It seems like there has been an almost endless stream of malware-infected client PCs (personally owned) reported lately. This has given me an opportunity to see just about every bit of malware under the sun. From ransomware to rootkits, it’s all come across the desk with the request to get it fixed. Malware can take various shapes and do very different things to a machine. Some sit back and are hardly noticeable while others show popups, hijack the browser, and show all sorts of alerts from the system tray. The worst is the malware that is truly malicious. It might corrupt core Windows files or services, making the PC unusable and the worst to try to clean up. Deleting the DHCP Client service on the PC to crashing the print spooler are just a few of the meddlesome problems I’ve seen lately.
When these computers come in, I like running ComboFix and Malwarebytes. Unfortunately, a lot of this malware will knock out the infected computer’s network connection. Here’s how to get the latest updates in Malwarebytes from a computer that can’t reach the Internet so your scan can be most effective at hunting the malware.
You will need access to a computer that has Malwarebytes installed and access to the Internet. Run Malwarebytes on the good PC and update the definitions to the latest. After the update finishes, close Malwarebytes. The location differs on a PC running Windows XP and one with Windows Vista/7/8.
If the good PC is Windows XP or Windows 2000, navigate to C:Documents and SettingsAll UsersApplication DataMalwarebytesMalwarebytes’ Anti-Malware
If the good PC is Windows Vista, 7, or 8, navigate to C:ProgramDataMalwarebytesMalwarebytes’ Anti-Malware
Copy and replace the rules.ref file and the configuration folder from the above directory to a USB drive or burn a CD. Install Malwarebytes on the infected machine, so include the latest installer from www.malwarebytes.org on your media.
You will paste the file and folder to the same location on the infected machine.
If Windows XP: C:Documents and SettingsAll UsersApplication DataMalwarebytesMalwarebytes’ Anti-Malware
If newer: C:ProgramDataMalwarebytesMalwarebytes’ Anti-Malware
Once the file and folder are in place, run Malwarebytes and verify that the definition date matches what the working computer was able to grab. Then, scan away and best of luck cleaning up the malware.