To Tmagic and ALL who want to help with malware cleaning
Tmagic, you will see me following with Combofix frequently. That's because 1. it's a good program and 2. it's the appropriate program and 3.I'm familiar with the program. Some of the more-learned helpers might think a newer program is better.
Right now, the biggest malware problem being seen here is the 'Google Redirect.' But what are they seeing when they get directed? Viagra ads or junk adware.
But it's important that any helper reviews the logs before recommending further programs.
For instance: for malware in AppInit, I might have the user run LSPFix first. But I wouldn't do that until I had verified the 020 entries were indeed malware. Great care has to be taken as to not destroy the users internet connection.
For other instances, by checking entries for dlls and exes, I can sometimes get a profile of an infection. If so, I might recommend a specific program such as Vundofix (for Vundo, Virtumonde and others) LSQix (if I see indications of the Elite Bar)and so on. But I can't do that until I see the current entries, including those in the logs.
I recently had someone go ahead and run Combofix on his own, after Mbam, SAS and HJT. Unfortunately, it was a double edge sword because there were many deletions by Combofix, but I wasn't able to backtrack enough and find what those entries belonged to. I am also more familiar with Combofix than some of the newer programs. I'm working on that.
The order of program as well as the specific programs are very important. If it was 'one size fits all'. we'd set them all up for the users to run. Then we'd be out of our volunteer job and have more time to play!
What I'm saying here is that there is NO pattern! In fact, a very new member replied on 3 threads before I had the chance to refer them to our steps, to run a specific program, 'it worked for her and her friends', etc. It was the wrong information and the moderator removed the posts.
IF you really want to help, try one of the online malware 'schools', get some of the basics down that you need. You can see that there are way more malware infected systems than there are helpers and there is a need for helpers. But it's not the same as what you would do in IT or in a shop. Online help depends entirely on what the user tells us and sometimes we have to ask specific questions based on something we see in a log.
And I also have a lot to learn- it never stops!