When I say I tried pretty much every tool, I mean it. For everyone curious about how some other tool would perform, I tried: ESET Online Scanner, F Secure, Comodo Cleaning Essentials, Emsisoft Emergency Kit, Bitdefender, Tron script etc and in the end even Protegent 😅 before coming up with this list. I went through all of these in a 1 hr stream on Discord but didn’t include here cause that would make for a boring video.
5:10 Steps to clean a deeply infected system: 1. Norton Power Eraser (repair certain system files and functions) 2. Kaspersky (advanced disinfection recommended) 3. Hitman Pro (only quarantine and delete) 4. Malwarebytes
Thank you so much, My pc got infected with a pretty deep virus that dug it's way into windows registry folders and I was searching on how to fix it because the virus was not letting me on any antivirus websites and I followed your instructions on this video and I finally recovered my 5 years of research I almost lost, so thank you I really appreciate it.
dude , keep a copy of all your data off line . That is the first rule of fight club lol . I never keep anything ON my computer except things like Gimp and OBS , but I can just reinstall those after a clean install of my OS .
If your system is "deeply infected" the most effective tool BY FAR is your existing backups because you need to reload/reimage/reinstall. AND, when you tally up all the hours you'll spend tracing down remnants or just worrying - it's often faster to boot. Sometimes a LOT faster!
@@a.x.w Exactly - "air gapped" (as much as I dislike that term). At work people sometimes rib me for still using tape, but it's cheap, fast, and I can look at all those cartridges on the shelf and say to myself "encrypt that" during any potential ransomware attack.
I would say yes, but also no. All in all, it still depends on the status quo. If the most recent clean backup was a day ago before the infection, by all means recovering from a backup (should) be fine. But if the most recent clean backup was 6 days ago (weekly backups), or 29 days ago (monthly backups), we're talking days and weeks of potential data / progress being wiped out completely. Of course this is briefly speaking and it obviously gets more intricate, but this video is nice for techs like us to keep up with their tool-belt and be prepared / made aware of more options to consider if such an incident were to occur.
Leo, I was just doing a survey for a well known AV site and your channel name came up. They wanted to know if I’d like to see you or your channel (whatever they meant) in their published reports. I said HELL YES!! You’ve come a long way over the years, you have a bright future ahead.
Honestly, when I saw the malware take over the AV downloads, my first instinct was to not do the malware removal in Windows at all. Kaspersky Rescue Disk is a Linux boot disk that lets you run KAV on an offline system. I would be curious to see how it fares in this scenario. I've used it and Bitdefender Rescue CD (RIP) in the past with some good success.
@@pcsecuritychannel May be Quicker, but useless. @TheRossMadness is right, trying to clean a corrupted system from this live system is absolutely unreliable. The only way to do it right is using an external system. Otherwise, you can never be sure to have really cleaned up the system. It is a basic concept in IT security.
In my experience, for Windows anyway, doing things from safe mode is also a half-way decent option and normally solves most problems. Though it doesn't help against rootkits or bios attacks, but at least it'd help with things that want to be running on top of everything else (and most need internet to run, which safe mode doesn't allow).
@@Dyanosis 1) In my line of work, that is Computer Security, there are no half-measures : You cannot be mildly confident that you have solved the issue. My customers want to be sure the problem is gone, not half-sure, with a half-baked solution, and what you recommend does not do the job. 2) Thank you for proving my point, you said it yourself : Your solution does not help against rootkits/trojans. And I want to be sure to deal with them. 3) You don't know well windows : You can run safe mode WITH Network enabled, it is an option. Enjoy, and Peace !
@@philpeko1796 While you may be correct, there's no need to be aggressive about it. He does have 'something' of a point after all- in all honesty windows safe mode, while NOT a panacea by any means, is a useful but often-overlooked tool these days. And while security is always something to be done in absolutes, the way things are done at home is often different from the business world- at home there's no concern for liability or partnerships or tax breaks or write-offs etc etc, which can dictate decisions that in other cases wouldn't happen. For example MWB is the name in the game for AVs, but when the business pays for norton, that's what you're stuck with. There's also the simple matter that a full reinstall... Honestly isn't that bad these days. Personal treasures like photos and writing aside, I could probably do a full, fresh reinstall and re-setup of my home pc in under an hour. That was NOT the case when I had dial-up. And if a system is infected to THAT degree a full reinstall might not be that bad of an option. Not always an option, obviously, but it's something more worth considering than it perhaps once was.
The question that comes to mind is the system infection was obviously downloading it's own tools and not what you thought perhaps due to HOSTS file, or had a Image File Execution Options Injection settings for all of these tools. Then when you used a couple of them that were probably missing from the list they were able to run. Without having the exact infection it's difficult to say for sure which method was used, but bottom line is probably ALL of the tools or Most of the tools would have worked had IEFO or similar method of running its own tools been dealt with. It was NOT due to the tool not being able to deal with it. It was the method used to try and run it.
The biggest problem with malware and virus removal is that no single tool finds everything. So, your approach of utilizing MULTIPLE or SEVERAL tools is strongly recommended. I use the following approach; Whenever possible, use an off-line tool to scan the system such as one which runs from a USB. Better yet, if you have a second computer, pull the infected drive and scan it with the second (uninflected) computer using multiple tools. This ensures that NO suspect processes could possibly have been running. place the computer into “Safe Mode” which only allows the Windows system files necessary to run. THEN, perform your cleanup. Unless you know EXACTLY when your system was compromised, you have to consider that system restore points are also worthless. I’ve seen this time and time again. If you restore to a certain point, you wind up re-infecting your system all over again. Only after doing THIS level of cleanup will you be better assured that the cleanup is complete.
@@shaggydawg5419 Yes, there’s always the “Nuclear Option.” As simple as this option actually is, I’ve learned that most people simply won’t go down this road. I would say that the nuclear option is the #1 approach to virus & malware removal. That’s why I primarily use Linux as my operating system.
@@rb2287 People don't want to lose documents and/or start over from scratch. I'd rather lose a little bit of data (that hasn't been backed up yet) than risk an unstable system with a potential of reinfection or hidden malware. There's no way I'm going to use an infected system even after it's been cleaned and multiple malware products find nothing in it.
@@taxcollector8858 I was referring to reinstalling the operating systems. Use other computer to download and create a Windows setup media on a USB flash. Turn off the infected PC and turn it back on. Boot off the USB device with Windows setup and delete the entire partitions on the infected hard disk. Start with a fresh Windows 10 or 11 installation.
Leo, if you have to ask if we want to see a demo on something you mentioned in a video. The likely answer is YES!!! 😎 This is awesome info you put out for the novice to amateur computer user. Thanks for this video!
the best way to deep clean an infected pc is to wipe the drive and start fresh, and not install some sketchy software again. keep your stuff backed up, and stay safe and comfy!
