backup Guide: http://www.ccleaner.com/help/tour/2-main-window 5. Hi-Jack this: use with caution. (ASK FOR HELP) "Do a system scan and save a logfile" warning: IF YOU UNCHECK any important files you will destroy the machine -if you do not recognize it, it does not mean its a virus GOOGLE IT! a. scan with a log file b. copy/paste file into the IE shortcut > "Analyze Hijackthis Logs", paste in the white box > "analyze" only check in hijack this the red "x" sections found on the analyzation site. -THIS WILL SAVE YOU HEADACHES AND TIME. -this can kill other viruses that will then allow you to scan with malwarebytes. TIP: ie frozen or hosed on the machine? If in vnc you can copy the log file, and paste it in a browser on your machine to analyze: http://hijackthis.de/index.php?langselect=english -remeber only follow the RED-X suggestions - yellow question marks are usually landesk/mcafee/vcpi tools! TIP: can't use malwarebytes or other apps? Use hijackthis first! How to use: http://www.bleepingcomputer.com/tutorials/tutorial42.html 6. Malwarebytes use a full or quickscan and remove everything found. Make sure to update first. -malwarebytes not running? try hijackthis and then try malwarebytes again after following the "analyzation results". -still not working? try sophos anti-rootkit WITH CAUTION. How to guide: http://www.virusremovalguru.com/?p=29 7. Sophos Anti-Rootkit has replaced Panda antirootkit. -takes about 5 minutes to find most rootkits -a 10-15 minute scan can find everything but isn't always needed (if after 5 minutes you see a list of 20 viruses you could stop it and begin researching) -not everything found is a virus. for instance it will detect ccleaner and hijack this as a rootkit -make sure that you google everything. usually there is a trend. you might see 20 files with "UAC" in it in this example, UAC features from Vista do not exist in Winxp which can be a red flag to delete these group of files. WHEN IN DOUBT GOOGLE IT. IF YOU DO NOT USE CAUTION YOU MAY DELETE OUR SECURITY SOFTWARE SUCH AS LANDESK. TIP: in a hurry? After launching sophos only check "running processes and windows registry", if it does not fix your issue then come back and scan the "local hard drives" option. I find that all 3 is the best, but i only wait about 5-10 minutes before stopping the scan since at this point most items will have been detected. -if still hosed, allow the scan to finish. 8. winxp-quicktweak.reg -this is a tweak file to reduce system performance issues from error reporting and doctor watson -also helps disable 3rd party apps in IE to reduce toolbar/app infection in IE -includes the reg fix to add a machine to the domain -requires reboot to take affect -also reduces performance caused by some visual features in xp feel free to ask me for any research or questions -roe
afterwards scan with malwarebytes (malwarebytes.org) and make sure you have good av software, basically anything not mcafee or norton lol. so try avg, antivir, or avast all free at filehippo.com if anyone is new to fixing/cleaning up.. i wrote a primitive never completed guide here: http://www.5secondnews.com/all-in-one-guide.html
