I’ve never used Dr. Web Cureit before, but I just might have to tomorrow.
Last week, my sister’s computer apparently had a Fake Anti-Virus in it. They had some dude there running Anti-Virus and Anti-Malware Scans. Today, things were worse. Now their computer won’t even connect to the Net. And it is popping up Infection Alerts about as fast as you can address them. I’m sure some of them are from the Fake Anti-Virus.
The dude apparently somewhere along the line took out the Webroot Internet Security Suite that had been there before and installed avast. That would be fine IF I knew it had all been done correctly. I’m thinking it wasn’t. The dude claims only avast and SpySweeper are in there right now. But, I already saw the McAfee Shortcut Icon also on the Desktop. And he did tell me he tried about 7 different Apps to try and disinfect the computer. So, I have no idea whether there might even be 2 or 3 Anti-Viruses going on at the same time.
I’m first gonna have to make sure I uninstall McAfee entirely, including the use of the McAfee Removal Tool. Then I’ll have to poke around and see what other Anti-Virus Apps might still exist.
Anyway, since no access to the Net is available, I’ll take SUPERAntiSpyware Portable on CD. And depending on what SAS Portable finds and gets rid of, I’m wanting to try Dr. Web Cureit as I’ve heard it is pretty good for tough Malware situations, and this one looked really bad.
NOW … On to Dr. Web Cureit.
Is it my understanding that when you download it, it already comes with the latest Definitions Updates? No subsequent Update needed prior to use?
Okay, at the Dr. Web Cureit website it says that I’ll be prompted with which Protection Mode I want. What Protection Modes are there and what should I use?
Since supposedly Dr. Web Cureit is NOT installed … after Dr. Web Cureit does it’s Scanning thing, I take it that is absolutely it? No anything to delete or uninstall? It doesn’t make any Registry Entries?
Speaking of Dr. Web Cureit NOT being installed … does that mean it doesn’t have a Quarantine function? Does it only have Repair (Cure) and Delete or what?
Anything else I should be aware of with Dr. Web Cureit?
Hi for Dr Web if you get the latest version it will offer an enhanced protection mode, what this does is stop all other processes from running. Effectively locking your computer whilst it does its deeds
There is a cure, delete, skip option always go for cure first. It will produce a log and does not add anything to the registry as it is standalone.
It will download as an 8 digit file save it to your desktop
Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
Oh, I plan on taking Malwarebytes’ Anti-Malware on that CD also, Pondus.
Unfortunately I’ll only be able to run the MBAM Scan as is … without any Updates because as I mentioned, the computer is so bad right now that there is no Net access. That’s why I’m really hoping SAS Portable zeroes in on the culprit since it comes with the latest Updates already on it. And likewise, that’s why I also for the first time ever want to try Dr. Web Cureit because if I understand correctly, it too already comes with the latest Updates in it, ready to use.
I have no idea if the avast that the dude has in there right now is even up to date. I didn’t get around to checking. I don’t know if it’s in good condition or what. If I get the computer working properly tomorrow, I just might uninstall avast and reinstall it from scratch and make sure it’s up to date. I could just barely tell it was even avast. I think what’s infiltrated the computer has really messed up the System Tray. Everything in there seemed distorted … had very bad resolution.
Thanks for the Dr. Web Cureit Guide, Pondus!
I guess I’ll use it in Enhanced Mode then.
WwwwwwWHOA! That’s a LOT of stuff on that Hiren’s BootCD. :o
I see the SAS on there is NOT the latest version.
Ahhh, good Info, Essexboy.
I had meant to ask about this sometime ago.
Okay, I skimmed the EULA. Do I understand correctly that I’ll be prompted for a NAME and E-mail Address? Nothing more than that?
Alrighty then …
Run it in Safe Mode.
Select the Enhanced version.
And run the QUICK Scan.
That’s good to know. I would have probably gone for the FULL Scan.
As for attaching the Log here?
Hmmm? That’s NOT going to be possible as the computer’s Net access is currently Kaput!
And I’m certainly NOT going to stick in my Flash Drive.
Unless SAS Portable and / or MBAM at least restore the computer’s Net access.
But, if I eventually do somehow manage to get Net access on it and can attach the Log here, I will.
Is HiJackThis still a formidable Tool?
I thought I had read somewhere that it was no longer considered one of the Biggie Anti-Malware Tools as it hadn’t been updated in years.
If I do get Net access back on that computer, should I post a Log of it here … in another thread, of course?
Actually you won’t even be required to give an e-mail address ;D
Hijackthis is no longer a viable option as it does not look in the correct areas for the malware
The OTL/OTS tools do a much better job and have superior removal capabilities
With regards to net access do the following
Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer
And for Firefox there are instructions on this page and you want the setting to be no proxy
Oh, Okay, I’ll kick Hijack This to the curb. ;D Not that I have ever used it.