I feel like the idea here is to clean up the system enough that what might remain of the user’s valued data can be offloaded to a backup, then the OS completely reinstalled.
Norton Power Eraser due to the very small installer size, seems to be an online installer, which in case of an infected computer where the internet connection may not work, it will not execute as the computer cannot access the cloud to get the latest and complete virus signatures. In this situation it will be better to use another Norton tool - Norton Bootable Recovery Tool. On the other hand, it is always advised to try to clean a computer via a bootable tool and do not execute the cleaning software with the infected operating system active and running.
Thank you so much for this video, I searched for deep cleaning virus tools and your video was probably the savior of my steam account. In my stupidity I downloaded a sketchy piece of software that ended up stealing my account information and sold all my in-game items :( fortunately, I recovered my account just in time, i'm stealing a bit paranoid if some piece of malware is running deep inside my system but from what I can tell, my computer is cleaned. Thank you so much for making this video, you save my PC
A shop that I used when I used widows, never cleaned a system with widows loaded. They used a program called BartPE. They loaded the most current AV updates, burned a live disc, doing that on a separate PC. Turned the infected device off and then live booted the disc. The purpose to this is that some viruses use known inadequacies and flat out gross Vulnerabilities in the windows OS to hide themselves from AV software. Booting outside of the OS allows BPE to scan the full drive. Including areas that have been marked by windows as bad sectors for viruses. Windows marks sections of the formatted drive as bad if it finds issues. Windows will ignore these areas, but the virus can find them and use still good space in them. I personally stopped using windows decades ago because it was so riddled with vulnerabilities. No OS is fool proof, but windows is all but impossible to keep clean because of how haphazardly Microsoft writes it. The one thing it does well is keep a army of people employed trying to keep the OS running.
Thanks for the help, man. I'm starting a small PC repair business and I was looking for some good tools to clear infected computers. I'm more of a hardware repair guy but I want to open the business to anyone in need of assistance.
I would love to see a more detailed video on fileless malware. I had a seriously compromised network back in 2018 and every system on my network (including my smartphone) was completely infected. In Windows I noticed the malware was highly cloaked and used a ton of strange Powershell scripts to gather data and deploy whatever was needed. I had a hell of time with it and had to replace my router and remove all IoT devices, thoroughly clean my system and reinstall Windows, and flash the stock FW to my phone using Odin. Simply reinstalling Windows always led to a reinfected system, which was crazy to me.
@@Dead_Weight21 It really was. I also found all sorts of strange files inside my Google Drive, like a few Linux distros and such. I of course never put them in there. When I was trying to clean the system, I found a folder inside the Windows directory with around 100 .ps1 files (Powershell scripts) and I copied them over to a removable drive for later analysis. Sadly, they were gone when I went to find them again. Not sure if my AV killed them silently or if the threat actor deleted them. I really wish I would have kept more of what I found because the malware was amazingly robust.
This happened to me in 2021. My S8 picked it up immediately after Samsung stopped updates w/o notice. - To make a very long story short, I ditched Samsung & I use quite a bit of google/chromium stuff now and EVERYTHING is either still infected, (or re-infected). Your post is the closest description to what I've been struggling to with. I could go on forever - I would love for an expert to analyze it all. It's really quite crazy how these system apps or APKs manipulate my network and devices, then hide & respawn like weeds.
Karspersky used to have a bootable cd you could download free . Boot from it , it would update itself and then scan your hdds . Was great. Isn it available any more ?
Please do make a video on tronscript I would love to see it! It's always fun to see how things stack up against some virus or another. Plus, hearing what you have to say about of the different steps and processes tron does would be interesting. Then if on top of that, you even mentioned changes or upgrades?! Yeah, that sounds like a great video!!
I see NPE detects threads installed on two disinct data, one of them october 13, which was a Thursday, but might have been already Friday in some time zones. In cases like this I go check what I downloaded, visited or installed at that day and time to maybe find when and how I was running the risk.
Thank you so much for this I'm about to try this. I have a really infected system most my registry has been changed and permissions have been taken over. I thought about the tron script but I don't know anything about code or coding so I am very thankful your video popped up. Subscribed !
Hey I have this current problem dude, THE EXACT ONE., which service helped you bro? And was your malware capturing your screen like mine is ? It’s scary stuff I need help
Question: why is the '.exe / Return key vector' NOT being intercepted by one/more of these infections? Remember, a 'fully' infected system can very easily patch into any process that happens from the point immediately after pressing the Return key, or, left mouse key double click, or similar. Etc ??? ;) If you are able to execute any removal infection program then, quite simply, that means the infection is...inadequate, or, not fully exploiting its 'potential'. The best answer to any infection is to re-image with a (hopefully) clean historical file. Clearly, attention will need to be paid to any attached storage, direct or networked.
@@hugbearsx4 Can't you download the setup files of what you need in another computer and then place those files in an offline portable storage? Being disconnected from the internet from an infected computer should be a given.
@@7DeadlyJinxs If the system is up, then the virus is ACTIVE and the chances of it trying to hide/morph/attack your antivirus are very high. That's why you should shut the system down and boot from a known-to-be-clean antivirus tool, that won't load any of the infected files to be executed - therefore denying the virus the chance to act.
My computer runs with the OS/programs/files each stored on one NVMe SSD. But the computer also has a HDD. So I cloned the contents of the NVMe SDD onto the HDD. I then disconnected the HDD from power and SATA connection to protect it from malware. So if I run into problems, be that malware or updates causing problems etc., I just reconnect the HDD and boot up from there. This takes less than 5 minutes, and so I then can proceed to do things such as pay bills and so forth, without there being any inhibitors or any other problems at hand. Thanks to this method, I am up and running bug free in mere minutes, rather than having to cross my fingers and reload or perform other recovery methods. Once I have some free time, I then just clone the contents of the HDD on over to the NVMe SSD, and once again have a bug free system. Thus with this technique, I in no way have to accept a corrupted computer to be able to somewhat repair itself via the help of another software app.
Just a curious scenario. What if instead of downloading the .exe directly, you right click on the link, select save as and enter a different name without an extension? If CMD opens up, you can then issue `%1 filename` to execute it as an executable. Is that too somehow blocked?
