Spyware and malware pages revisited
Nothing forces me to bone up on advances in detection and removal than being sucked into an incident involving viruses and malware. My daughter allowed the gratis antivirus subscription for her new laptop to lapse. To her credit, she did keep current with her antispyware, but to no avail. Now she knows that she needs both malware and virus protection.
There are always two recourses when confronted with malware- and virus-infected machines. The first is to detect and remediate, and the second is to wipe and reinstall the operating system and applications from original media or ghosted image (colleague Joe St. Sauver refers to this as the "nuke-and-pave" option). My experience is that the former can take 5-8 hours with no guarantee of success, whereas the nuclear option typically takes me 2 hours. Mileage when restoring images clearly varies depending on number and type of applications installed, the time you invested when you ghosted an image, the potential for loss of data, updates and changes to your application mix, so consider carefully when choosing your poison.
Nuke-and-pave can be a tough pill to swallow but in this case the lappie was relatively new. Still, my daughter handed me her lappie in tears the evening before she was leaving for a three week program at University of Virginia's Young Writers Workshop (where her lappie would be essential), worried that she'd lose her music, workshop writing assignments, and more. Nuke-and-pave is not a hero's recourse and I was clearly being asked to play hero:-)
I pulled out my install CD of detection and remediation software and quickly concluded that many programs were out of date. I contacted some colleagues, who identified several programs I had not tried, including Malware Bytes antimalware (MBAM) and Secunia's Personal Software Inspector. Using these along with ccleaner and 3 antivirus software, I was partly successful: while I was able to clean up her machine to the point where I was confident I could safely copy her data files to a USB drive, I still had problems with some sticky startup files. Given another few hours, I would have doggedly pursued the startup problem, but I was running out of time so I nuked her lappie, restored to factory image, installed new antivirus and antimalware software, and scanned the USB drive again before restoring her files. It's running fine again, and she's had a great experience at U VA.
An unintended consequence of this incident is that I decided it was past time for me to update my spyware and antispyware software pages. I spent some time reading more recent articles and testing additional antimalware freeware. I've marked all the recent additions with a thumbnail image "new". Enjoy and happy reading! Also, kudos and thanks to Joe St. Sauver and Josh Bierman for helpful pointers to many of the useful software now listed on my pages.
Archived at http://www.securityskeptic.com/arc20090701.htm#BlogID736
by Dave Piscitello
