I’m running a client workstation behind a server, but the AV prog. sucks it’s the NEW solve all your problems (and hose you up at the same time ) "Syman… End…"blah, blah, blah. Problem is I think I’m VERY infected, but I can’t install a new or different AV program on the client. Sooooooooooooo, can any one think of a "Comodo " program like the older version of BOClean that I can at least install and check for malware, spyware, rootkits, worms, etc.; or any other suggestions are welcomed, please ASAP.
If you are actually infected with whatever, no windows gui program is able to save you.
You have to boot from safe mode or from an “external” booting device (other OS on the same computer if it has multiboot abilities, live cd, usb, dos floppy…) in order to launch from there the global or specific programs needed to disinfect your disk (e.g. MBAM, VundoFix…).
To clean an infected PC you should scan with multiple programs. If you can install programs to the PC I’d advise first installing Hitman Pro.
Aside from that I’ve got a good list of programs here.
Hi Guys,
just a few messages addressed to 2 posters here
1st to the original poster:
Hi blue01,
That may be you opinion, which mostly true, but as it was pointed by other users here and in many other forums there is no such thing as a decent malware remover amongst any existing AV solutions. You have to use special procedures & special Tools in order to remove the infection (if it is really serious… those never comes alone … they usually bring other nasties)
So, basically you have to visit special sites where the certified malware fighters may help you
Unfortunately (very unfortunately) BOClean is dead. RIP! The rumours that it is currently integrated into Comodo’s AV …. well, I have more than doubts about it … Let’s stop here.
And even if you find the old one – there are no updates to that … forget about it
==============
Hi brucine,
Absolutely True!!!
Absolutely False & wrong!!!
That was pointed many times here in this forum & in other professional sites
Definitely, you can use “live cd, usb, dos floppy ” in order to boot completely unworkable system in order to save some data and/or recover the system from the backup
… but …
You never fight malware in Safe Mode! Period!
You may be advised by the professional to use Safe Mode “When & IF & Only after" the preliminary cleaning was done in Normal Mode
By switching to Safe Mode you will disable not only “spare” drivers & services but the tricky infection as well!
How many times that can be told here in this sophisticated security forum?
Therefore the most of clever infections will escape in 99.99% when you attempt to clean it in Safe mode
Cheers!
With some infections, you won’t be able to use the windows gui mode, neither to clean whatever because the malware soforth reproduces itself.
I maybe was ambiguous with safe mode (i never use it myself) because a lot of people don’t have, altough they definitely should when their system is safe, a way of booting another multiboot windows gui or a windows/non windows external boot.
Of course, these media shall allow not only files deleting and registry cleaning from the gui or the command line, but also shall be loaded with general and specific malware cleaning tools, as well as with remote registry editors altough, at the extreme, you don’t need any specific utility other then a remote registry editor for anything else then localizing the files to be repaired/deleted, manual action being enough.
But i am waiting for you to explain how to clean a system without quiting the windows gui when the infection has made the system unworkable to a point where, e.g., “you” open 100 windows and hang system ressources as soon as you try to click something or even if not.
When you have localized the infection, you don’t care about its drivers not loading in safe mode, it is precisely what you wish, in order to be able to delete the said drivers, and it is definitely not true to state, of course for someone having the minimal knowledge of his os, that you cannot ger rid of malware from safe mode.
But of course, only saying that “AV (or whatever) sucks” is not a sufficient skill in this regard.
Hi I recently had the pleasure of cleaning a work mates compaq mini. Security master av was the main culprit along with 7500+ malware! This beauty wouldn’t allow safe mode or any security device to be installed via normal installing or usb. With no access to reinstalling the os or boot discs (no cd drive} I did beat this malware collection. Conclusion I wouldn’t buy a pc without a cd drive for when all else fails.
You sure are right, and in old times, i wouldn’t even buy a computer without a ide floppy drive, but that’s not possible anymore (and still gets me in trouble when i format to windows 2000: the scsi driver of one of the sata disks has to be read from a floppy, my floppy drive is dead).
Speaking of usb devices, when due to malware, safe mode (lacking drivers, and the same has to be said about cd/rw drives or external drives with proprietary drivers, or for whatever other reason) fails, i don’t think that choosing the booting media from the bios at boot time can be stopped by whatever.
But you of course have to set such a choice in your bios (dangerous if some uncontrolled user is able to use your computer), and declare your usb stick as fixed device using Hitachi Microfilter or similar.
I have, outside of live cd, 2 of these devices, the first one booting “Dos 7” (Windows 98), the other booting, at my choice from a syslinux/grub menu, dos for networks, puppy linux, freedos and BartPE, as i described it here in order to remember the procedure:
http://brucine.hostoi.com/usbboot.html
Correct!,
& with most of the sophisticated infection you will fail,
but the point was - you will 99 .99999% fail in Safe Mode
that is a problem & you should not
Multi-boot & system recovery whether that is from CD or USB has noting to do with fighting initial serious infection
Plus “acid cleaning… including rootkits” 
that was announced by Meilh long time ago is a joke… as simple as that
If you have that “special Rootkit” you will not be able even to format the disk…
As I pointed before - only the specialist can tell you after the preliminary investigation & cleaning in Normal Mode when and how to use Safe mode, if necessary
That is not a matter of just drivers/devices/ services … etc. being not loaded in Safe Mode - the infection (considering the above) will hide as well - &that’s where you are doomed for sure
Cheers!
No, you are still not right.
You (or me) could of course be infected with that “new rootkit” not leaving you a chance, but admit with me that most infections we hear of are, on a statistical basic, very “basic”.
The useful tools, even if something hides, can be run from an external booting media, and if you are crashed (by some “ordinary malware”, yes…) to a point where you wont be able to use the windows gui anymore, you shall have no other choice.
You can run e.g. gmer or mbr restoring tools from such a device (Bartpe is a good choice), not needing a single second local gui tools (if able to run them…).
But, as i said before, it requires to have prepared such a device before whatever infection, and to have a minimal knowledge of your os normal files, process, and registry inscriptions.
brucine ,
Please read what was said about using externals above…
at the same time those extreme cases are not equal to trying the removal in Safe Mode as a main suggested procedure
Cheers!
If you want to emphasize about:
Definitely, you can use “live cd, usb, dos floppy ” in order to boot completely unworkable system in order to save some data and/or recover the system from the backup… but …
You never fight malware in Safe Mode! Period!
I fully agree…or almost: i am not speaking about data or system recovery, but factually of repairing the system from these media: like everyone, i hate restoring and formatting if i have whatever other choice.
But i don’t with the idea of solliciting self-proclaimed “experts” writing ad nauseam about Hijack This reports: the best security software is yourself, abiding by “Don’t ask what America can do for you…” even if a subsidiary “With a little help from my friends” can be appreciated, but definitely not decisive.