A little off topic but For old harddrives does anyone know what program would win between Perfectdisk, Piriform defraggler, My defrag, O&O defrag, Auslogics, Smart Defrag, Wise care 365, windows 7 built in defrag, and any other popular brands? and why is it the best? Priority- 1: Boost harddrive performance. 2: Extend the lifespan of the harddrive.
so let me get this clear, the best virus removal tools, Norton Power Eraser and Hitman Pro is the only two that still can be installed into our PC even AFTER we have deeply infected? or is Norton Power Eraser and Hitman Pro has been installed BEFORE it gets infected? but what if we've already installed the AV before get infected? like Kaspersky, Malwarebytes, etc, could we still can get auto infected?
When my Win-7 computer gets a nasty virus, I just reload a system image that I created a few months earlier, at a time where the computer was known to be clean. That's why I keep all of my data and portable browsers on an external hard drive, not on the computer's hard drive itself. After reloading the system image I then use virus removal tools on the external hard drives to clean them up.
An easy mistake that people can make is to have the drive containing the backups be Read/Write for Windows. The backups will be encrypted right along with everything else. When backing up a system, I use the Clonezilla live CD (linux-based) with an external USB drive. In order to protect the external drive from infection, do the following: a) shutdown/power-off Windows, b) Insert bootable Clonezilla media DVD/USB, c) power-on machine and run BIOS Setup to change the boot order (assuming no F-key for a boot menu), boot the Clonezilla media, and ONLY THEN plug in the external drive. Finally run Clonezilla to make your backup. I also format the external drive using a Linux-native filesystem like EXT2/3/4, XFS, etc., since Windows still arrogantly ignores any partition types except their own.
Hey someone here who hasn't the least idea about any off this stuff. Your video where helpful and i feel at least a bit safer using my laptop. Thanks for your free help. Ps: im thinking its time to learn about that stuff since my dad used to fix my shit when my pc was slower than city traffic during rush hour.
The frustrating thing about the virus I have right now is that my browser crashes whenever I try to download an antivirus program. Additionally, when I try to open the antivirus file directly, it crashes as well.
Well I'm not an expert in this but i once had a system which was infected by a ransomware, and kept on crashing everytime I wanted to use another anti virus and surprisingly "Hitman Pro" removed the virus (completely) the system was alright and I did a system reset and it was all good
I have cleaned machines like this many times before, and I prefer to use Process Explorer - the scanning of the running programs/processes can be done via the built-in VirusTotal check. And then it is mostly just a question of "Kill process", then "delete file".
i had this same virus long ago, i dont remember how i got infected but i realized i was infected because of how loud my fans were meanwhile my PC was on idle and it made me worry, so i installed AVAST and i got the fake Antivirus, but THEN i downloaded another one that i neither remember which one was but managed to get it installed, since it looked like the Virus didn't know about that one. So like that i realized i had a Bitcoin Miner on my PC somehow, and my Windows Security was completely broken so i anyways had to reinstall my Windows
Funny thing. Had Norton for some years, since I bought this PC. Since Norton's core business seems to be attention seeking, spamming and distraction in general I switched to another AV. Now I tried this NPE you showed and guess what? It finds several threads installed during the period I used Norton. Granted, not serious, I won't remove them.
Great video! Question: given the scenario of having an *already* deeply infected system, how did/would you get Norton Power Eraser on the system such that it would able to run correctly? I presume the malware that "tainted" the downloads you demonstrated would also "taint" Norton Power Eraser, if attempted to be downloaded the same way you downloaded the other tools. Thanks for posting!!!!
You could also always use a bootable USB recovery stick from a well known AV brand. This allows to start the AV without Windows booting up in the first place and will work nearly every time.
@@kruemelfelixI have a question for you dont read it if u dont want to. do I have a virus (trojan) if I downloaded something but didn’t open it I just put it to virustotal and deleted it like 1minute after or less after downloading and I didnt have an antivirus (malwarebytes which is the one that detected the virus) then but I downloaded it straight after and scanned it found no threats. but I got really anxious and tried to do a custom scan it scanned for 3h I noticed that system and windows update service would use more cpu if combined up to 16% when I didn’t press anything for a few minutes I googled it and it said I may have malware. Then at around 3hour mark I started playing games (leauge of legends) 1st game was all good didn’t lagg a single time (i was almost always at stable 240fps) but the 2nd I got 2 huge lagspikes 1st lasted 6seconds after i spammed my keyboard it opened the desktop for some reason wallpaper engine turned off and on then i got back into the game the fps was still fine but the 2nd time i lagged for 12secs or so and it didnt end so i turned off the powersupply and the extension cord didnt touch it since. please help me what do I do?
Some trojans use an injection method where once you download it, it executes by itself. Although you didnt run it, it still might have injected itself into your pc which in your case would be the windows update service file. If i was you i would reinstall windows and wipe all of your harddrives as well as backing up your data. Better the be safe than sorry. And for your information, the windows update service should really only be using 0-2 percent of your cpu, even if there is an update available. @@Lant1sAlso, are you sure that its a virus? Where did you download this file from?
Hi Leo, I enjoy your videos! Can you maybe consider creating video about Bitdefender's tool used to cleanup the pc from malware. They have something similar to KVRT form Kaspersky. I am thinking to switch from Kaspersky to Bitdefender so I would love to see more comparisions against those products in the future.
Hey how's it going ? I'm a bitdefender user and I like it a lot, I'm a bit of a layman in this subject but when I used both, I didn't see much difference between the two, one thing I noticed was that the bitdefender panel has more settings than kaspersky.
Interesting! Question…. Considering how closely Kaspersky and Bitdefender are in many of your tests, I am wondering how Bitdefender fared where it was substituted for Kaspersky in that sequence?
Is it possible for you to do some of those tests on mobile apps? I always follow your suggestions for PC, but on mobile im know nothing. Hhaha Thank you!
Now, don't know if it still exists, but Malwarebytes did have a CMD version to get things stopped so you can run the GUI version. And you can boot into safe mode or selective startup programs which helps
I would wonder about how command line tools like roguekillercmd and malwarebytes workbench would do. I know malwarebytes workbench is only available to resellers but I find it superior to any other product. I have never had anything block it and it has a ton of other useful tools and scripts. But roguekillercmd has been pretty useful too. Only it is very slow. Clone everything with clonezilla to a network NAS we have then scan.
One interesting manual technique that worked for me was to change the security properties of some executables that I knew were infected such that the user SYSTEM was denied all privileges on the file and then restart. The error messages were pretty fun.
Sir I just purchased regular basic Kaspersky Antivirus for a good Xmas deal but now I found it does not have a built in FIREWALL and Kaspersky did not mention this on their product page. Feeling cheated lol.
Kaspersky real time protection and its ability to remove existing malware/virus is the cream of the cream. You are safe in their hand. I don't know what type of feature you want but no virus/ malware can bypass Kaspersky
@@LakadMatatag2702 yes I know Kaspersky is the best when it comes to detection and real time protection. My suite just doesn't have a firewall, so I'm using built in firewall of windows 11
Norton Power Eraser being good at removing the malware files is very surprising to me because Norton Antivirus is notorious for being unable to remove malware and asking you to remove it yourself.
