Category: Antivirus/Antimalware Tools and Issues

ESET antivirus command-line scanner
article #1087, updated 2 days ago

If your machine has ESET antivirus, it has a very powerful command-line antivirus scanner and cleaner. Here’s a command line I’m using:

"C:\Program Files\ESET\ESET Endpoint Antivirus\ECLS.EXE" /memory /boots /unwanted /clean-mode=delete /quarantine C:\

Categories:   Antivirus/Antimalware Tools and Issues   

==============

Antimalware for Remote
article #168, updated 225 days ago

One good standby lately is the Microsoft Malicious Software Remover:

https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx

For major infections, another is Comodo Cleaning Essentials, courtesy of the amazing Jared Dexter:

https://www.comodo.com/business-security/network-protection/cleaning_essentials.php

After that, Malwarebytes:

http://malwarebytes.org

For garbageware, irritationware, and similar things, I like the following, only rarely needing the whole series:

  1. JRT

http://thisisudax.org/?p=1

  1. RogueKiller

http://tigzy.geekstogo.com/roguekiller.php

  1. AdwCleaner

http://www.bleepingcomputer.com/download/adwcleaner/

Categories:   Antivirus/Antimalware Tools and Issues   Cleanup

==============

Interesting secondary antivirus
article #880, updated 681 days ago

This one appears to work rather well:

http://smadav.en.lo4d.com/

Categories:   Antivirus/Antimalware Tools and Issues   

==============

New malware remover
article #849, updated 761 days ago

Here’s a new one, being recommended by shouldiremoveit.com, appears to work well:

https://www.reasoncoresecurity.com/product.aspx

Categories:   Antivirus/Antimalware Tools and Issues   

==============

Ports used by ESET
article #803, updated 885 days ago

Here is a list:

http://kb.eset.com/esetkb/index?page=content&id=SOLN2221&locale=en_US

Categories:   Antivirus/Antimalware Tools and Issues   

==============

New Antivirus Live CD
article #798, updated 899 days ago

Works well:

http://sourceforge.net/projects/antiviruslivecd/

Categories:   Antivirus/Antimalware Tools and Issues   

==============

Removing Trend Micro Antivirus
article #509, updated 976 days ago

If the Windows uninstaller does not work or fails, things can get difficult. The Trend Micro Diagnostic Toolkit for the product at hand may be necessary. For the Titanium product, it is available here for 32-bit and 64-bit:

http://esupport.trendmicro.com/solution/en-us/1059841.aspx

And a general 32-bit download, at least for some versions, appears here:

http://solutionfile.trendmicro.com/solutionfile/EN-1037161/32bit.exe

And another, a general agent remover, very general:

http://esupport.trendmicro.com/solution/en-US/1057237.aspx

Categories:   Antivirus/Antimalware Tools and Issues   

==============

List of Antivirus Removal Tools
article #721, updated 1137 days ago

Here is a great list of links:

http://kb.eset.com/esetkb/index?page=content&id=SOLN146&product=0&vendor=0

Discovered by the amazing Mike Hunsinger.

Categories:   Antivirus/Antimalware Tools and Issues   Cleanup

==============

Base Filtering Engine missing, in Vista and Windows 7
article #719, updated 1137 days ago

This service is essential for lots of things, including security in general and antivirus. If it’s missing on Vista or Windows 7, it was probably removed by an infection. A good first step is probably here:

http://kb.eset-la.com/esetkb/index?page=content&id=SOLN2861

Look for the “ESETSirefefCleaner tool”. If that doesn’t do it, try the steps here:

http://www.hageltech.com/blog/2012/02/07/base-filtering-engine-problems.html

Categories:   Cleanup   Antivirus/Antimalware Tools and Issues

==============

VIPRE Agent Removal Script, also helpful for failed agent installs
article #448, updated 1153 days ago

The script below was written using the VIPRE manual recommends. It can be downloaded here as RemoveVIPRE.cmd. It leaves a problematical remnant for which you will need msicuu2. Very corrupt agents may need further intervention, e.g., manual removal of files and folders, clearing of system and profile temp files, and possibly registry deletions as well.

