tk Computer Service

AntiMalware Tips & Tricks

Increase the efficiency of any AntiMalware Program

In this Video I'm going to demonstrate how to increase the efficiency of any installed AntiVirus or AntiMalware Program\Solution. If a Computer Virus is already present on the System, a total Operating System Re-install is the only way to ensure the Computer is clean. Even then, if the Malware has invaded any Firmware or the BIOS, the Computer may still not be free of the malicious Code. The reason for doing the things I show in this Video is to try and ensure any Files backed-up from the infected PC are as clean as possible. These steps will, also, increase the chances of "breaking" the Malware to allow better detection and\or removal by an Antimalware Solution. There-by minimizing the chance of re-infection when any backed-up Files are returned to the fresh Installation of the Operating System. Do not return any backed-up Files to the new Installation until the Operating System is fully updated and an AntiMalware Solution is installed and fully updated.

The very first thing to do, is to make sure any AntiMalware or AntiVirus Solution installed is up-to-date. The vast majority of malicious Code will try to keep any AntiMalware\AntiVirus Solutions from properly updating. That will usually keep those Solutions from disabling, removing or even detecting the malicious Code. First, try to update any Antimalware Programs normally. If that doesn't work, try booting into Safe Mode with Networking and then updating the AntiMalware Solution. If the AntiMalware\AntiVirus still refuses to update, try downloading the Definitions and\or Updates for the Program from the Vendor's Web Site. Most AntiMalware\AntiVirus Vendors will allow this and have a place on their Web Site where the Definitions and Updates can be acquired.

Once all of the AntiMalware Programs installed are up-to-date, I'd dis-connect the infected Computer from all Networks and other Computers. Make sure it's completely and physically separated from any other Devices. At this point, it wouldn't hurt to run any AntiMalware Solutions installed, while still in Safe Mode.

Re-boot the Computer normally. If the Infection keeps the Computer from booting normally, try to do everything in Safe Mode. That's not ideal, but depending on the situation, may be necessary.

Most Malware will try to run when the Operating System is starting-up or loading. To minimize the chances of that occurring make sure there are no un-known Entries in the Startup Folder under All Programs in the Start Menu. Also, make sure four Registry Keys are free of any un-known Entries. *Warning - Making a Mistake while editing the Registry can render the Operating System Un-bootable* To edit the Registry, hold the Windows Key and (press) the "R" Key one time, that will bring-up the Run Menu. Then type the Command "regedit" in the Open: Box and (press) the Enter Key. That will open the Registry Editor. The path to the previously mentioned Keys are: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce, and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce.

The Recycle Bin is, also, an Area that Viruses like to hide. To mitigate the chances of that, (right-click) the Recycle Bin Icon on the Desktop and (select) Properties. Once the Properties Menu is opened, (select) "Custom Size" and set it to 0 MB, then (click) Apply. The File Size for the Recycle Bin will revert to 1 MB, as it cannot be completely destroyed. That's fine, atleast the available space for any malicious Code has been minimized. Now, with the same Hard Drive selected, go back and (select) "Do not move Files to Recycle Bin", then (click) Apply. Do that for every Hard Drive and\or Partition. Understand that any Files that were currently in the Recycle Bin or Bins will be permanently deleted after invoking these steps.

The Pagefile or the Virtual Memory is another component of concern, for the same reason as the Recycle Bin. I perform a similar mitigation technique for it. In order to accomplish that: (right-click) the My Computer Icon and (select) Properties, then (select) the Advanced System Settings Link, that'll open the System Properties Menu. With the Advanced Tab selected (click) the Settings Button under Performance. That will bring-up the Performance Options Menu, (select) the Advanced Tab here, also. Then (select\click) the Change Button under Virtual Memory. That will bring-up the Virtual Memory Menu. Make sure "Automatically manage Paging File…" is un-checked (disabled), then for each Hard Drive\Partition (select) "No Paging File", then (select\click) the Set Button (for each Drive!), then the OK Button. That will disable Virtual Memory, dis-allowing it as a Place for Viruses to reside. An Action Prompt will more than likely appear requesting a Re-start to solidify the Changes. That can be ignored until all of the Mitigations have been completed.

Next, I flush the DNS Resolver Cache and disable the DNS Client Service. To do that, it will be necessary to open a Command Prompt Window with Administrator Privileges. At the Command Prompt type "ipconfig /flushdns" and (press) the Enter Key. If successful, a message stating the DNS Resolver Cache has been flushed should appear. Close the Command Prompt Window. Now, goto the Control Panel and (click) the Administrative Tools Icon or Link, then (select\click) the Services Shortcut. Find the DNS Client Service (right-click) it and (select) Properties. Once the DNS Client Properties Menu is available, change the Start-up Type from "Automatic" to "Disabled", then (select\click) "Apply" then "OK" to close the Properties Box out. If the Start-up Type Option is unavailable to change, just dis-reguard this Step. Flushing the DNS Cache should be enough as long as the Computer is dis-connected from all Networks.

Viruses like to reside in the Hibernation File. This is the File the Windows Operating System uses to store Information, such as currently open Programs when invoking the extreme low Power State of Hibernation. The first thing to do is to disable Hibernation in the Computer's Power Options and\or current Power Plan. To do that, goto the Control Panel, then Power Options, then under the currently selected Power Plan (select) the "Change Plan Settings" or the "Change Advanced Power Settings" Link and go through the Options and make sure Hibernation and\or Hybrid Sleep is not enabled. Once that is completed, open a Command Prompt Window with Administrator Privileges and type-in the Command "powercfg -h off ", that will totally disable Hibernation for the entire Computer and should destroy the hiberfil.sys File.

The System Restore Feature and Shadow Copies are known to be vulnerable to hosting Malware. It's a very good Idea to disable this Service. In order to disable the System Restore Service, (right-click) the My Computer Icon and (select) Properties. Then (select) the Advanced System Settings Link, under the System Properties Menu make sure the System Protection Tab is selected and turn-off System Restore for all Hard Drives\Partitions. (Select) each Drive or Partition, then (select\click) the Configure Button, then make sure the Restore Setting is set to "Turn Off System Protection". Also, make sure the Max Usage Slider is set to the smallest possible size. To delete all Restore Points, (select\click) the Delete Button.

After doing all these Things, I re-start the Computer to make sure the Settings take affect. Once the Operating System has started, I run the Disk Clean-up Utility to assure all unused Files and Restore Points are deleted. It can be found under either the System Tools Folder of the Start Menu or the Administrative Tools Folder depending on the Version of Windows. When this Tool has opened, (select\click) the Drive\Partition to be cleaned and then the OK Button. After the initial Scan is finished (select) the Clean System Files Button, after that Scan completes, (select) all Options except the Compress Unused Files and Folders Option. Also, move to the More Options Tab and (select) the Clean Up Button under System Restore and Shadow Copies. Then (click) OK and (select) Yes when asked if you are sure you want to delete these Files. I do this for all the Drives\Partitions in the Computer.

Now any AntiMalware or Antivirus Solution can be run either normally or in Safe Mode with a much greater chance of clearing the Infection or atleast detecting it. I would not suggest backing-up any Files from the infected Machine to a USB Drive, un-less no other choice was available. Instead, I'd back them up to a Cloud Service if the amount Files or their Size doesn't render that Option mute.

Requirements :
Administrator Privileges, an Internet Connection, a complete Operating System Back-up and a note of the changes made. The means to Back-up any cleaned Files and\or Data to an External Drive or cloud-based Repository Service

page seperator

^