Lately I have come across stuff that owns Windows sytems via Firefox in some fashion. AVG was alone has been able to clean these systems up. I have found some tools that are effective.
Dr Web CureIt is the best AV package I’ve found thus far. It was able to heal W32 Virut. Neither AVG nor Avast could. When core Windows system32 files are inflected, along with ServicePackFiles directory and the whole of System Restore, you need to be able to heal files.
That said, CureIt is not a standalone AV package. You have to download it everytime you need updated definitions. AVG8 is great and full featured for that. (But then, I never run AV in active mode.)
I still find Spybot Search & Destroy awesome for post infection cleanup.
Additionally, a variety of powerful tools can deal with rootkits and trojans:
- Malwarebytes’ Anti-Malware is one of the best tools I’ve used. It works extremely well.
- ComboFix is another highly effective tool for handling trojans and rootkits, although it is more bare without a nice end-user GUI. It comes with directions you must follow above.
- AVZ is a seriously hardcore tool. The Web site is entirely in Russian. The interface is in English, though. There are some instructions at geekstogo, too.
To find out what’s going on, you can run HiJackThis on your system. There are some excellent instructions for that, too.
AVG had a rootkit detection tool available, but it’s rolled into AVG 8 now. SysInternals has a detection tool. TrendMicro has a rootkit tool Rootkit Buster as well. Mcafee has a Rootkit Detective tool.
On one system, critical services like the DCOM Server Process Launcher were crashing. Amazingly, Microsoft’s Malicious Software Removal Tool fixed that problem. Highly recommended.
You can use VirusTotal to scan a file that you believe is infected with a ton of different AV products at once.