@echo off

echo --------------------------------------------
echo ------- VIPRE Removal Script by J.E.B. -----
echo --------------- version 3.1 ----------------
echo --------------------------------------------
echo ---------------- 2013-08-09 ----------------
echo --------------------------------------------

net stop sbamsvc
net stop sbapifs
net stop sbemi
net stop sbhips
net stop SBPIMSvc
net stop sbre
net stop sbtis
net stop sbfwimcl
net stop sbfwimclmp
net stop gfi_lanss10_attservice

taskkill /F /IM SBPIMSvc.exe
taskkill /F /IM SBAMSvc.exe
taskkill /F /IM SBAMTray.exe
taskkill /f /im SBRC.EXE

sc delete sbamsvc
sc delete sbapifs
sc delete sbemi
sc delete sbhips
sc delete SBPIMSvc
sc delete sbre
sc delete sbtis
sc delete sbfwimcl
sc delete sbfwimclmp
sc delete gfi_lanss10_attservice

REM *** First change permissions on general registry keys ***

echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBAMSvc [10] > RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBAPIFS [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBEMI [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBHIPS [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBPIMSVC [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\SBRE [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\Services\Sbtis [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\services\SBFWIMCL [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\services\SBFWIMCLMP [10] >> RemoveVIPRE.regfix
echo \registry\machine\SYSTEM\CurrentControlSet\services\gfi_lanss10_attservice [10] >> RemoveVIPRE.regfix

echo \registry\machine\software\classes\Installer\Products\2B680A936D70B034EAE58BCAC18C347A [10] >> RemoveVIPRE.regfix
echo \registry\machine\software\classes\Installer\Products\116445D9734F351419E319EC305638CC [10] >> RemoveVIPRE.regfix
echo \registry\machine\software\classes\Installer\Products\1363B974717ACE24EB715AECFB5698B1 [10] >> RemoveVIPRE.regfix
echo \registry\machine\software\classes\Installer\Products\BF8FC7BD8368E4846A1C735FCA12CD2B [10] >> RemoveVIPRE.regfix

echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03BCC3AEA8C639B48B86726A768A9284 [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\083B3A6D7B7F6FB4DB9A45972E2DF34D [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A760992A13C24C448E6C6B4627DA5B0 [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B2AF55E92E0E81478FE9C1B31E21805 [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D148412C177E7C4598C46875973B574 [10] >> RemoveVIPRE.regfix

REGINI -b RemoveVIPRE.regfix

REM *** Then remove general registry keys ***

REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBAMSvc /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBAPIFS /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBEMI /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBHIPS /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBPIMSVC /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBRE /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sbtis /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SBFWIMCL /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SBFWIMCLMP /f
REG DELETE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gfi_lanss10_attservice /f

REG DELETE HKEY_CLASSES_ROOT\Installer\Products\2B680A936D70B034EAE58BCAC18C347A /F
REG DELETE HKEY_CLASSES_ROOT\Installer\Products\116445D9734F351419E319EC305638CC /f
REG DELETE HKEY_CLASSES_ROOT\Installer\Products\1363B974717ACE24EB715AECFB5698B1 /f
REG DELETE HKEY_CLASSES_ROOT\Installer\Products\BF8FC7BD8368E4846A1C735FCA12CD2B /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03BCC3AEA8C639B48B86726A768A9284" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\083B3A6D7B7F6FB4DB9A45972E2DF34D" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A760992A13C24C448E6C6B4627DA5B0" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B2AF55E92E0E81478FE9C1B31E21805" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D148412C177E7C4598C46875973B574" /f

REM *** Change permissions on x86-specific registry keys ***

echo \registry\machine\software\classes\Installer\Products\116445D9734F351419E319EC305638CC [10] >> RemoveVIPRE.regfix

echo \registry\machine\SOFTWARE\SBAMSvc [10] > RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\GFI Software\GFI Business Agent [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Sunbelt Software\Sunbelt Enterprise Agent - 4.0 Agent [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\GFI Software\GFI Business Agent - 5.0 Agent [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Sunbelt Software\Sunbelt Enterprise Agent [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\GFI\LNSS10 [10] >> RemoveVIPRE.regfix

echo "\registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D544611-F437-4153-913E-91CE036583CC}" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\116445D9734F35141" [10] >> RemoveVIPRE.regfix