I never use Norton Antivirus because it does not remove malware by itself. In fact my computer got infected and I had to wipe out the hard drive while I WAS using Norton Antivirus (registered version). It is overrated garbage!
I usually use task manager to kill the fake AV then run standard tools like SuperAntiSpyware and Malwarebytes. If that doesn't work I use system restore to reset the system to the way it was before it became infected then run the same AV tools to see if the system is clean.
I had no problems with Avast, but Malwarebytes detected malware which Avast ignored. I used Norton Power Eraser, but one of my very common utilities (photocopier) was detected as malware, which it is not. Wow. I'm thinking of getting the yearly subscription of Malwarebytes. I really like it!
@@saikyue4462 how about the programmers? Who are they and perhaps they are located "at home" (not in CH). With datacomms the location of the servers is irrelevant, surely?
What do you do in instance that, yes fake VR tools download, but it also keeps doing fake reformats? Yes - I have been 5 actual places, two I hired to clean out the system, both have failed.
How effective are system restore points or an in place upgrade in cleaning a system? These are my fall back options now that Macrium Reflect free edition is scheduled for end of life.
@@pcsecuritychannel OK, well thanks for the links in this vid. Have added NPE and the Kaspersky Tool to my existing portable apps (CCE, EEK, ADWCL Sys Internals etc) so should have sufficient tools. Skipped Hitman Pro though as it's not really free, just a trial. Had a pretty nasty infection a couple weeks back from a 'verified' torrent, first in ages (years probably). Windows Defender detected ok but couldn't seem to fix it. Every time it was blocked it was constantly trying to create and run instances of svchost.exe in a temp folder. None of my portable tools seemed to fix it. Ended up running System File Checker, which worked but messed up windows explorer (option for tabs disappeared), so ran an 'In Place Upgrade' and that reset everything back to working condition.
@@Tabaspu Thanks for the suggestion. Looks like a good solution and its also free. The benefit over windows restore seems to be that it can also restore user files and documents, which could be very useful. Not sure if it would work with windows 11 though. I currently use an ancient but pretty good free software called 'create synchronicity' for weekly backups of documents and data, in addition to relying on system restore for rescuing the OS.
If a system is deeply infected then trying to clean it when the system is running is futile because the malware has taken control and would not allow any malware removal tool to function. The effective way, in my opinion is to shut down the computer, remove the hard disk, make it into an external USB disk by fitting it into a hard disk enclosure. Then scan it with a good malware removal tool on another computer. With this hard disk in inactive condition, malware removal tool will have realistic chances of identifying and removing the malware. Once malware is thus removed, fit the hard disk back into the computer.
Norton labeled things as medium threat that shouldn't be labeled. It labeled programs I made myself as medium threats. Both of these were made via AHK. One hides icons when double clicking on desktop and one turns up or down volume via scroll wheel when hovering over anywhere in the taskbar area. SO, imho norton kinda missed the mark here for security.
Can you do a review on Windows 10/11 Ghost Spectre? A group stripped down Windows to make it use less resources and remove MS tracking elements. But I want to know if it's actually safe to use
There was a software named Returnil many years ago was quite novel way of defeating all kinds of threats. It just system restore the computer to a clean state everytime you restart your computer and have methods to permanently have programs installed to the system if needed to.
When I say I tried pretty much every tool, I mean it. For everyone curious about how some other tool would perform, I tried:
ESET Online Scanner, F Secure, Comodo Cleaning Essentials, Emsisoft Emergency Kit, Bitdefender, Tron script etc and in the end even Protegent 😅 before coming up with this list. I went through all of these in a 1 hr stream on Discord but didn’t include here cause that would make for a boring video.
Tron isnt really good at all in my opinion it causes more harm then good
@@novaUT
He mentioned that.
Hey Leo. Did you happen to try renaming the tools to see if that would allow them to run? I've had luck doing that before.
As long as when the Tron script is running it is playing the soundtrack from BOTH movies, I'm ok with it!! 😁😎
But can any of them remove McAfee?
5:10 Steps to clean a deeply infected system:
1. Norton Power Eraser (repair certain system files and functions)
2. Kaspersky (advanced disinfection recommended)
3. Hitman Pro (only quarantine and delete)
4. Malwarebytes
Thank you so much, My pc got infected with a pretty deep virus that dug it's way into windows registry folders and I was searching on how to fix it because the virus was not letting me on any antivirus websites and I followed your instructions on this video and I finally recovered my 5 years of research I almost lost, so thank you I really appreciate it.
dude , keep a copy of all your data off line . That is the first rule of fight club lol . I never keep anything ON my computer except things like Gimp and OBS , but I can just reinstall those after a clean install of my OS .
If your system is "deeply infected" the most effective tool BY FAR is your existing backups because you need to reload/reimage/reinstall. AND, when you tally up all the hours you'll spend tracing down remnants or just worrying - it's often faster to boot. Sometimes a LOT faster!
The malware might infect your backups which results in them not working.
@@david09baz backups should be encrypted and your system shouldn't have write access to existing backups
@@a.x.w Exactly - "air gapped" (as much as I dislike that term). At work people sometimes rib me for still using tape, but it's cheap, fast, and I can look at all those cartridges on the shelf and say to myself "encrypt that" during any potential ransomware attack.
True. But how do you know you haven't backed up an already infected system?
I would say yes, but also no. All in all, it still depends on the status quo. If the most recent clean backup was a day ago before the infection, by all means recovering from a backup (should) be fine. But if the most recent clean backup was 6 days ago (weekly backups), or 29 days ago (monthly backups), we're talking days and weeks of potential data / progress being wiped out completely. Of course this is briefly speaking and it obviously gets more intricate, but this video is nice for techs like us to keep up with their tool-belt and be prepared / made aware of more options to consider if such an incident were to occur.
Leo, I was just doing a survey for a well known AV site and your channel name came up. They wanted to know if I’d like to see you or your channel (whatever they meant) in their published reports. I said HELL YES!! You’ve come a long way over the years, you have a bright future ahead.
Thank you for going through with all the testing and present the findings with us
Honestly, when I saw the malware take over the AV downloads, my first instinct was to not do the malware removal in Windows at all. Kaspersky Rescue Disk is a Linux boot disk that lets you run KAV on an offline system. I would be curious to see how it fares in this scenario. I've used it and Bitdefender Rescue CD (RIP) in the past with some good success.
Yes but this was much quicker.
