Monday, 31 October 2016

Use Tron to automatically clean an infected Windows system

Tron by 'vocatus' is a large Windows script that will automatically 'spring-clean' an infected/unwell Windows system. After Tron has been run, the system should be free from infection and may also run faster than before.

You will need to be able to boot to the Windows system (in Safe Mode+n/w mode) and you will need internet connectivity for best results.

If you download the self-extracting Tron .exe file, you can keep it on your E2B USB drive (but disconnect the E2B drive and any other USB drive before starting Tron.bat, or else it will needlessly scan those drives too).

Boot from the infected Windows system and then run the self-extracting Tron .exe file to add the Tron folder onto the current user's desktop. Then open the Desktop Tron folder and run tron.bat as Administrator to start the process (you will need to type 'I AGREE' first).

If you are not already in Safe Mode + Networking, it will restart Windows in Safe Mode for you and you can then run Tron.bat again.

Later, (10-30 mins or so) into the process, you will need to manually click on the MBAM 'Scan' button to allow the Malwarebytes Anti-Malware app to start a scan (but this does not stop the other cleanup processes from running at the same time in the background).

If Tron has problems running because the Windows system is in a 'strange' state, try booting to a Windows Install ISO (or .imgPTN file) and running a 'Repair' operation first.

For a detailed description of exactly what Tron does, see here.

Note that you should not run this on a 'healthy' system because it may have undesirable affects (such as removing cookies, dropbox, changing the Registry, updating Windows, changing power settings, defragging drives, page file settings, remove Metro apps, OEM bloatware, etc.).

Tron.bat accepts command line parameters to control it's actions (e.g. tron -a) and you can also change it's default behaviour by adding environment variables into the run.bat file (a simple GUI for Tron would be useful!). The batch files are well documented, so it is easy to understand what they do.

Once you start a 'Tron run', it may take 3-10 hours to run stages 0 to 7, and it should not be cancelled once started (but there is a 'Tron reset tool' if you need to cancel it's affects and get out of Safe Mode). So Tron provides an almost-fully automated way to 'clean' a system without needing someone to run loads of different AV/cleanup utilities manually every 20 minutes or so.

Stage 0: preparation
Stage 1: cleanup
Stage 2: de-bloat
Stage 3: disinfect
Stage 4: repair
Stage 5: patch
Stage 6: optimize
Stage 7: wrap-up

Tron also includes a stage_8_manual_tools folder which contains the following useful utilities:

  1. ADSSpy: Scans for hidden NTFS Alternate Data Streams
  2. AdwCleaner: Popular user-suggested adware removal tool
  3. aswMBR: Rootkit scanner
  4. autoruns: Examine and remove programs that run at startup
  5. ComboFix: The "scorched-earth policy" of malware removal. Only works on Windows XP through Windows 8 (not Windows 8.1/10 or above)
  6. PCHunter: Tool to scan for rootkits and other malicious items. Replaces gmer
  7. Junkware Removal Tool: Temp file and random junkware remover
  8. Net Adapter Repair: Utility to repair most aspects of Windows network connections
  9. Remote Support Reboot Config: Tool to quickly configure auto-login and other parameters for running Tron via a remote connection.
  10. Safe Mode Boot Selector.bat: Batch file to quickly select bootup method to use (Safe Mode, Network, etc). 
  11. ServicesRepair.exe: ESET utility for fixing broken Windows services
  12. Tron Reset Tool: Tool to quickly reset Tron if it gets interrupted or breaks while running
  13. VirusTotal uploader tool: Uploads a file directly to VirusTotal for scanning
You can run these tools individually, if needed.

P.S. If you find Tron useful, the author accepts bitcoin donations...