My Profile Photo

luke.geek.nz


An IT Engineer with a love for all things IT including (but not limited to), Microsoft Azure, Automation and Service Management!


Windows Antivirus – Installation & Scanning Guide

The following procedures will outline the installation instructions of third party Antivirus and Anti-malware tools that do include Rootkit scanning and removal. The Trend Micro utilities should be run first and if possible a virus sample collected and sent to Trend Micro. The following utilities are included in this: AVG Antivirus Free, CCleaner, ClamWin Antivirus, CWShredder, HijackThis, Malwarebytes Anti-malware, Microsoft Security Essentials, Rootkit Revealer, Spybot Search & Destroy.

Offline Updates to these products are found at the following locations (that should be downloaded and copied to the USB flash drive to allow offline updating at time of incident) and ran after the anti-malware or antivirus utility has been installed.

AVG Antivirus – http://free.avg.com/au-en/download-update

ClamWin Antivirus – http://www.clamwin.com/content/view/58/27/

**

** Malwarebytes Anti-Malware – http://data-cdn.mbamupdates.com/tools/mbam-rules.exe

**

** Search & Destroy – ht[tp://www.majorgeeks.com/files/details/spybot_search_and_destroy_update.html

](//www.majorgeeks.com/files/details/spybot_search_and_destroy_update.html)

Note: In order to fully utilize these utilities, the user must have local administration rights to PC to install the software.

Collect Suspicious Files and System Information with Trend Micro

  1. Download the Anti-Threat Toolkit by clicking your operating system version below:

32-bit

64-bit

  1. Read the Trend Micro License Agreement. Once you click I Accept, the download will start.

  1. Choose the preferred directory where the tool will be stored then click Save.
  2. Log on to the computer that is possibly infected by a malware. Copy the Anti-Threat Toolkit into the infected computer.
  3. After copying the Anti-Threat Toolkit, right-click the tool and then click Run as administrator.

  1. Click Yes when the User Account Control window appears.
A Command Prompt window will appear to show the system forensic analysis progress.

A browser window will appear after the analysis finishes.

  1. Click Proceed to send the information the tool collected to Trend Micro Technical Support. You will receive a temporary ID number that you can use when you contact Trend Micro Technical Support.

  1. The Trend Micro Anti-Threat Toolkit folder will appear on the same folder where you ran the tool.

Go to Trend Micro Anti-Threat Toolkit folder > Output.

You will find a .ZIP file with the filename containing the timestamp and GUID.

Do either of the following:

If you have an existing case, send a copy of the .ZIP file together with the temporary ID number to the engineer who is handling your case.

Trend Micro Anti-Threat Toolkit:

For computers with internet connection

Online Scan / Clean Tool (32-bit)

Online Scan / Clean Tool (64-bit)

For computers without internet connection

Offline Scan / Clean Tool (32-bit)

Offline Scan / Clean Tool (64-bit)

  1. Read the Trend Micro License Agreement, then click I Accept to agree with the EULA and download the tool.
  2. Click Save when the File Download window appears.
  3. Select Desktop as the download location, then click Save.
  4. Log on to the computer that is possibly infected by a malware. Copy the Anti-Threat Toolkit into the infected computer.
  5. After copying the Anti-Threat Toolkit, right-click the tool and then click Run as administrator.
  6. Click Yes when the User Account Control window appears.
  7. Click Scan Now when the Trend Micro Anti-Threat Toolkit window appears.


  1. The scan may take some time. The tool will scan your computer and list the threats it finds.


  1. The tool will show a summary of the scan. Click Fix Now to clean your computer

Trend Micro Rootkit Buster

To use the Rootkit Buster:

Download the Rootkit Buster file that corresponds to your system type and save the file on your desktop. You may check first your version of Windows operating system when you are not sure with your system type.

32-bit

64-bit

Do either of the following:

For Windows XP: Double-click RootkitBuster.exe to run the file.


For Windows Vista, 7 and 8: Right-click RootkitBuster.exe, then select Run as administrator. The following error message appears when you do not run the installer with administrator privileges:


  1. Read the license agreement.
  2. Select I accept the terms of the license agreement, then click Next.


  1. Click Scan Now.


  1. Wait for the program to finish scanning your computer until you see the result of the scan.


  1. Tick the detected threats, then click Fix Now.


  1. Wait for the Trend Micro Rootkit Buster to fix the threats.


  1. Click Restart Now to finish the cleanup.


Trend Micro Rescue Disk

  1. Click Download to begin.
  2. If prompted, click Save or Save As, and save the file on your computer’s desktop.

While the installer downloads, prepare one of the following:

  • Blank CD or DVD (do not use a rewritable disc)
  • Empty USB Drive (128MB or larger)
    NOTE: The drive will be reformatted before creating Rescue Disk, and anything already on the USB drive will be lost. Please back up any important files before using a USB drive for Trend Micro Rescue Disk.
  1. When you have finished downloading the file, double-click the Trend Micro Rescue Disk icon to start the installer.

To launch your computer from a CD or DVD, you must set the BIOS to boot from a different device. While the exact procedure differs from computer to computer, the overall process is usually like this:

Insert the disc or USB drive into the computer.

