Downloading (Free) Virus &
Spyware Removal Programs
Our first order of business is to download the programs we will need. Many forms
of
Malware (some designed to be invisible to
the user) will hide in Temp folders, so we
will not download programs to any Temp folders
Because standard Malware
cleaning will delete everything in there. We will install and configure the programs
and then run scans in the C:\... This is the root directory Where Windows is installed.
Download
the Programs listed below:
-
CCleaner (do not run yet)
-
SuperAntiSpyware (do not run yet)
-
Malwarebytes Anti-Malware (do not run yet)
*Rename mbam-setup.exe as a work-around for malware blockage…some
malware will block the setup file to avoid detection
- ComboFix.exe
(do not run yet)
*Not compatible with
64 bit versions of Windows
*If you are running
a real time antivirus (like AVG) you must disable it or you could
damage your system while running combofix
*The same problem may exist while running McAfee
*Kaspersky may get false detections from combofix.exe and catchme.exe as
Heur.Invader (infections)… ignore these
false positives
*Some Firewalls may have
to be uninstalled to run combofix.
- MGTools
(do not run yet)
*Download this and
save to the root folder ( C:\ ) where Windows is typically stored.
You should have C:\MGTools.exe after download.
- RootRepeal (do not run yet)
*Not
compatible with 64 bit systems
Disable The User Account Control (UAC)
- Click Start, and then click Control Panel.
- In
Control Panel, click User Accounts.
- In
the User Accounts window, click User Accounts.
- In
the User Accounts tasks window, click Turn User Account Control on or off.
- If
UAC is currently configured in Admin Approval Mode, the User Account Control
message appears. Click Continue.
- Clear
the Use UAC to help protect your computer check box, and then click OK.
If it is already unchecked, then you should also notice a red shield with an X in
it
located in your system tray. Ignore any messages about the UAC being
disabled.
- Click Restart Now to apply the change right away. (Restart even if you did not
make the above change, we need to be sure that a reboot has occurred since
the first time that UAC was disabled.)
*Note: Do Not Continue Until The UAC has been disabled and you have rebooted
your system
Safety in Safe Mode
The moment you become aware that your system
has random browser windows
materializing out of oblivion
and your bandwidth mysteriously is being siphoned by
an unknown binary entity boot into safe mode; it varies with the type of PC
you
have, but try hitting F8 during boot up.
Safe Mode is a special diagnostic mode you
can
boot Windows into. Windows loads and runs the bare minimum of services in
memory, neglecting all the extra stuff that usually loads up--in many
cases, spyware
included--when you boot up Windows
normally.
Determine if it's a Virus or Spyware
It's not always easy to determine whether your PC is infected with a virus or
spyware. Often random browser windows materializing out of
oblivion and your
bandwidth mysteriously being
siphoned by an unknown binary entity may seem like
a
virus. To determine (if your infected and) exactly what you're infected with you
will need to run virus scans. Also, gather as much information as you can
and query
Google to see if any users are having
the same problems and have any possible
solutions.
You may find out more information about the infection plaguing your
system.
When in Safe Mode, it's time to run
a virus scan. Run a full system scan with your
anti-virus program set at its maximum scan settings; (consult
its manual to learn
how to do this). If you have a massive hard drive, this may take an hour or more (for
each scan), so be patient. When each scan has concluded, delete any suspected
infected files and reboot into Safe Mode. At this point you are going to install the
programs and run each scan one time.
-
CCleaner Unpack and analyze the temporary files on the system. You can
adjust according to your needs with passwords (for example), but,
clean out everything.
- SuperAntiSpyware
Unpack and follow the on screen instructions to load…
Update the Virus signatures and run a scan. Clear out all
of the bad stuff. Obtain
a log for analysis. Repair broken
Internet Connections, Desktops, Registry Editing, Task
Manager and more with the Repair System.
-
Malwarebytes Anti Malware Unpack and follow the on screen instructions to
load… Update the Virus signatures and run a
scan. Quarantine all of the bad files. Obtain a log.
The system is probably pretty clean at
this point.
- ComboFix Execute the combofix.exe file. If Safe Mode is blocked, combofix.exe
will correct this. Finish all procedures and attach the log at the end. If
you have any problems running combofix, skip this procedure and
continue on.
- RootRepeal Run rootrepeal to get a rootrepeal
log.
- MGTools Run mgtools
*Note: Each of these programs have tutorials which can be accessed
if users run into
any difficulties following
the on screen instructions.
Determine If Your Still Having Problems with
a Virus or Spyware
If you are still having
problems, you can get expert log analysis for Free at the
support forums of Majorgeeks.com, Experts-exchange.com
or
Bleepingcomputers.com. You will send them the logs from Malwarebytes
anti-malware, Superantispyware, ComboFix, Rootrepeal and MGlogs… Depending
on which forum you choose,
make Sure you submit your query once and wait for
the experts to get to your problem. Sometimes they are near real
time with their
response time and sometimes not. Be Patient. If you start multiple requests on the
same problem it will take them longer to assist
you. Your other alternative is to take
your system in to a professional Repair shop and pay money for what
can be
accomplished for free.
Problems Solved
If you are no longer having any problems,
-
Enable User Account Control
*Look into your system tray and locate the security notice alerting you to enable
UAC… Click on it to bring your security posture back to normal.
Depending
on how long you have been infected with viruses, spyware, Trojans,
etc… this malware could have saved in your system through the System Restore
Utility. If this is the case it can re-infect your system. The Virus and Spyware
removal programs ran to clean out the malware did not have access to the protected
Directory of system restore. Disabling the System Restore removes all restore points.
This removes any infected restore points. We saved this for
last in case of Disaster
(we still have a restore point).
-
Disabling System Restore
- For
Windows 7
1. Click Start
2. Right click Computer> Properties > Choose Advanced System
Settings option in left menu listing.
3. Click the System Protection tab
4. Then highlight the drive you
wish to turn off System Restore
and click Configure
5. Then choose Turn off system protection
6. Click Apply > OK
To re-enable follow steps 1 -
4 and then choose Restore system settings
and previous versions of files > Apply and OK
-
For Vista
1. Click Start
2.
Right click Computer > Properties > Choose Advanced System
Settings option in left menu listing.
3. If the UAC enabled you will get a UAC prompt at this click Continue
4.
Click System Protection tab
5. Then Untick any Drive Listed ( see pic below
) and in the popup
window click Turn Off System
Restore
6. Click Apply > OK
To re-enable System Restore, follow steps 1-4 then Tick the Drives you
wish to enable System Restore
on and click Apply and OK
-
***Disable System Restore, Reboot the system, then you re-enable
System Restore!!!
Antivirus & Antispyware
Certification Programs
When you're purchasing a
trustworthy Security Application, confirm that
West Coast Labs, the National Association of Specialist Computer Retailers, and others that require
antispyware and antivirus programs to meet stringent
requirements
to receive certification.
Are Things Back to Normal
After performing all the above, do a normal reboot (not in Safe Mode) and
determine if your PC
is still acting up. If you are still having problems, quite
possible your only other option is to completely format
your Windows drive and
do a clean install. This last resort can sometimes be a pain to do and is time
consuming,
to say the least, but you may notice that your PC has gotten back that
right-from-the-store spring in it's step!
Don't forget to back-up your data first.
Good Luck!
