Virus removal on Windows

[sc0ttman]

I have used Puppy Linux (either Puplite or 431) to remove a number of very stubborn virus programs from Laptops and PCs running various Microsoft OSs - at work, for our customers.

There are many virus programs for Windows, as we all know. Many of them are a real pain in the a** to get rid of. One such example is the "CleanThis".. Here are some more examples:

http://www.remove-virus.net/cleanthis-virus/
http://www.remove-virus.net/xp-win-7-ho ... rity-2011/
http://www.remove-virus.net/msremovaltool/
http://www.remove-virus.net/microsoft-s ... nter-2011/
http://www.remove-virus.net/win-7-security-2011/
http://www.remove-virus.net/windows-virus-update-2011/

The above virus programs pretend to be anti-virus software, and they all disable the normal Windows desktop, menu and task manager, and kill any programs and processes the user tries to run.

Using the Windows tools ComboFix and SuperAntiSpyware is great, and usually does the trick. However many of the above virus programs do not allow anything to be run while the virus is running, so these tools cannot, for example, get rid of the 'CleanThis' virus, once infected.

However, I have found that booting up Puppy from Live CD or USB, then manually removing the offending virus is the fastest and easiest way to clean out the infected Windows system of all offending files.

Then all that is left to do, is to boot into the fixed MS OS, and run ComboFix or SuperAntiSpyware (or both), to clean out the registry etc. (I could have simply installed ClamAV in Puppy and done it that way, too..)

In just one day, I used Puppy to clean out 4 PCs/laptops of VERY stubborn virus programs. Thank god, because my manager (and a colleague) could not get around any virus program mentioned above, and so they were considering formatting the hard drives of our customers and charging extra!

Good old Puppy to the rescue.
(and no, neither my boss nor my colleague said they will use Puppy from now on!)

[sc0ttman]

Just a note to this, if someone knows how to edit the Windows registry from within Puppy Linux (or Linux in general), then please tell me, it would be great!

[Moose On The Loose]

Just a note to this, if someone knows how to edit the Windows registry from within Puppy Linux (or Linux in general), then please tell me, it would be great!

This may work:

Install wine
copy the registry into the wine
use wine's regedit
copy it back

I haven't tried it but it seems like it may work.

[jamesbond]

Just a note to this, if someone knows how to edit the Windows registry from within Puppy Linux (or Linux in general), then please tell me, it would be great!

The tool you're looking for is here: http://pogostick.net/~pnh/ntpasswd/. It's main purpose is to reset passwords (which requires registry access), so as an extra the author provides the registry-editing tool too. Command-line only. I tested this tool long ago with WinXP and it worked, I'm not sure of its compatibility with newer version of Windows.

[nooby]

Another important thing to remember and this is from a total noob so take it with a big hand of salt

Some virus are very clever they replace the DLLs of the original OS so you not only have to get rid of the virus as such you need to find the original DLLs and put them back in place.

I only retell what was told to me I have not tested it myself.

[rcrsn51]

Just a note to this, if someone knows how to edit the Windows registry from within Puppy Linux (or Linux in general), then please tell me, it would be great!

Read here.

[sc0ttman]

Lovely, cheers guys, just what I was looking for... Wanna test soon.. Also thanks to DPUP522, cos he PM'ed some good stuff too.

..now I might be able to convince my boss to have a Puppy disc lying around the shop, to sort out the virii, when I am not there!

[Sylvander]

Try using "Registry Editor PE" included in the latest version 4.5 of "FalconFour's UBCD".

I got it using a link given here in the Puppy Forums, but didn't keep a record of the URL for the post.

[DPUP5520]

@ sc0ttman

Here are the two I mentioned earlier that I compiled a while ago, sorry it took me so long just got back to the house.

@ jamesbond

It works with All Windows from 2000 up to Windows 7

[cthisbear]

Can't beat Hirens or the Falcon to fix Windows.

The Falcon can go back in >> System Restore

and also remove Windows updates >> Hotfixes.

This is because he runs the latest ERD.

His last recovery disc runs most of Hirens 13.0

Hiren's has a great password manager as well.
ERD has an unlocker.

ERD also has an inbuilt Microsoft Scanner.
Hirens has some as well.

Don't get me wrong...Puppy gets some files that Windows locks and
even the above can't unlock.

/////////

You forgot Malwarebytes Antimalware >> free version

http://www.malwarebytes.org/mbam-download.php

http://www.malwarebytes.org/mbam.php

and Hitman Pro..one time Internet scan and fix 4 free
Do not install...run as a 1 time fix.
It has a special feature...Hitman Pro in Force Breach Mode

" The development team introduced a “Force Breach

[purple_ghost]

Trinity Rescue Disk.

http://trinityhome.org/Home/index.php?c ... &locale=en

Not necessarily better, just something else.

[drongo]

PCRegedit or PC Reg Edit (both spellings are on website) boots into a Gnome based registry editor.