Why I Got Infected (WIGI)
this is a useful app made to not only detect vulnerable updates it also will help the user to see where and how they are getting infected by malware

[ Register or Signin to view external links. ]

Description : WIGI is a program written in C#.NET 3.5 SP1 and able to :

List IE History
List Firefox History
Send this history (on demande only) to Malekal.com server for analysis of the malicious links
List sensible (known for being actively bruteforced for exploit finding) programs installed version, including :
IE Version
Mozilla Firefox
Java
Adobe reader
Adobe flash
By double clicking on a line, you can go to the official program link for updating
Clear display (green : OK , red : outdated)

i know the updates are labled as french (FR) but it will auto detect what version and region and will only apply the nessessary update packages.
*none of this is mine, just part of a set of tools i have found useful in the past that have helped when other Kits failed.

Rogue Killer

here is another helpful tool for those that are infected and need help finding and killing the hijacked/infected process's or services as well as rootkits and more.

[ Register or Signin to view external links. ]
Description : RogueKiller is a program written in C++ and able to :

Kill malicious processes
Stop malicious services
Unload malicious DLLs from processes
Kill malicious hidden processes
Find and remove malicious autostart entries, including :
Registry keys (RUN/RUNONCE, ...)
Tasks (Scheduler 1.0/2.0)
Startup folders
Hijack entries, including :
Shell / Load entries
Extension association hijacks
DLL hijacks
Many, many others ...
Read / Fix DNS Hijacks (DNS Fix button)
Read / Fix Proxy Hijacks (Proxy Fix button)
Read / Fix Hosts Hijacks (Hosts Fix button)
Restore shortcuts / files hidden by rogues of type "Fake HDD"
Read / Fix malicious Master Boot Record (MBR) -- Even hidden by rootkit
List / Fix SSDT - Shadow SSDT - IRP Hooks (Even with inline hooks)
Find and restore system files patched / faked by a rootkit

advanced TaskKiller

[ Register or Signin to view external links. ]

this app is a massive improvement of the standard windows task manager and really helpful for tracking down hard to locate malware.

Description : TaskSTRun is a program written in C#.NET 3.5 SP1 and able to list:

Running processes
Loaded drivers
Loaded modules in processes
IAT Table of processes
Autostart entries, including :
Registry keys (RUN/RUNONCE, ...)
Tasks (Scheduler 1.0/2.0)
Startup folders
Hijack entries, including :
Proxy configuration
Shell / Load entries
DNS Configuration
Extension association hijacks
Web sockets (TCP/UDP) by process name / PID


Source--- [ Register or Signin to view external links. ]

another good idea when dealing with a computer that is overridden with malware to the point of being unbootable is to run your AV prior to the OS being loaded a great free way to do this which also incorporates several of the more popular AV into one tool kit is trinity recovery kit you will need to download the image and either install it to a usb or burn it to a disc another neat feature is that TRK can be deployed to any computer on the network remotely if needed.

Some info off the TRK site

Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues. Since version 3.4 it has an easy to use scrollable text menu that allows anyone who masters a keyboard and some English to perform maintenance and repair on a computer, ranging from password resetting over disk cleanup to virus scanning

It is possible to boot TRK in three different ways:
-as a bootable CD which you can burn yourself from a downloadable isofile or a self burning Windows executable
-from a USB stick/disk (optionally also a fixed disk), installable from Windows or from the bootable TRK cd (which is easier and safer)
-from network over PXE: you start 1 TRK from CD or USB and you run all other computers from that one over the network without modifying anything to you local network.
Ever since version 3.4, TRK has received an easy to use textmenu but has equally kept the commandline.

Here 's a sumup of some of the most important features, new and old:

-easily reset windows passwords with the improved winpass tool
-simple and easy menu interface
-5 different virusscan products integrated in a single uniform commandline with online update capability
-full ntfs write support thanks to ntfs-3g
-winclean, a utility that cleans up all sorts of unnecessary temporary files on your computer.
-clone computers over the network via multicast.
-wide range of hardware support (kernel 2.6.35 )
-contributed backup utility called "pi", to automate local machine backups
-easy script to find and mount all local filesystems
-self update capability to include and update all virusscanners + local changes you made to TRK.
-full proxyserver support.
-run a samba fileserver (windows like filesharing)
-run a ssh server
-recovery and undeletion of files with utilities and procedures
-recovery of lost partitions
-evacuation of dying disks
-full read/write and rpm support
-UTF-8 international character support (select keyboard language from the scrollable textmenu at startup)
-2 rootkit detection uitilities
-most software updated to recent versions
-literally thousands of changes and bugfixes since version 3.3
-elaborated documentation, including manpages for all commands (also TRK 's own)

useful links to get started
[ Register or Signin to view external links. ]
self burning iso [ Register or Signin to view external links. ]
usb boot able installer/gui tool [ Register or Signin to view external links. ]


if any ones has any questions or needs help with removal or securing their pc or network feel free to ask .