@@pcsecuritychannel May be Quicker, but useless. @TheRossMadness is right, trying to clean a corrupted system from this live system is absolutely unreliable. The only way to do it right is using an external system. Otherwise, you can never be sure to have really cleaned up the system. It is a basic concept in IT security.
In my experience, for Windows anyway, doing things from safe mode is also a half-way decent option and normally solves most problems. Though it doesn't help against rootkits or bios attacks, but at least it'd help with things that want to be running on top of everything else (and most need internet to run, which safe mode doesn't allow).
@@Dyanosis 1) In my line of work, that is Computer Security, there are no half-measures : You cannot be mildly confident that you have solved the issue.
My customers want to be sure the problem is gone, not half-sure, with a half-baked solution, and what you recommend does not do the job.
2) Thank you for proving my point, you said it yourself : Your solution does not help against rootkits/trojans. And I want to be sure to deal with them.
3) You don't know well windows : You can run safe mode WITH Network enabled, it is an option. Enjoy, and Peace !
@@philpeko1796 While you may be correct, there's no need to be aggressive about it. He does have 'something' of a point after all- in all honesty windows safe mode, while NOT a panacea by any means, is a useful but often-overlooked tool these days.
And while security is always something to be done in absolutes, the way things are done at home is often different from the business world- at home there's no concern for liability or partnerships or tax breaks or write-offs etc etc, which can dictate decisions that in other cases wouldn't happen. For example MWB is the name in the game for AVs, but when the business pays for norton, that's what you're stuck with.
There's also the simple matter that a full reinstall... Honestly isn't that bad these days. Personal treasures like photos and writing aside, I could probably do a full, fresh reinstall and re-setup of my home pc in under an hour. That was NOT the case when I had dial-up. And if a system is infected to THAT degree a full reinstall might not be that bad of an option. Not always an option, obviously, but it's something more worth considering than it perhaps once was.
The question that comes to mind is the system infection was obviously downloading it's own tools and not what you thought perhaps due to HOSTS file, or had a Image File Execution Options Injection settings for all of these tools. Then when you used a couple of them that were probably missing from the list they were able to run. Without having the exact infection it's difficult to say for sure which method was used, but bottom line is probably ALL of the tools or Most of the tools would have worked had IEFO or similar method of running its own tools been dealt with. It was NOT due to the tool not being able to deal with it. It was the method used to try and run it.
You are the hero we need. EVERYONE needs to see your videos. Seriously.
The biggest problem with malware and virus removal is that no single tool finds everything. So, your approach of utilizing MULTIPLE or SEVERAL tools is strongly recommended. I use the following approach; Whenever possible, use an off-line tool to scan the system such as one which runs from a USB. Better yet, if you have a second computer, pull the infected drive and scan it with the second (uninflected) computer using multiple tools. This ensures that NO suspect processes could possibly have been running. place the computer into “Safe Mode” which only allows the Windows system files necessary to run. THEN, perform your cleanup. Unless you know EXACTLY when your system was compromised, you have to consider that system restore points are also worthless. I’ve seen this time and time again. If you restore to a certain point, you wind up re-infecting your system all over again. Only after doing THIS level of cleanup will you be better assured that the cleanup is complete.
You're correct but I don't do cleanups. Nuke and rebuild is my solution
@@shaggydawg5419 Yes, there’s always the “Nuclear Option.” As simple as this option actually is, I’ve learned that most people simply won’t go down this road. I would say that the nuclear option is the #1 approach to virus & malware removal. That’s why I primarily use Linux as my operating system.
@@rb2287 People don't want to lose documents and/or start over from scratch. I'd rather lose a little bit of data (that hasn't been backed up yet) than risk an unstable system with a potential of reinfection or hidden malware. There's no way I'm going to use an infected system even after it's been cleaned and multiple malware products find nothing in it.
@shaggydawg5419 how do you "nuke" your computer? I got a maleware and I got a ransom message. I'm planning on nuking but idk how
@@taxcollector8858 I was referring to reinstalling the operating systems. Use other computer to download and create a Windows setup media on a USB flash. Turn off the infected PC and turn it back on. Boot off the USB device with Windows setup and delete the entire partitions on the infected hard disk. Start with a fresh Windows 10 or 11 installation.
Leo, if you have to ask if we want to see a demo on something you mentioned in a video. The likely answer is YES!!! 😎 This is awesome info you put out for the novice to amateur computer user. Thanks for this video!
this is my new favourite channel. i can barely wait to get home from work and from class and try it out
I don’t believe it!?!? Norton is useful for something???
Yes bro, Norton will remove your malware and install his own
@@oskkim2163 common Norton W
@@oskkim2163 😂😂😂😁
@@oskkim2163 Norton is Notorious 😁
bruh literally. you can use it to remove your malware while it probably mines for crypto in the background
the best way to deep clean an infected pc is to wipe the drive and start fresh, and not install some sketchy software again. keep your stuff backed up, and stay safe and comfy!
I feel like the idea here is to clean up the system enough that what might remain of the user’s valued data can be offloaded to a backup, then the OS completely reinstalled.
Bingo! Now this idea I like.
Norton Power Eraser due to the very small installer size, seems to be an online installer, which in case of an infected computer where the internet connection may not work, it will not execute as the computer cannot access the cloud to get the latest and complete virus signatures. In this situation it will be better to use another Norton tool - Norton Bootable Recovery Tool. On the other hand, it is always advised to try to clean a computer via a bootable tool and do not execute the cleaning software with the infected operating system active and running.
Thank you so much for this video, I searched for deep cleaning virus tools and your video was probably the savior of my steam account. In my stupidity I downloaded a sketchy piece of software that ended up stealing my account information and sold all my in-game items :( fortunately, I recovered my account just in time, i'm stealing a bit paranoid if some piece of malware is running deep inside my system but from what I can tell, my computer is cleaned.
Thank you so much for making this video, you save my PC
The Norton Power Eraser solved my issue.. THANK YOU!!
A customized Tron script video will be amazing to watch. I'm looking forward for that one.
A shop that I used when I used widows, never cleaned a system with widows loaded.
They used a program called BartPE.
They loaded the most current AV updates, burned a live disc, doing that on a separate PC. Turned the infected device off and then live booted the disc.
The purpose to this is that some viruses use known inadequacies and flat out gross Vulnerabilities in the windows OS to hide themselves from AV software. Booting outside of the OS allows BPE to scan the full drive. Including areas that have been marked by windows as bad sectors for viruses.
Windows marks sections of the formatted drive as bad if it finds issues. Windows will ignore these areas, but the virus can find them and use still good space in them.
I personally stopped using windows decades ago because it was so riddled with vulnerabilities.
No OS is fool proof, but windows is all but impossible to keep clean because of how haphazardly Microsoft writes it.
