STEP 1: SCAN COMPUTER FOR INFECTIONS AND FIX OPTIONS
1. The most important thing you can do is make sure you know what you’re up against. Run these online scanners to help figure out what is infecting your system:
-
http://housecall.trendmicro.com/-
http://www.pandasecurity.com/homeusers/solutions/activescan/STEP 2: TURN OFF SYSTEM RESTORE
1. Turn off Windows System Restore Points:
a. Right Click on My Computer
b. Click Properties
c. Click System Restore Tab
d. Check the box next to: Turn off System Restore on all Hard drives
i. Malware can sometimes be restored from previous restore points, this will help the removal process run more smoothly
2. Click Apply and OK
STEP 3: GO TO ADD/REMOVE PROGRAMS TO CLEAR KNOWN MALWARE
1. Before scanning the computer you can remove certain malware programs from the Add/Remove Programs list in the Control Panel in Windows XP
2. Open the Start Menu and select Control Panel
3. In the Control Panel, select Add or Remove Programs
4. Look through the list for anything suspicious
5. Search
http://www.google.com/ for any program you are not sure about.
6. Uninstall and follow the directions on any program that you decide to remove.
STEP 4: REMOVE TEMPORARY FILES
1. Go to the Start Menu and select Control Panel and click Internet Options.
a.Click the “Delete” button and delete all browsing history (temp files, internet files, cookies) and any settings stored by add-ons.
2. Open My Computer and click the Tools Menu and select “Folder Options.”
a. Next click on the View Tab and click in the circle next to “Show Hidden Files and Folders” then click OK.
3. In My Computer click on the C Drive > Documents and Settings > USERNAME (do this for as many names as you have on the computer) > Local Settings > Temp.
a. Now go to the Edit Menu and click “Select All.”
b. Once all the files are selected hit the “Delete” key.
4. Open the Start Menu, mouse over All Programs> Accessories> System Tools> and select Disc Cleanup
a. Select C Driver and click OK
b. Check any boxes listed here
c. Click OK and Yes
5. Download, install, and run CCleaner:
-
http://www.ccleaner.com/STEP 5: MALWARE REMOVAL TOOLS
1. Trojans, Worms, Key Loggers, Viruses, and Spyware are all very difficult to remove with just a single program. That is why it is recommend to run several programs to aid in the removal process. I recommend running each of the following programs listed below in order. Not all the programs are freeware and require purchase, you don’t have to run that program but I recommend looking into it if the results come back with your computer still being infected. Still, after all the freeware programs have run through your computer should be clean of any infection.
NOTE: It is recommend to run these programs in Safe Mode for the best results!
2. Freeware – Rogue Remover: This is a handy little program that can help remove some of the well known programs that plague computers. It's good at removing false antivirus programs that might be popping up while you are on the computer.
-
http://www.malwarebytes.org/rogueremover.php3. Freeware - Malwarebytes' Antispyware - This program has gained a lot of popularity for the text document it creates to outline what has been removed. On overall removal it is about par for antispyware, but it does a good job getting some of the Vundo files out at the beginning. A good program for the first sweep.
-
http://www.malwarebytes.org/mbam.php4. Freeware – Spyware Doctor: In my personal experience and on sites like PC World, PC Magazine, AV-Testing, Spyware Doctor is the #1 at removing malware. If there is one tool you use then make sure it is this one.
-
http://www.download.com/Spyware-Doctor-Starter-Edition/3000-8022_4-10754824.html5. Freeware – AVG Anti-Spyware: I’m not a huge fan of the AVG Antivirus but I’ve found that their Anti-Spyware does have a good kick to it. It can find a lot of the obscure malware programs some of the others might miss.
-
http://free.grisoft.com/6. Freeware – SUPERAntiSpyware: This program has the capability to detecting a lot of annoying pieces of malware, not quite as top notch as the paid versions but good enough.
-
http://www.superantispyware.com/7. Freeware – Spybot: This one gets a lot of advertising bots and other malicious programs.
-
http://www.safer-networking.org/en/index.html8. Trialware – Counterspy: With a surprisingly powerful engine I find that Counterspy will power through the system and pick up the mess a lot of the previous programs might have missed.
-
http://www.sunbelt-software.com/Home-Home-Office/Anti-Spyware/9. Trialware – Spy Sweeper w/AV: I always save one of the best for last. Although Spy Sweeper may not have the best removal engine, it has been proven time and time again as the best active protection Spyware program. Also their Spy Sweeper with Antivirus is powered by Sophos which makes it quite a powerful program. It’s a $30 or more depending on the version you want but this is well worthwhile. This is one that you want to have for active protection.
-
http://www.webroot.com/registration/trialRegistration.php?lang=en10. Trialware – Registry Mechanic – You can purchase the full version for $30 but I find it does a pretty good job of cleaning up in the end even with just the trial.
