In the past year and a half or so I’ve repaired over 350 computers. In this series I’m describing the very repair tools that I use daily. If you would like, you can see the entire series (up to this point) by following these links: part 1, part 2, part 3, part 4, part 5, part 6, part 7, part 8, part 9, part 10, part 10.1, part 10.2, and part 10.3.
Part 10.4: Continuing what I started in part 10, 10.1, 10.2, and 10.3, in the next few posts I’ll continue to show you the repair tools that I have on my USB flash drives and tell you what they are used for. At the moment I carry around six USB drives so let’s take a look at some more programs that I have on flash drive #2:
1) RKill: RKill has been great to me! How can I attack malware while the malware processes are still running? RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then import a Registry file that removes incorrect file associations and fixes policies that stop you from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.
As RKill only terminates a program’s running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using some sort of anti-malware or anti-virus program so that the infections can be properly removed.
RKill is available to download under different filenames. RKill is offered under different filenames because some malware will not allow processes to run unless they have a certain filename. Therefore when attempting to run RKill, if a malware terminates it please try a different filename .
2) SUPERAntiSpyware Portable Scanner: I still use this program on almost every infected machine. The portability makes it awesome! SUPERAntiSpyware Portable Scanner features a complete scanning and removal engine and will detect AND remove over 1,000,000 spyware/malware infections. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled.
The scanner contains the latest definitions so you DO NOT need Internet Access on the infected system to scan. The scanner is saved under a random filename so that malware infections won’t block the scanner.
3) Malwarebytes Anti-Malware Free: This is a great malware removal tool. There is no portable version so you should download the latest version (use another computer if necessary), then boot into safe mode w/networking (if possible) to update. Run a full scan in safe mode and then another in normal mode. I’ve never seen Malwarebytes conflict with any other antivirus program (free or paid). Another great thing about MBAM is that the program blocks access to known malware sites. Many legitimate sites contain a trojan in script form that targets the Windows operating system. It looks for vulnerabilities in Adobe Reader and Acrobat, Java, QuickTime, and Flash and launches fake antivirus warnings.
4) Microsoft Standalone System Sweeper: I have this on a seperate 1GB SanDisk Cruzer Micro. Microsoft Standalone System Sweeper Beta (MSSS), is a recovery tool that can help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware. MSSS uses the same definitions as Microsoft Security Essentials.
You can download MSSS from Microsoft Connect and create a bootable media using CD/DVD or your USB drive. The bootable media starts the Windows Preinstallation Environment and launches the Microsoft Standalone System Sweeper application for scanning and removal of virus and malware. MSSS runs in Windows XP SP3, Windows Vista and Windows 7.
5) Trojan Remover: This great program has pulled me out of a jam on quite a few occasions! Most modern Malware programs are memory-resident, which makes their de-activation more difficult. How many times have you been told to start your computer in “Safe” Mode, or even worse, in DOS? Trojan Remover does all this for you. When it finds Malware that is memory-resident, Trojan Remover automatically re-starts (on request) your system and completely DISABLES the Malware before Windows restarts. Trojan Remover scans ALL the files loaded at boot time for Adware, Spyware, Remote Access Trojans, Internet Worms and other malware. Trojan Remover also checks to see if Windows loads Services which are hidden by Rootkit techniques and warns you if it finds any.
Professor Randy says: A computer repair technician without great tools is like milk without cookies! Pointless! Fill your flash drive up with great tools and you’ll have the solution to the problem in the palm of your hand!