RatHat's Anti-Malware Page





BFU Scripts

CMD Scripts

Delphi Applications

Useful Links


Change Logs


Staying Clean
Once you have had malware removed from your computer, it is important to try to minimise the risk of further infection. Below are some tips on ways to do this.

Remember though, that safe web practices are the only real way to ensure you do stay clean.




System Restore Points

Once you are clean it is absolutely essential to Reset and Re-enable your System Restore. This will remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.

Restart your computer.

Turn ON System Restore.

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.

System Restore will now be active again.

Now you need to create a new System Restore Point:

  • Download SysRestorePoint to your desktop and unzip it to it's own folder.
  • Double click SysRestorePoint.exe so that we can make a new system restore point.
  • A box will pop up after it has made a new point, usually after a few seconds. Close that window and exit the program.


Automatic Updates

Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.
Java Runtime Environment

In addition to Windows updates, you also need to ensure that your version of Java is the latest. Visit Sun Java's website and download the latest version (Java Runtime Environment (JRE) 6 Update 16). Once downloaded, install it and then Reboot your computer.

It is most important that you also uninstall older versions of Java.

  • Click Start, Control Panel, Add/Remove Programs.
  • Delete all Java updates except Java (TM) 6 Update 16
Backup Important Files!

The importance of backing up (making copies on a separate device) all your important files cannot be stressed enough. With the development of the latest polymorphic file infecting malware such as Scribble/Virut effecting even Word documents and JPG photos, having a clean backup is imperative if you want to ensure you will keep all your favourite files.

When creating backups it is always best to store them on an external device, such as CD's/DVD's, External Hard Drives, Flash Drives, or Internet File Storage sites and Online Backups. The method you choose will be dependent on how many files you need to back up, and how much you are prepared to spend on the devices required for storing your files. To help you decide it is useful to run a google search on the device types, for instance googling Online Backups will bring your these results.

My personal preference is to use External Hard Drives. These are relatively cheap, and can be reused for additional backups. It is useful to have backup software installed on your computer. Windows has its own backup software already installed and can be utilised for weekly backups, following these guidelines.

Another very useful backup method is syncronising folders using a free download from the Microsoft Download Center named SyncToy v2.0. This will allow you to create "folder pairs" , where everything in a folder of your choice, is copied to an identical folder on an external device. This can be done with multiple folders, and it will check for modified files only to be copied on subsequent backups. This is very useful if you backup all of your "My Documents" contents. A very good tutorial on the use of SyncToy can be found here.


Anti Spyware Programs

Below are a few good, free Anti Spyware programs that can help reduce the chances of infection. It is important that you only have one Anti Spyware program offering Real Time protection.

  • SpywareBlaster helps to prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. This program offers Real Time protection. A tutorial can be found here.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here.
  • Spybot Search & Destroy a powerful tool which can "search and destroy" nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. Spybot offers Real Time protection if  'Tea-Timer' is enabled. A tutorial can be found here.
  • AdAware another very powerful tool which searches and kills nasties that infect your system. A tutorial can be found here. AdAware and Spybot Search & Destroy compliment each other very well.

Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.


Anti Virus Programs

It is absolutely essential that one Anti Virus program be installed, and offering Real Time protection. There is no advantage to having more than one AV installed on a computer, in fact this can lead to a drain on system resources, and the reporting of 'false positives' as the two programs conflict.

If you have a paid subscription with one of the 'Major' Anti Virus companies, Norton, McAfee etc, it is worth keeping it. Once the subscription has expired though, you may well choose one of the following free Anti Virus programs instead. Be sure to uninstall any old Anti Virus program before installing one of these.



A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through. Coupled with a good free Anti Virus, a firewall can help offer you very good protection against further malware problems.

As with an Anti Virus, only one Firewall should be installed on a computer.

Safer Web Browsers

Internet Explorer has many exploits and is targeted by a lot of malware. It is recommended that you use a different browser, to make it safer for browsing the internet. The following are very good alternative browsers.

Firefox also has some very useful add-ons to increase the safety of your browsing. The following can be easily installed and will help protect your system from attack. An explanation of what each does along with download instructions can be found at the links below


Additional Safety Measures

Sandboxie is one of the best methods of ensuring your browsing remains safe. Sandboxie runs your programs in an isolated space (Sandbox) which prevents them from making permanent changes to other programs and data in your computer. A one-time registration fee of 22 Euros  will give you a life-time registration key to this and all future versions of the Sandboxie program.

ATF Cleaner is a temporary (temp) file cleaner that you are likely to have been asked to run while your computer was being cleaned of malware. In addition from clearing out all the junk that legitimate programs will leave behind when running, ATF cleaner will remove any malware files that get placed in temp file directories (Folders), so is well worth running every week or so.

SpamArrest is an online spam checker that works by having genuine emails confirmed once by the sender. If the email is not confirmed it will be moved to a junk folder for you to review online. You can add your entire address book into your list of accepted contacts so they will not have to go through the procedure. It is not free, but it is a very good way to get rid of spam email, and all the associated risks that go with it.

MailWasher allows you to preview emails before downloading them into your computer. You can delete them directly from the server if they are junk, thus reducing the likelyhood of downloading malicious attachments or emails with links to malware hidden as legitimate links. There is a free version or a paid Pro version.

Secunia Software Inspector allows you to check that your programs are up to date with the latest security updates. Many older software versions may contain security leaks, so it is worth running this check to make sure you have the latest patches.




P2P File Sharing

P2P programs such as Limewire, Azureus, Kazaa, Ares, Shareza etc are a hotbed for malware downloads. It is highly recommended that you avoid P2P programs at all costs. If you do use P2P programs, you are opening yourself up to infection, which even the best Anti Virus and Firewall software will not protect you against. For further information about the 'perils of P2P' see this article.

With the latest trend in malware turning towards polymorphic file infectors such as Scribble/Virut and Sality, it is becoming imperative to steer clear of both P2P programs and Cracks/Keygens. These programs are now becoming the main means of infection for Scribble/Virut and Sality, and should you become infected by one of these file infectors, the only means of cleaning a computer is by Reformatting and Reinstalling all programs!

See this excellent article by miekiemoes for more information about this type of malware.


Cracks and Keygens

Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems, so my advice is; Stay away from them! To learn a bit more about the perils of cracks and keygens, have a look at this article by TrendMicro.


Porn Sites

A lot of malware now originates from porn and other dubious websites. It must be understood that the malware writers know where people go when they surf the net, and know that porn sites are places where people will download unverified videos and pictures which can easily have malicious code attached. Use at your own risk!


Email and Email Attachments

With spam email being so proliferate nowadays, an easy way to spread malware is to add an attachment to a legitimate looking email. You open the attachment unwittingly, and activate the malware. Another way that malware writers attract people to download their goods is to add a seemingly legitimate link into an email, but to really point to a website loaded with junk. So as a rule of thumb, NEVER open email attachments that are from unknown sources, and NEVER follow links placed in emails unless you know the site that is being pointed to.