-
http://www.pctools.com/registry-mechanic/?ref=afl_onenetworkSTEP 5: ADDITIONAL MALWARE REMOVAL TOOLS
Note: These Programs should not be necessary after running the previous programs, but they are good enough to do a nice cleanup if necessary.
11. With a few stubborn files I find that the following programs will sometimes have a slight edge.
Smitfraud Removal:
-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.phpVundofix:
-
http://vundofix.atribune.org/12. Freeware – Ad-Aware 2007: Just because, does a great job finding cookies and small time malware.
-
http://www.lavasoftusa.com/software/adaware13. Freeware – Spyware Terminator: Although you might have almost cleaned out the complete infection it doesn’t hurt to run this guy to double check your work.
-
http://www.spywareterminator.com/STEP 6: HIJACKTHIS
1. Many times malware can hide itself in the computer to avoid detection, or change the file name it uses. HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. Some items are perfectly fine. You should not remove them. Never remove everything. Doing that could leave you with missing items needed to run legitimate programs and add-ins.
-
http://www.download.com/3000-8022_4-10781312.html2. If you are unsure how to use this program then follow this guide.
-
http://www.whatthetech.com/hijackthis_v2/3. After running a scan make sure to post the log on the following website so the experts can analyze it for you.
-
http://www.geekstogo.com/forum/register.htmlSTEP 7: SCAN COMPUTER FOR INFECTIONS
1. Once more I recommend going to the online scanner just to be sure that you were able to remove all the malware infections:
-
http://housecall.trendmicro.com/-
http://www.pandasecurity.com/homeusers/solutions/activescan/STEP 8: TURN ON SYSTEM RESTORE
1. Turn on Windows System Restore Points:
a. Right Click on My Computer
b. Click Properties
c. Click System Restore Tab
d. Uncheck the box next to: Turn off System Restore on all Hard drives
2. Click Apply and OK
STEP 9: WINDOWS UPDATES
1. It might seem simple butting running the Windows Updates on the system will help it against vulnerabilities of future malware problems.
-http://windowsupdate.microsoft.com
STEP 10: SETUP PROTECTION
1. Now that the system has been cleaned you want to protect it from happening again. I would recommend the following anti-virus and anti-spyware programs to help protect the machine.
2. Anti-Virus
a. Avast: In overall scans I found that this comes in at the top for virus and spyware protection amongst the free anti-virus programs.
-
http://www.avast.com/b. Avira: In the same scans I found that Avira comes in a very close second to Avast for virus and spyware protection.
-
http://www.avira.com/en/pages/index.php3. Anti-Spyware
a. Spyware Blaster: This is a powerful utility that helps to block potential spyware problems from browsers and websites.
-
http://www.javacoolsoftware.com/spywareblaster.htmlb. PC Tools Threatfire: This program is a behavioral detector that is capable of blocking a vast majority of malicious programs. Best part is, it’s free! This is a must have on your freshly cleaned system.
-
http://www.threatfire.com/c. Spy Sweeper w/AV: As I said before this one is the best that I’ve come across. You will have to pay for it yearly for the protection but the price is not to high to deter from the purchase.
-
http://www.webroot.com/En_US/index.html?rc=50824. Firewall
a. Comodo Firewall: With amazing ratings this free firewall has stormed to the top of the list.
-
http://www.personalfirewall.comodo.com/STEP 11: SYSTEM RECOVERY
1. In a worst case scenario if the following steps do not clean your system, even after purchasing the software, you would want to do the system recovery on the computer. Just make sure you backup your important files before formatting. This will format the hard drive and erase any problems the computer was happening before restoring it to a factory default state that it came from the manufacturer.
REVIEW SOURCES:
Spyware Doctor:
http://www.pcmag.com/article2/0,1759,2106191,00.aspAVG Antispyware:
http://www.pcworld.com/article/id,136193/article.htmlSuper Antispyware:
http://www.pcmag.com/article2/0,1759,2127210,00.aspSpybot:
http://www.pcmag.com/article2/0,1759,1830047,00.aspCounterspy:
http://www.pcmag.com/article2/0,1759,2100539,00.aspSpy Sweeper w/AV:
http://www.pcmag.com/article2/0,1759,2152041,00.aspAd-Aware 2007:
http://www.pcmag.com/article2/0,1759,2155541,00.aspSpyware Terminator:
http://www.pcmag.com/article2/0,1759,2167808,00.aspAvast:
http://www.pcmag.com/article2/0,2704,1864592,00.aspAvira:
http://www.pcmag.com/article2/0,1759,1864580,00.aspPC Tools Threatfire:
http://www.pcmag.com/article2/0,1759,2191333,00.aspComodo Firewall:
http://www.pcmag.com/article2/0,1759,2236657,00.aspSee Also:
http://ultcomprepair.blogspot.com/2008/07/generic-virus-related-issues.html
+Disabled.bmp)
Posts
