What is Reddit's opinion of
Kaspersky Rescue Disk?
From 3.5 billion Reddit comments
18 reviews of this app found across Reddit:
I recently found a video (hopefully it’s OK to link YouTube videos here) about cleaning up infected PC’s mention Kaspersky RescueDisk. If you have another computer and a USB drive, I would recommend this first (use a free tool called rufus to make the USB).
After running that, if you are still unable to install malwarebytes, you might just be better off with a clean install of Windows.
In that situation, it's best to boot from an antivirus Linux environment (personally I'd go for https://support.kaspersky.com/viruses/rescuedisk). That way you can do a clean sweep of the OS drive without any files loading into your system memory.
Do a complete scan with Malwarebytes, then run ADWCleaner, JRT. If these programs don't work it's because the virus is preventing them to work properly, it also can prevent you from rebooting into safe mode.
You need to break its permissions so it will stop interfering, here's is howto (taken from the last comment of here: http://www.tomsguide.com/answers/id-3554527/windows-process-manager-virus-hogging-resources-processing-power-ram-background.html)
>I GOT IT! My solution was actually incredibly simple.
>I opened 'Task Manager'
>'Right Clicked' the problem program "Windows Process Manager"
>Go over to 'Properties'
>Select 'Security'
>Select 'Advanced'
>'Remove'
>'Deny' everything
>'Disable Inheritance'
>Apply everything.
>Since doing this I have not seen the Process Manager in my task bar and my CPU usage is back to normal.
After breaking it, run a complete scan of Windows Defender, Malwarebytes, JRT, ADWCleaner and Kaspersky (you can use the free trial)
If all of that fails, you'll need to download the Kaspersky Rescue Disk ISO: https://support.kaspersky.com/viruses/rescuedisk#downloads , burn it to DVD or transfer it to USB and boot from it to do a deep scan without the virus interfering.
What I always do is to download Kaspersky's Rescue Disc (https://support.kaspersky.com/viruses/rescuedisk). Burn the iso on a cd or make a bootable usb drive, boot from it and scan your pc using the Rescue Disc. After that, run Malwarebytes AntiMalware to scan your pc, and after that do another complete scan by installing a trial version of ESET antivirus, just to be sure. If you still have problems after that, I'd just blow away the whole installation and format your drive and do a complete reinstall.
Antivirus companies now offer those. Eset has one https://www.eset.com/ph/support/sysrescue/ Kaspersky too https://support.kaspersky.com/viruses/rescuedisk if you know name of the worm that infected your computer, you may also find specialised tools for removing just that bugger.
Dunno why you're downvoted, this is the most reasonable measure. If you have a spare FD lying around. I recommend making a bootable Kaspersky Rescue Disk. It comes with kaspersky cleaner kit (obviously) and other supporting tools such as web browsers to search for extra solutions.
I'm typing this on my phone, and I don't have access to the original virus so I'm only going off of what I see from hybrid analysis. You're computer is off, leave it off until I or someone else can give you a more detailed answer. If it's already running, here's a few things to get you started.
Download Process Explorer ( https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer ) and run it. In the preferences/settings tab on the top you can also tell it to submit hashes to virus total if you'd like.
Look for the processes "storagewmi.exe" "powershell.exe" and "235121.exe" If you find them, right click them and suspend them.
They'll most likely be unsigned, if that makes them easier to find.
I wouldn't recommend killing the processes, as a lot of viruses use persistence to automatically restart themselves if they see they've been killed.
As stated in the other comment you can never go wrong with running Malwarebytes and Hitman pro just to be safe.
If you or your tech savvy friend know how, running a Live PE antivirus is probably the safest way to get rid of it. That way it's not able to encrypt any of your files or do any damage in between now and however long it takes your antivirus to get rid of it.
https://support.kaspersky.com/viruses/rescuedisk
If you've never used a live CD sometimes it won't boot unless you change some settings in your bios. Try it, and then if not then feel free to leave it if you're not comfortable changing anything there.
Try scanning with some of rescue disks, that way you're sure malware doesn't interfere with scan process:
If you don't want to format, there are a couple of boot discs you can create to help remove the virus. Kaspersky rescue (https://support.kaspersky.com/viruses/rescuedisk) and bitdefender rescue (http://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html) discs. Kaspersky is pretty good for getting rid of rootkits and bitdefender should get a fair bit of whatever else is leftover. Boot into safe mode when you're done and like everyone else is saying, run malwarebytes. If it still will not let you install or run malwarebytes, try running rkill (http://www.bleepingcomputer.com/download/rkill/) first, then you should be able to load malwarebytes.
At least you got a reply from support!
To be honest, it's such a 'generic' crash that it's hard to pinpoint without actually running a debugger on your machine. It could be almost anything.
However, here are some more things to try:
- Disable any kind of in game overlay or game hook, this includes Teamspeak, Mumble, Ventrilo, Steam Overlay, AMD Gaming evolved, Razer Synapse, FRAPS, NVIDIA ShadowPlay, Twitch, etc.
- Temporarily Disable any kind of anti-virus or anti-malware (make sure to re-enable it!)
- Run an anti-virus or anti-malware program, preferable one with a bootable disk
- Run memtest
- Go through your Task Manager and close anything that isn't directly required for running Rift.
You also said RIFT crashed after you closed the crash handler. It shouldn't do that. Check your application event logs, and see if there are clues in the error details.
https://support.kaspersky.com/viruses/rescuedisk
download this and burn it to a cd, run it on boot. if that doesn't work format your hard drive.
this is not an issue with adblock, more than likely it's the mental capacity of the user.
kaspersky has a free to download live linux cd that is meant for this purpose and has easy to use preloaded tools for removing viruses outside of windows. I personally use Puppy with some preloaded tools that was made for me by a coleague for this, that I use in my shop
EDIT: sorry forgot to post a link https://support.kaspersky.com/viruses/rescuedisk
I would try Kaspersky Rescue CD (others are available, but it's the only one I have experience, and good ones, with). Download the ISO, write a CD (or USB stick) and boot off of that. It loads without Windows being touched, so no infection hiding behind what looks like legit services etc.
Remember the rescue CD needs internet access as it needs to download the latest virus definitions.
Run PortExpert, it shows all apps that are connected to the Internet, see if you notice anything fishy.
Then as a final check, run the Kaspersky Rescue disk at a bootable USB and let it scan, this should be enough to check for a majority of risks.
I highly suggest you turn off the system. Get another PC and write/burn Live USB/CD with antivirus. Boot from that media and check the system.
These are good to go:
You need to either boot into safe mode and do a total virus sweep, or even better, use a virus program with bootable media. Kaspersky Recovery 10 can be burned to DVD or USB and used to boot, then clean your system.
System restore points can include malware. So it's not really 100% safe to roll back to them. The best method to clean a system is to scan it while it's not running, so malware can't hide. If you have time for that I would advise to run a rescue CD/USB. This could take relatively long, so it's probably best when you start it in the morning and let it scan while you're at work.
After that you should restore broken Windows files. Regsvr32.exe serves a purpose and you should have a clean copy of it. It should come back when you use sfc /scannow.
>I actually haven't needed an AV at all for about a year until this happened
Yup, that's what insurance is all about... You never need it until something happens
Regarding Unchecky - I'm not sure. It's been recommended to me by colleagues but I haven't used it myself. Their site should answer any questions.
Does your MWB have rootkit scan enabled?
Also, perhaps try Kaspersky rescue disk if it keeps coming back every reboot.