Restart the computer.

When the computer powers up again, look for a BIOS setup message, which often looks like “Press [KEY] to run Setup” where [KEY] might be Delete, ESC, or one of the F1–F12 keys.

Once the BIOS Setup Utility has opened, look for a tab labeled Boot, Boot Order, or Boot Options.

AVG Antivirus

  1. Run “avg_free_x64_all_2015_*.exe”
<img src="https://i2.wp.com/luke.geek.nz/wp-content/uploads/2015/10/103015_0604_WindowsAnti21.png?w=1500" alt="" data-recalc-dims="1" /> **and select Next

**

  1. **Click on Accept

**

  1. **The license number will automatically get generated as part of the Free version of AVG. Make sure there is a license number applied then click Next

**

  1. **Select Standard Install and click Next

**

  1. **This will now start the AVG installation (wait for this process to complete)

**

  1. **Once completed. Uncheck “I want to help AVG improve its products by sending anonymous usage data as part of AVG’s” and select Finish

**

**

**

  1. **Once installed you will be greeted with the AVG splash screen. Press Scan Now

**

  1. **Click Scan Whole Computer to start the AVG scan

**

ClamWin Antivirus

  1. *Run “clamwin--setup.exe” and select Next

**

**

**

  1. **Accept the License Agreement and select Next

**

**

**

  1. **Select Anyone who uses this computer (all users) and select Next

**

**

**

  1. **Verify installation path is set: c:\Program Files (x86)\ClamWin as default and select Next

**

**

**

  1. **Click on Custom Installation and make sure that “ClamAV Files & ClamWin Files” are the only objects selected and click Next

**

**

**

  1. **Click Next

**

**

**

  1. **If you are connected to the Internet – select “Download Virus Database Files” if you are not unselect the checkbox.

**

**

**

  1. **Select Install

**

**

**

  1. **ClamWin Antivirus will now install

**

**

**

  1. **Select Finish to complete the installation

**

**

**

  1. **Open ClamWin Antivirus and select the drive mapping you would like to scan (for example to scan the Operating System select (C:) and select Scan

**

**

**

  1. **ClamWin Antivirus will now scan the computer for viruses.

**

**

**

RootkitRevealer

  1. **Extract RootkitRevealer.zip and run RootKitRevealer.exe

**

  1. **Click Agree

**

**

**

3. Click Scan

Trend Micro CWShredder

  1. Run cwshredder.exe and click “I Agree” on the license agreement


  1. **Select Scan Only to scan the computer for any CoolWebSearch malware that may exist on the computer.

**

  1. **If it detects any select Fix.

**

Malwarebytes Anti-Malware

  1. *Run mbam-setup-.exe and select Ok

**

**

**

  1. **Click on Next to start the Malwareytes installation

**

**

**

  1. **Click on “I accept the agreement” to accept the agreement and click on Next

**

**

**

  1. **Select Next to continue installation

**

**

**

  1. **Verify installation path is: C:\Program Files (x86)\Malwarebytes Anti-Malware and select Next

**

**

**

  1. **Verify the below information and click Next

**

**

**

  1. **Make Click Next

**

**

**

  1. **Verify the installation information is correct and press Install

**

**

**

  1. **Uncheck “Enable Free Trial of Malwares Anti-Malware Premium” and if you have access to the Internet select “Launch Malwarebytes Anti-Malware” if you don’t uncheck this and select Finish

**

**

**

  1. **Once Malwares Anti-Malware is loaded you will be greeted with the following screen press Scan Now to start the scan

**

**

**

  1. **Malwarebytes Anti-Malware will than scan the computer for any malware this detects.

**

**

**

Spybot Search & Destroy

  1. Run “spybot-*.exe”
<img src="https://i1.wp.com/luke.geek.nz/wp-content/uploads/2015/10/103015_0604_WindowsAnti61.png?w=1500" alt="" data-recalc-dims="1" /> **and accept lanuage.

**

**

**

  1. **Click Next to start the Spybot installation

**

**

**

  1. **Select “… installing Spybot for personal use, and will decide later.” And click Next

**

**

**

  1. **Select “I want more control, more feedback and more responsibility”

**

  1. **Click I accept the agreement and select Next

**

  1. **Verify the installation path is: C:\Program Files (x86)\Spybot – Search & Destroy 2 and click Next

**

**

**

  1. **Select Full Installation and click Next

**

**

**

  1. **Unselect all checkboxes and select Next

**

**

**

  1. **Verify installation information is correct and click Install

**

**

**

  1. **Spybot Search and Destroy is now installing

**

**

**

  1. **If you are connected to the Internet, click on Start a System Scan to download the latest definitions and run a scan if you are not uncheck all and click Finish.

**

**

**

  1. **Open Spybot and click Cancel on creating the Whitelist.

**

**

**

  1. **Click on System Scan and Start a Scan to start a scan of the system for malware.

**

**

**

Misc

The Trend Micro support page is a relevant resource: http://esupport.trendmicro.com/en-us/default.aspx

comments powered by Disqus