This entry was posted on Thursday, July 9th, 2009 at 2:54 pm.
When dealing with viruses and spyware, its very important to follow these instructions very carefully and precisely. Some malware runs through critical Windows processes, and if the following instructions are not followed precisely, your system will most likely remain infected with spyware and viruses or become corrupted and unable to boot. Note: These instructions are written for Windows XP, but many of the following techniques apply to other Windows NT-based operating systems such as Vista or Windows 2000. However, read carefully; XP-only steps will be noted. Part 1: Cleaning the major infections. 2. Run full hardware diagnostics. This means run Drive Fitness Test and memtest86+, utilities to test out your memory and hard drive. Click here for instructions on how to do this. **At this point, if you have any Operating System other than Windows XP (such as Vista or 2000), scroll down to Part 2. Do not attempt to run ComboFix as outlined below on any OS other than Windows XP** 3. Boot into Safe Mode with Networking. Turn on/restart your PC and begin tapping the F8 key as soon as the manufacturer’s logo disappears. The following menu will appear. Be sure to select “Safe Mode With Networking”, not “Safe Mode” 4. Once Windows boots, login to your regular account. This account must be an administrator account, not a limited user account. If you are unsure, just go ahead and log into the account titled “Administrator” 5. Click OK at the following prompt to continue: 6. The first thing we want to do is clear out some of the nastiest viruses. These are the viruses that run through critical system processes, are drivers, services, or rootkits. One of the best and easiest to use programs to do this is called ComboFix. It will go through your computer and clean out the worst spyware and virus infections. Go onto your Internet browser and download the first file to the right called ComboFix. Click here for a direct link. Save this file to your desktop, and run it when it completes. 7. You will be presented with the following screen. Read the disclaimer, understand that every system is different and there is always a chance that any tool, including ComboFix, can make the problem worse. type 1 and then hit Enter to continue. If you decide not to run ComboFix, be sure to type 2 and press enter rather than simply closing the window: 8. ComboFix will then begin to scan your PC. If it finds any major infections, it will automatically remove them at the end. This process may take a long time to complete. Do not interrupt it, and do not click in the window while it is working. It may take upwards of 20 minutes to complete, and it will automatically restart your computer. 9. After your PC automatically reboots, it will boot into normal mode. A window will pop up telling you that it is preparing the log report. Don’t interrupt this, and wait until the log report appears to continue. Part 2: Remove the remaining infections. 1. Reboot the system into Safe Mode With Networking again (See Step 3 in Part 1 for directions on how to do this) . You are now ready to begin removing the remaining infections on your PC. The first application we will run is a free and effective AntiVirus scanner called Dr. Web. Download Dr. Web CureIT to your desktop using this direct link 2. Run the downloaded file, and click “Start.” Dr. Web AntiVirus will begin an express scan of your PC. Do not interrupt it. When it finishes, you will see a screen similar to the following: 3. Choose the Custom Scan, click the icon of Drive C so a red dot appears on it, then click the green arrow on the center right side of the screen to start scanning. This may take many hours, so let it run. Dr. Web usually takes much longer than your standard AntiVirus program to scan. If the program prompts you to Move an infected file, tell it to Move all infected files: 4. Highlight any viruses it finds at the end of the scan, then choose “Delete” to remove them. Be careful, Dr. Web has been known to report some false positives, mainly with AOL applications, so be sure not to delete those. 5. The next step in the process is to run an AntiSpyware/AntiMalware application to remove the remaining infections. The most effective application I’ve found is MalwareBytes Anti-Malware. This free scanner will detect and remove even the most persistent infections. Download from the following link and install it: MalwareBytes Anti-Malware 6. Install MalwareBytes Anti-Malware and be sure to leave both the “Update” and “Launch” options enabled at the end of the installation. The program will install, update and then open to the user interface. Select a Full Scan and click on Scan at the bottom right side of the window. The scan will run and then show every detected infection. Continue the removal and allow it to remove anything found. You may be asked to restart your system. Allow it to restart normally into normal mode at this point: 8. Your system should be pretty much completely clean now. It is now time to continue on and finish by tuning up your computer’s performance.
1. The absolute first step to do is backup your critical documents, pictures, etc. Backup data to DVDs or an External Hard Drive. Avoid backing up any data downloaded off of P2P networks such as Limewire or BitTorrent. Its most likely those files are where the virus came from. Click here for instructions on how to do this.
Now that ComboFix has removed the majority of the infections, we will now continue on to removing the rest of the infections using standard software.