REGINI -b RemoveVIPRE.regfix

REM *** Remove x86-specific registry keys ***

REG DELETE "HKEY_CLASSES_ROOT\Installer\Products\116445D9734F351419E319EC305638CC" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\SBAMSvc" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Sunbelt Software\Sunbelt Enterprise Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\GFI Software\GFI Business Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Sunbelt Software\Sunbelt Enterprise Agent - 4.0 Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\GFI Software\GFI Business Agent - 5.0 Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\GFI\LNSS10" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D544611-F437-4153-913E-91CE036583CC}" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\116445D9734F35141" /f

REM *** Change permissions on x64-specific registry keys ***

echo \registry\machine\SOFTWARE\Wow6432Node\SBAMSvc [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\Sunbelt Software\Sunbelt Enterprise Agent" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\GFI Software\GFI Business Agent" [10] >> RemoveVIPRE.regfix
echo \registry\machine\SOFTWARE\Wow6432Node\GFI\LNSS10 [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\Sunbelt Software\Sunbelt Enterprise Agent - 4.0 Agent" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\GFI Software\GFI Business Agent - 5.0 Agent" [10] >> RemoveVIPRE.regfix

echo "\registry\machine\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D544611-F437-4153-913E-91CE036583CC}" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" [10] >> RemoveVIPRE.regfix
echo "\registry\machine\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\116445D9734F35141" [10] >> RemoveVIPRE.regfix

echo \registry\machine\software\classes\Installer\Products\116445D9734F351419E319EC305638CC [10] >> RemoveVIPRE.regfix

REGINI -b RemoveVIPRE.regfix

REM *** Remove x64-specific registry keys ***

REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SBAMSvc /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sunbelt Software\Sunbelt Enterprise Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI Software\GFI Business Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\LNSS10" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sunbelt Software\Sunbelt Enterprise Agent - 4.0 Agent" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI Software\GFI Business Agent - 5.0 Agent" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D544611-F437-4153-913E-91CE036583CC}" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" /f
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\116445D9734F35141" /f

REG DELETE "HKEY_CLASSES_ROOT\Installer\Products\116445D9734F351419E319EC305638CC" /f

REM *** Clean up misc items from VIPRE support sessions etc. ***

DEL "%USERPROFILE%\appdata\local\temp\removevipre\sbrc.exe"
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SBRegRebootCleaner" /f

REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SBAMTray" /f

REM *** Finish up. ***

del RemoveVIPRE.regfix

RegSvr32 /u /s SBAMScanShellExt.DLL

RMDIR /S /Q "%SYSTEMDRIVE%\Program Files\GFI Software\GFIAgent"
RMDIR /S /Q "%SYSTEMDRIVE%\Program Files\GFI Software\LanGuard 10 Agent"
RMDIR /S /Q "%SYSTEMDRIVE%\Program Files\Sunbelt Software\SBEAgent"

RMDIR /S /Q "%SYSTEMDRIVE%\Program Files (x86)\Sunbelt Software\SBEAgent"
RMDIR /S /Q "%SYSTEMDRIVE%\Program Files (x86)\GFI Software\GFIAgent"
RMDIR /S /Q "%SYSTEMDRIVE%\Program Files (x86)\GFI Software\LanGuard 10 Agent"

RMDIR /S /Q "%AppData%\Sunbelt\Antimalware"
RMDIR /S /Q "%AppData%\Sunbelt Software\Antimalware"
RMDIR /S /Q "%AppData%\GFI Software\Antimalware"
RMDIR /S /Q "%AppData%\GFI Software\LanGuard 10"

echo ---------------------------
echo ---------------------------
echo RemoveVIPRE completed.
echo ---------------------------
echo ---------------------------

Categories:   VIPRE Antivirus   Antivirus/Antimalware Tools and Issues