-
1
- #1
I created a program that is available on my web site, and it is completely free. I work in IT and have been using it for several months now, and it is the absolute best approach to killing virus and malware infections that I have yet seen.
The program must be used proactively in order to restore a Windows 2000, XP, or 2003 Server machine when it gets infected. By that I mean it should be run, at a minimum, after installing any software or updates. It can be run interactively or automatically with command line switches. It is a "free standing" program that doesn't require any type of installation. It is relatively small at only 84K.
For customers in my part time business I schedule it to run once a week (takes less than 2 minutes). In an enterprise environment, like where software and updates are "pushed" to workstations from a server, it can be included as the last step in the push.
The program uses the built-in NTBackup.exe to make a "system state" backup to file. This includes the registry and all Windows OS files (usually over 2,000 files). However, it goes a step beyond the normal system state backup and includes the registry portion of ALL user profiles on the computer (normal system state only includes the "current user"). This was added to prevent malicious entries in a user profile from reinfecting the machine when that user logs on.
You can also instruct it to create a "system files list", which is a list of all files in the root of the system drive, all files in the \Windows folder (or winnt) and all subfolders, and all files in the \Program Files folder and all subfolders. Just like the system state backups, you can keep as many of these lists as you want to. If the machine becomes infected, you can select a previously created system files list to use as a reference and create a descrepency list that shows you all files that were not on the machine before or that have had their dates changed. This makes finding virus/malware files extremely easy. From the descrepency list you can select which files you want the program to delete. It can even delete files that are locked in use because it loads the file names into the registry to be deleted on reboot.
The optimum way to use the program is to:
1. Create backups and system file lists at regular intervals.
2. If the machine becomes infected, select the most recent backup taken BEFORE the infection occured. Restore the backup and reboot.
3. No viruses or spyware are now running, but there might be dormant files left on the hard drive. Run a descrepency list against a previous system files list (normally the same date as the backup you used to restore from). Instruct the program to delete the bad files on reboot.
4. The machine is now clean, which is why I named the program TheCleanMachine.
Another handy feature is that you can add files to the "delete on reboot list" by simply doing a drag-and-drop onto the program executable or a shortcut to it. This is great when Windows won't let you delete a virus file. Just drag-and-drop the file, run the program and instruct it to execute the deletion list, then reboot and its gone.
There's lots of examples on my web site and there's a full Users Manual that explains every operation in detail.
My web site url is:
Good luck. Larry.
The program must be used proactively in order to restore a Windows 2000, XP, or 2003 Server machine when it gets infected. By that I mean it should be run, at a minimum, after installing any software or updates. It can be run interactively or automatically with command line switches. It is a "free standing" program that doesn't require any type of installation. It is relatively small at only 84K.
For customers in my part time business I schedule it to run once a week (takes less than 2 minutes). In an enterprise environment, like where software and updates are "pushed" to workstations from a server, it can be included as the last step in the push.
The program uses the built-in NTBackup.exe to make a "system state" backup to file. This includes the registry and all Windows OS files (usually over 2,000 files). However, it goes a step beyond the normal system state backup and includes the registry portion of ALL user profiles on the computer (normal system state only includes the "current user"). This was added to prevent malicious entries in a user profile from reinfecting the machine when that user logs on.
You can also instruct it to create a "system files list", which is a list of all files in the root of the system drive, all files in the \Windows folder (or winnt) and all subfolders, and all files in the \Program Files folder and all subfolders. Just like the system state backups, you can keep as many of these lists as you want to. If the machine becomes infected, you can select a previously created system files list to use as a reference and create a descrepency list that shows you all files that were not on the machine before or that have had their dates changed. This makes finding virus/malware files extremely easy. From the descrepency list you can select which files you want the program to delete. It can even delete files that are locked in use because it loads the file names into the registry to be deleted on reboot.
The optimum way to use the program is to:
1. Create backups and system file lists at regular intervals.
2. If the machine becomes infected, select the most recent backup taken BEFORE the infection occured. Restore the backup and reboot.
3. No viruses or spyware are now running, but there might be dormant files left on the hard drive. Run a descrepency list against a previous system files list (normally the same date as the backup you used to restore from). Instruct the program to delete the bad files on reboot.
4. The machine is now clean, which is why I named the program TheCleanMachine.
Another handy feature is that you can add files to the "delete on reboot list" by simply doing a drag-and-drop onto the program executable or a shortcut to it. This is great when Windows won't let you delete a virus file. Just drag-and-drop the file, run the program and instruct it to execute the deletion list, then reboot and its gone.
There's lots of examples on my web site and there's a full Users Manual that explains every operation in detail.
My web site url is:
Good luck. Larry.