It was weird. I went last evening to my nephew’s place to download and burn into a CD everything I was going to need for my attempt at disinfecting my sister’s computer. In addition to those Apps, I also tacked onto my list other regular Apps since I’d be using their High Speed Internet. (vs. my Dial Up) There must have been a total of 10 or 12 Apps I had on my list to download. They all downloaded without incident, except for Dr. Web Cureit. Before downloading each Apps, IE8 would inform me that it had prevented the App from downloading for security purpose and prompted me with what I wanted to do. I would of course always tell it to download the File. And that worked with all Apps, except for Dr. Web Cureit. I just couldn’t get Dr. Web Cureit to download. After clicking on “Download File” at that IE8 “security purposes” prompt … nothing would happen. I tried 4 or 5 times to no avail. I finally gave up and decided I was going to have to go on my mission without Dr. Web Cureit.
When I came back to my place, I tried the Dr. Web Cureit download on MY computer. It had no problem wanting to go through with the download. It didn’t go into limbo like my nephew’s IE8. Of course, on my computer, I was using Opera. I don’t know if there is something that IE8 doesn’t like about the downloading of Dr. Web Cureit. Oh, and of course, I had to abort the Dr. Web Cureit download on MY computer because I have Dial Up.
Anyway, the crisis seems to have been averted. After I came back with my Computer Disinfecting Arsenal CD ;D … I called my sister to verify if she still wanted me to go in on Sunday and take my shot at her computer. She went and asked the dude who had been working on their computer (he lives there) if their computer was still messed up. My sister says that apparently the dude finally fixed the computer.
I have no idea whether that is a 100% firm “the computer is FIXED” or if it’s one of those situations where gradually sometime today or during the week, Malware will start regenerating in their computer. I’m gonna call my sister again later this morning to see if the computer is still working fine.
I did call my sister this morning and told her that even though their computer is now supposedly back to working fine, I’m going to go up there in just a bit and at least run MBAM and SAS Scans on it to be extra thorough.
Otherwise I’m the one who will be leery and more like petrified with FEAR of using their computer on future occasions when I have to use their High Speed Internet for big downloads. So, it’s not only in THEIR best interest that I personally go check out their computer … but, it’s also in MY best interest. ;D
Besides, I want to ask that dude what he used to supposedly get rid of the problem, which he hadn’t been able to get rid of all week. And I want to ask him what’s up with the McAfee Shortcut Icon on the Desktop … when avast is the Anti-Virus that he put in there. And I want to poke around to see if there aren’t any other Anti-Viruses still in there somewhere that might wreak havoc in a couple of days.
The one area that no malware or Antivirus will check is the windows tasks folder. Check that out and if you see any unusual ones or any that start AT (i.e. at100.job) then kill them
I’m back from my sister’s place. I asked the dude there what he used yesterday to get rid of the Malware Mess. He said he performed at total System Recovery. Ahhhh! Okay, THAT will get the computer disinfected for sure. It’s clean now. No more Viruses, Malware … no more possible McAfee in there along with any other possible double or triple Anti-Viruses in there at the same time. The System Recovery took it back to Norton only.
I did manage to download Dr. Web Cureit this time around, albeit it was still somewhat difficult to get IE8 to cooperate and perform the download.
I want to try this Dr. Web Cureit on my HP Pavilion Windows XP computer to see if there is anything in there that avast, MBAM and SAS might have missed all this time.
Question #1: Essexboy, you said in Enhanced mode, Dr. Web Cureit essentially “Locks Out” a computer while it does its scanning. If need be, can the Scan be stopped with Task Manager?
Question #2: The reason I want the ability to stop the Scanning if need be is because … with the Quick Scan, is it a reasonably short Scanning Time? I had read comments before that Dr. Web Cureit had a LONG Scanning Time. Is this true or is that only on the Full Scan? I wouldn’t want to get my computer locked up for a 3 or 4-hour Scan. For a Quick Scan, I’m hoping it is somewhere between 30 to 60 minutes.
To stop the scan in enhanced mode just click the X top right corner, task manager will not work. Alas I can not get screen shots as the system is locked ;D
The express scan is just that - took 15 minutes on my system
Okay, thanks, Essexboy! I will try running a Quick Scan a little bit later this evening.
Another question: Okay, the File Name is obviously that 8-digit alphanumeric File Name.
COULD I rename it slightly by keeping that alphanumeric File Name … but, tacking on today’s date so as to know when I downloaded it … and still have it work?
In other words, sure we’d want to ideally always use a fresh version from the current date. But, that will NOT always be possible, especially since I have Dial Up. The copy I got today was obviously with my sister’s High Speed Internet. So, for emergencies, I’d want to keep this copy in my Flash Drives and I’d know at any given time how old this copy of Dr. Web Cureit was. Sure, it would be outdated after today, but it would be better than having nothing.
I finally performed my 1st Dr. Web CureIt Scan ever and it was on my computer.
Verdict?
Wooooooo! I sure hope that LONG 1 hour and 48 minutes Express Scan was indicative of how good and thorough Dr. Web CureIt is … and NOT that it’s just plain ole slow. :o If that was how long it took for an Express Scan on my computer, I shutter to think of how long a Complete Scan would take … probably at least 4 hours. I won’t be running a Complete Scan anytime soon unless absolutely necessary.
Anyway, Dr. Web CureIt found No Viruses in my computer.
That’s great to hear. It’s like a peace of mind to see that another Anti-Virus confirmed avast’s findings of NO Viruses all this time.