The one thing it does well is keep a army of people employed trying to keep the OS running.
Thats not possible anymore since secure boot uefi
I love this kind of testing AV's and AV's tools videos!
Thanks!
I would certainly appreciate a video on Tron. Thanks for this one, by the way.
Just by using the Norton power eraser my issue was fixed. Thanks bud.
Thanks for the help, man. I'm starting a small PC repair business and I was looking for some good tools to clear infected computers. I'm more of a hardware repair guy but I want to open the business to anyone in need of assistance.
I would love to see a more detailed video on fileless malware. I had a seriously compromised network back in 2018 and every system on my network (including my smartphone) was completely infected. In Windows I noticed the malware was highly cloaked and used a ton of strange Powershell scripts to gather data and deploy whatever was needed. I had a hell of time with it and had to replace my router and remove all IoT devices, thoroughly clean my system and reinstall Windows, and flash the stock FW to my phone using Odin. Simply reinstalling Windows always led to a reinfected system, which was crazy to me.
That sounds scary
@@Dead_Weight21 It really was. I also found all sorts of strange files inside my Google Drive, like a few Linux distros and such. I of course never put them in there.
When I was trying to clean the system, I found a folder inside the Windows directory with around 100 .ps1 files (Powershell scripts) and I copied them over to a removable drive for later analysis. Sadly, they were gone when I went to find them again. Not sure if my AV killed them silently or if the threat actor deleted them. I really wish I would have kept more of what I found because the malware was amazingly robust.
This happened to me in 2021. My S8 picked it up immediately after Samsung stopped updates w/o notice. - To make a very long story short, I ditched Samsung & I use quite a bit of google/chromium stuff now and EVERYTHING is either still infected, (or re-infected). Your post is the closest description to what I've been struggling to with.
I could go on forever - I would love for an expert to analyze it all. It's really quite crazy how these system apps or APKs manipulate my network and devices, then hide & respawn like weeds.
@@slamscaper128what the actual hell? How can reinstalling windows can end up reinfecting your system? That's terrific
@@riperroxd7664 The malware was very advanced and has multiple ways of remaining persistent after a reinstallation of Windows.
Karspersky used to have a bootable cd you could download free . Boot from it , it would update itself and then scan your hdds .
Was great.
Isn it available any more ?
Yes it is available for free. Its called Kaspersky Rescue Kit.
Offline scanners seem to be far less effective these days and the update servers take longer than the scans.
Danke!
Great job and pretty clear communication also.
Many thanks for your computer security discussions!
I am aware this is a channel regarding PCs but a video like this for Android would be greatly appreciated as well.
Helpful video, by the way!
Use bitdefender for andoird
Please do make a video on tronscript I would love to see it!
It's always fun to see how things stack up against some virus or another. Plus, hearing what you have to say about of the different steps and processes tron does would be interesting.
Then if on top of that, you even mentioned changes or upgrades?! Yeah, that sounds like a great video!!
I see NPE detects threads installed on two disinct data, one of them october 13, which was a Thursday, but might have been already Friday in some time zones. In cases like this I go check what I downloaded, visited or installed at that day and time to maybe find when and how I was running the risk.
Norton be allowed by the malware because the malware was like “eh, what’s he gonna do?”
JK. Good video!
Since the U.S. banned "Kaspersky" what do you recommend instead?
Interesting but do note that Norton Power Eraser is very aggressive at times classifying foxit editor and openboard as medium category malware.
don't use it yes or no?
Thank you so much for this I'm about to try this. I have a really infected system most my registry has been changed and permissions have been taken over. I thought about the tron script but I don't know anything about code or coding so I am very thankful your video popped up. Subscribed !
Hey I have this current problem dude, THE EXACT ONE., which service helped you bro? And was your malware capturing your screen like mine is ? It’s scary stuff I need help
Have you tried RKill for disabling malware before running any of the other av one-time scanners? Curious on your opinion of it.
It can work in certain situations.
Question: why is the '.exe / Return key vector' NOT being intercepted by one/more of these infections? Remember, a 'fully' infected system can very easily patch into any process that happens from the point immediately after pressing the Return key, or, left mouse key double click, or similar. Etc ??? ;)
If you are able to execute any removal infection program then, quite simply, that means the infection is...inadequate, or, not fully exploiting its 'potential'.
The best answer to any infection is to re-image with a (hopefully) clean historical file. Clearly, attention will need to be paid to any attached storage, direct or networked.
What about offline cleaning?, running an antivirus from a bootable USB has always worked great
This is the only way to attempt a serious disinfecton.
@@hugbearsx4 Can't you download the setup files of what you need in another computer and then place those files in an offline portable storage? Being disconnected from the internet from an infected computer should be a given.
@@7DeadlyJinxs If the system is up, then the virus is ACTIVE and the chances of it trying to hide/morph/attack your antivirus are very high. That's why you should shut the system down and boot from a known-to-be-clean antivirus tool, that won't load any of the infected files to be executed - therefore denying the virus the chance to act.
@@hugbearsx4 What?
Kaspersky is the way to go, its to one and only Antivirus I use and I had never any problems so far.
And prices are a bit unfair for kaspersky hahah it is so cheap
I have a suggestion. Why not test the security of minor browsers. Like Vivaldi, Brave and Opera?
Cuz most people don't use em.
My computer runs with the OS/programs/files each stored on one NVMe SSD. But the computer also has a HDD. So I cloned the contents of the NVMe SDD onto the HDD. I then disconnected the HDD from power and SATA connection to protect it from malware. So if I run into problems, be that malware or updates causing problems etc., I just reconnect the HDD and boot up from there. This takes less than 5 minutes, and so I then can proceed to do things such as pay bills and so forth, without there being any inhibitors or any other problems at hand. Thanks to this method, I am up and running bug free in mere minutes, rather than having to cross my fingers and reload or perform other recovery methods. Once I have some free time, I then just clone the contents of the HDD on over to the NVMe SSD, and once again have a bug free system. Thus with this technique, I in no way have to accept a corrupted computer to be able to somewhat repair itself via the help of another software app.
Just a curious scenario. What if instead of downloading the .exe directly, you right click on the link, select save as and enter a different name without an extension? If CMD opens up, you can then issue `%1 filename` to execute it as an executable. Is that too somehow blocked?
Want to know if that works too
A little off topic but For old harddrives does anyone know what program would win between Perfectdisk, Piriform defraggler, My defrag, O&O defrag, Auslogics, Smart Defrag, Wise care 365, windows 7 built in defrag, and any other popular brands? and why is it the best?
Priority-
1: Boost harddrive performance.
