The "Art" of Malware Removal (by Blair from g2g)
This site (g2g) recently passed the five year mark. During that time, we’ve seen malware issues explode. The malware removal forum has become by far the most popular forum on our message board.
At one time, removing malware generally involved running a couple of anti-malware scanners and using HijackThis to clean up what was left over. However, these old standbys will not remove most of the current crop of infections.
Now we often use tools targeted at specific infections like Smitfraudfix, VundoFix, and FixIEDef. New removal tools like Malwarebytes’ Anti-malware (MBAM) and ComboFix (only to be used under supervision) are more effective at removing modern infections. New malware scanners like Deckard’s System Scanner (DSS) reveal things that HijackThis might miss.
Malware removal guides for common infections have also become popular. However, not all infections have removal techniques or tools that allow for these step-by-step instructions.
Malware authors have taken note of these specialized removal tools, removal guides and other advancements. They’re not sitting still. There are now infections that change almost daily. There are infections that download other malware. The malware infections they download, and the download sources change often. This requires almost daily updates to the removal tools, and makes removal guides difficult, or impossible to keep updated.
When there are no scripts to follow, no special removal tools, it becomes the “art” of malware removal. The art of malware removal is required with new, unknown infections, and these infections that are continually morphing or downloading new payloads. Those being helped can sometimes be confused, or concerned that we don’t know what we’re doing when the person helping asks for a number of scans, or doesn’t offer the same removal instructions that someone else received for a similar infection. While the infections may appear similar they are often different. Also, the same infection may require different techniques on different system configurations.
Since malware is getting so good at hiding from tools like HijackThis, we often request additional scans. We also will sometimes request additional scans to ensure additional infections aren’t missed. If you’re being helped on a forum, and they ask for scans, please complete them all, and respond with the results. While it may be time consuming, rest assured the person helping you is trying their best to help remove all malware from your system.
Finally, people that help remove malware are sometimes called “elitists”. Some seem to think we have a stash of secret removal tools and techniques, and that our geek egos are somehow too fragile to share them. In fact, our goal is to educate so that you don’t become infected. If you become infected, our first step generally includes tools that will remove common infections. We offer removal guides for infections when they’re appropriate. We often have more people asking for help then there are people to help them. It would be silly to withhold information that people could use to safely clean their own system, and we don’t do it.
However, I do agree that the malware removal staff here, and at other sites are “elite”. Malware is getting ever more difficult to remove. To become staff, and be approved to help remove malware, they’ve had to complete intensive malware removal training. This training often takes many months to complete, and involves everything from using HijackThis to authoring advanced registry scripts. The vast majority of people that start training do not complete it. It takes someone special to freely give their time and knowledge to help others. It’s a wonderful community of people, it’s challenging, and it can be very rewarding when receiving a heart-felt thank you.
If you’re unfortunate enough to get a malware infection, we hope you’ll be able to remove it with information found here or elsewhere. If not, we hope you enjoy the experience of working with a malware removal artist. Please complete all the instructions they give you, and don’t forget to say thank you!