2: Extend the lifespan of the harddrive.
so let me get this clear, the best virus removal tools, Norton Power Eraser and Hitman Pro is the only two that still can be installed into our PC even AFTER we have deeply infected? or is Norton Power Eraser and Hitman Pro has been installed BEFORE it gets infected? but what if we've already installed the AV before get infected? like Kaspersky, Malwarebytes, etc, could we still can get auto infected?
Hey when will you test any antivirus? Waiting for Kaspersky vs Bitdefender
Yes, a video about Tron Script would be awesome
When my Win-7 computer gets a nasty virus, I just reload a system image that I created a few months earlier, at a time where the computer was known to be clean. That's why I keep all of my data and portable browsers on an external hard drive, not on the computer's hard drive itself. After reloading the system image I then use virus removal tools on the external hard drives to clean them up.
An easy mistake that people can make is to have the drive containing the backups be Read/Write for Windows. The backups will be encrypted right along with everything else.
When backing up a system, I use the Clonezilla live CD (linux-based) with an external USB drive. In order to protect the external drive from infection, do the following: a) shutdown/power-off Windows, b) Insert bootable Clonezilla media DVD/USB, c) power-on machine and run BIOS Setup to change the boot order (assuming no F-key for a boot menu), boot the Clonezilla media, and ONLY THEN plug in the external drive. Finally run Clonezilla to make your backup. I also format the external drive using a Linux-native filesystem like EXT2/3/4, XFS, etc., since Windows still arrogantly ignores any partition types except their own.
Just wondering if scanning in safe mode would be a viable option?
Hey someone here who hasn't the least idea about any off this stuff.
Your video where helpful and i feel at least a bit safer using my laptop. Thanks for your free help.
Ps: im thinking its time to learn about that stuff since my dad used to fix my shit when my pc was slower than city traffic during rush hour.
The frustrating thing about the virus I have right now is that my browser crashes whenever I try to download an antivirus program. Additionally, when I try to open the antivirus file directly, it crashes as well.
Well I'm not an expert in this but i once had a system which was infected by a ransomware, and kept on crashing everytime I wanted to use another anti virus and surprisingly "Hitman Pro" removed the virus (completely) the system was alright and I did a system reset and it was all good
5:12, Just a reminder for me, what programms I should use after downloading premiere pro speech to text 2024 from 1337x
I have cleaned machines like this many times before, and I prefer to use Process Explorer - the scanning of the running programs/processes can be done via the built-in VirusTotal check. And then it is mostly just a question of "Kill process", then "delete file".
i had this same virus long ago, i dont remember how i got infected but i realized i was infected because of how loud my fans were meanwhile my PC was on idle and it made me worry, so i installed AVAST and i got the fake Antivirus, but THEN i downloaded another one that i neither remember which one was but managed to get it installed, since it looked like the Virus didn't know about that one. So like that i realized i had a Bitcoin Miner on my PC somehow, and my Windows Security was completely broken so i anyways had to reinstall my Windows
I got virus on my bios whenever I reinstall new windows I still have it on my pc 😢 welp.
Very unlikely to be on your bios but if it is try Re-Flashing Your BIOS
Why do you think is in your bios
Funny thing. Had Norton for some years, since I bought this PC. Since Norton's core business seems to be attention seeking, spamming and distraction in general I switched to another AV. Now I tried this NPE you showed and guess what? It finds several threads installed during the period I used Norton. Granted, not serious, I won't remove them.
Great video! Question: given the scenario of having an *already* deeply infected system, how did/would you get Norton Power Eraser on the system such that it would able to run correctly? I presume the malware that "tainted" the downloads you demonstrated would also "taint" Norton Power Eraser, if attempted to be downloaded the same way you downloaded the other tools. Thanks for posting!!!!
You could also always use a bootable USB recovery stick from a well known AV brand. This allows to start the AV without Windows booting up in the first place and will work nearly every time.
@@kruemelfelix Do you know of any that include Norton Power Eraser?
@@TheCocoaDaddy
Perhaps download it to usb drive from other pc?
@@kruemelfelixI have a question for you dont read it if u dont want to. do I have a virus (trojan) if I downloaded something but didn’t open it I just put it to virustotal and deleted it like 1minute after or less after downloading and I didnt have an antivirus (malwarebytes which is the one that detected the virus) then but I downloaded it straight after and scanned it found no threats. but I got really anxious and tried to do a custom scan it scanned for 3h I noticed that system and windows update service would use more cpu if combined up to 16% when I didn’t press anything for a few minutes I googled it and it said I may have malware. Then at around 3hour mark I started playing games (leauge of legends) 1st game was all good didn’t lagg a single time (i was almost always at stable 240fps) but the 2nd I got 2 huge lagspikes 1st lasted 6seconds after i spammed my keyboard it opened the desktop for some reason wallpaper engine turned off and on then i got back into the game the fps was still fine but the 2nd time i lagged for 12secs or so and it didnt end so i turned off the powersupply and the extension cord didnt touch it since. please help me what do I do?
Some trojans use an injection method where once you download it, it executes by itself. Although you didnt run it, it still might have injected itself into your pc which in your case would be the windows update service file. If i was you i would reinstall windows and wipe all of your harddrives as well as backing up your data. Better the be safe than sorry. And for your information, the windows update service should really only be using 0-2 percent of your cpu, even if there is an update available. @@Lant1sAlso, are you sure that its a virus? Where did you download this file from?
Would you recommend having them on a bootable usb to completely remove everything, some infected the bios?
Hi Leo, I enjoy your videos! Can you maybe consider creating video about Bitdefender's tool used to cleanup the pc from malware. They have something similar to KVRT form Kaspersky. I am thinking to switch from Kaspersky to Bitdefender so I would love to see more comparisions against those products in the future.
Hey how's it going ? I'm a bitdefender user and I like it a lot, I'm a bit of a layman in this subject but when I used both, I didn't see much difference between the two, one thing I noticed was that the bitdefender panel has more settings than kaspersky.
Interesting! Question…. Considering how closely Kaspersky and Bitdefender are in many of your tests, I am wondering how Bitdefender fared where it was substituted for Kaspersky in that sequence?
Bitdefender is on top.
Hey Leo I hope that you could do a malware test of Trend Micro maximum security. Its been years since this product has been tested by TPSC.
What about the nasty Surf Sidekick that makes copies of it self and hides really well so you can't find them to delete!!
Is it possible for you to do some of those tests on mobile apps? I always follow your suggestions for PC, but on mobile im know nothing. Hhaha Thank you!
great video.. but can you run all of these in "Safe mode"? my experience in safe mode with networking has helped
Having a lifetime license of Malware bytes, I don't think I'll ever swap it out.
I actually remember when I saw it but I passed. Later when I wanted one it was no longer available.
To bad ComboFix is no longer supported that was a great tool!
Only real Gs remember this GOAT.
Now, don't know if it still exists, but Malwarebytes did have a CMD version to get things stopped so you can run the GUI version. And you can boot into safe mode or selective startup programs which helps
I would wonder about how command line tools like roguekillercmd and malwarebytes workbench would do. I know malwarebytes workbench is only available to resellers but I find it superior to any other product. I have never had anything block it and it has a ton of other useful tools and scripts. But roguekillercmd has been pretty useful too. Only it is very slow. Clone everything with clonezilla to a network NAS we have then scan.
I saw some people complain about Malware including myself, seem to me didn't work very well, because my PC didn't seem healthy
One interesting manual technique that worked for me was to change the security properties of some executables that I knew were infected such that the user SYSTEM was denied all privileges on the file and then restart. The error messages were pretty fun.
Cut all the Infected files you can identify to your desktop and restart. then you can delete them. or if you can change the file extensions to .old
Explain this please
Biggest malware is windows updater
would you recommend to do a clean every month or year? Also in that order which you showed in video every time??
Yes please I would like to see a Tron script video! thank you!
Sir I just purchased regular basic Kaspersky Antivirus for a good Xmas deal but now I found it does not have a built in FIREWALL and Kaspersky did not mention this on their product page. Feeling cheated lol.
Kaspersky real time protection and its ability to remove existing malware/virus is the cream of the cream. You are safe in their hand. I don't know what type of feature you want but no virus/ malware can bypass Kaspersky
@@LakadMatatag2702 yes I know Kaspersky is the best when it comes to detection and real time protection.
My suite just doesn't have a firewall, so I'm using built in firewall of windows 11
@@shivamkrishn That is good enough for most people.
Norton Power Eraser being good at removing the malware files is very surprising to me because Norton Antivirus is notorious for being unable to remove malware and asking you to remove it yourself.
I never use Norton Antivirus because it does not remove malware by itself. In fact my computer got infected and I had to wipe out the hard drive while I WAS using Norton Antivirus (registered version). It is overrated garbage!
I usually use task manager to kill the fake AV then run standard tools like SuperAntiSpyware and Malwarebytes. If that doesn't work I use system restore to reset the system to the way it was before it became infected then run the same AV tools to see if the system is clean.
👍👍👍
I had no problems with Avast, but Malwarebytes detected malware which Avast ignored. I used Norton Power Eraser, but one of my very common utilities (photocopier) was detected as malware, which it is not. Wow. I'm thinking of getting the yearly subscription of Malwarebytes. I really like it!
well if you want to save some money u can create new accounts for malwarebytes and get 14days premium each time
kaspersky... Russian? errr dunno... naa, can't risk that.
Kaspersky is good, they exposed an exploit utilized by the NSA. By the way, they're banned, so you won't be able to download it
servers are in switzerland
@@saikyue4462 how about the programmers? Who are they and perhaps they are located "at home" (not in CH). With datacomms the location of the servers is irrelevant, surely?
@@cosmicdebris2223 possible
What do you do in instance that, yes fake VR tools download, but it also keeps doing fake reformats? Yes - I have been 5 actual places, two I hired to clean out the system, both have failed.
How effective are system restore points or an in place upgrade in cleaning a system? These are my fall back options now that Macrium Reflect free edition is scheduled for end of life.
Not at all for the most part. System Restore may work if you are lucky, but it often creates other problems.
@@pcsecuritychannel OK, well thanks for the links in this vid. Have added NPE and the Kaspersky Tool to my existing portable apps (CCE, EEK, ADWCL Sys Internals etc) so should have sufficient tools. Skipped Hitman Pro though as it's not really free, just a trial.
Had a pretty nasty infection a couple weeks back from a 'verified' torrent, first in ages (years probably). Windows Defender detected ok but couldn't seem to fix it. Every time it was blocked it was constantly trying to create and run instances of svchost.exe in a temp folder. None of my portable tools seemed to fix it. Ended up running System File Checker, which worked but messed up windows explorer (option for tabs disappeared), so ran an 'In Place Upgrade' and that reset everything back to working condition.
not sure if this is relevant but comodo time machine saved me from long.official site dont support it now but available in file hosting's,
@@Tabaspu Thanks for the suggestion. Looks like a good solution and its also free. The benefit over windows restore seems to be that it can also restore user files and documents, which could be very useful. Not sure if it would work with windows 11 though. I currently use an ancient but pretty good free software called 'create synchronicity' for weekly backups of documents and data, in addition to relying on system restore for rescuing the OS.
If a system is deeply infected then trying to clean it when the system is running is futile because the malware has taken control and would not allow any malware removal tool to function. The effective way, in my opinion is to shut down the computer, remove the hard disk, make it into an external USB disk by fitting it into a hard disk enclosure. Then scan it with a good malware removal tool on another computer. With this hard disk in inactive condition, malware removal tool will have realistic chances of identifying and removing the malware.
Once malware is thus removed, fit the hard disk back into the computer.
Norton labeled things as medium threat that shouldn't be labeled. It labeled programs I made myself as medium threats. Both of these were made via AHK. One hides icons when double clicking on desktop and one turns up or down volume via scroll wheel when hovering over anywhere in the taskbar area. SO, imho norton kinda missed the mark here for security.
Is it possible for you to test cortex xdr from palo alto? It should be worth a test because rumors say its better then Kaspersky
ily man you so chill and helpful like i would honestly really want to get to know someone like you in my life
is it possible that viruses/malware can also cause your computer to be slower then it actually was when you got it?
Try using the rootkit scan for NPE
Can you do a review on Windows 10/11 Ghost Spectre? A group stripped down Windows to make it use less resources and remove MS tracking elements. But I want to know if it's actually safe to use
Why brother? We kept emergency backup images for the ship floor computers etc at a smelter I worked at, that and regular data backups.
Can you try running KVRT by renaming the executable to something else to see if you can get it to run that way?
Awesome, thank you for this video :)
is the kaspersky free antivirus good?
like better then the baked in security software for windows 11?
Damn my virus even blocks the Norton power eraser😢
There was a software named Returnil many years ago was quite novel way of defeating all kinds of threats. It just system restore the computer to a clean state everytime you restart your computer and have methods to permanently have programs installed to the system if needed to.
I tried the Norton power eraser but it stuck at 1% and then my PC stopped responding.
Sometimes it can take a long time, give it some time.
How about Kaspersky Live CD? Boot from the iso that has been loaded on a usb and let it clean up everything.
Thx a lot for your videos, btw wanted to clarify for what do we need malwarebytes? Cause u haven't opened it in video.