thegrogster
01-16-2009, 06:03 PM
I was sent a message about how to remove a virus/adware/spyware so I did a complete write-up.
I don't have much time so I'm just copy and pasting. - I'll revise it later for instances that you can't boot into your computer, or can only get into safe mode.
My steps for removing any malicious software.
Load up computer and make sure all the following are installed.
Microsoft Security Essentials (http://www.microsoft.com/security_essentials/)
If you DO NOT have a genuine copy of Windows, use the following.
Avira Antivirus (http://filehippo.com/download_antivir/)
If you still want to use AVG Free then Here it is. (http://filehippo.com/download_avg_antivirus/)
Just don't have two or more installed at the same time.
Spybot S&D (http://fileforum.betanews.com/detail/Spybot_Search_Destroy/1043809773/1)
MalwareBytes Anti-Malware (http://filehippo.com/download_malwarebytes_anti_malware/) (it shocked me how much shit this one finds)
and/or
Superantispyware (http://filehippo.com/download_superantispyware/)
CCleaner (http://www.filehippo.com/download_ccleaner/)
As Than suggested, Superantispyware is also a very good program. Unlike virus scanners, anti-malware programs will run fine together as long as they do NOT have real-time scanners.
First step
Disable System Restore (right click my computer > properties > System Restore >Turn Off)
(Viruses love to hide in there) And then delete everything under "c:\System Volume Information" that's left over if you can get in that folder. Often times it's locked out. Once it's all deleted you can turn on system restore again if you've used it in the past. That was just to clear out the viruses that could be hiding in there.
If you can't see "System Volume Information" do the following.
In the window you're using the browse go to
Tools > Folder Options > View
Click on "Show hidden files and folders"
Uncheck "Hide protected operating system files" > you will get a prompt > click OK.
Again, you may be locked out, but don't fret. AVG and the malware scanners will manage to get in there anyway.
//--------------------------------------------------------------------------------------
Once in the computer, go to Start > Run > type in "msconfig" and click OK.
(For vista users. Click Start > type in "msconfig" in the search area and press enter)
Select the startup tab.
Uncheck EVERYTHING that does NOT have to do with AVG as it is not necessary at this point and a few of them are likely viruses.
When windows starts it'll show a dialogue box. just click "Never show this to me on startup again" or something along those lines and close the window.
Run the first three (or four) at the same time, walk away and do something else for an hour or two(Or more if you've got a shitty computer).
Come back remove as much as you can and run CCleaner. Both the cleaner and the registry sweep.
Ccleaner's registry sweep will ask you if you want to do a registry backup. ALWAYS say yes. Doing anything with the registry can damage it. Though I have never damaged it with this program and it use it on a daily basis.
Since not all Operating systems give you the ability to change ownership of folders and files I will suggest using the Disk Cleanup utility in this case since doing it manually takes time.
To run this go to My Computer
Right click on your drive c:\ or whatever your main partition is.
Click on Properties and in that first tab there is Disk Cleanup under the pie chart.
Select everything in the list (except maybe the Hibernation file if you use that feature)
And click on OK.
This will clean out your Temp folder and your Temporary Internet Files. Viruses love to hide in there.
Go back to "msconfig"'s startup tab.
Put checks on anything you WANT to start up now. Things like
Windows Live Messenger, AIM, RocketDock, and most importantly, Steam.
Anything that has a fucked up name like "as7d6hgs0.exe" is without a doubt, a virus. Others are tricky.
That's why you want to be very picky about what starts up. Since most things aren't necessary anyway.
Repeat everything in the "//---------" area for each user on the computer because they all have their own set of temp folders and locations that virus scanners can't touch.
//------------------------------------------------------------------------------------------------------------
Restart the computer for the last time and it should be removed. I usually run the scan over and over again on customer computers to make sure it's all gone because often it isn't after one sweep.
This is a long process for sure, but it's very effective. With this method, the only thing that has evaded my grasp were rootkits. Even then, there are specific scanners for those.
If you still run into problems like Rootkits, then ComboFix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) is the way to handle them.
That's a direct link. It's a very powerful program that can cause problems, though I haven't run into those problems myself. Here is the Tutorial for Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Since not all of use know what we're doing with computers and surfing the internet, I suggest keeping a copy of this handy.
I don't have much time so I'm just copy and pasting. - I'll revise it later for instances that you can't boot into your computer, or can only get into safe mode.
My steps for removing any malicious software.
Load up computer and make sure all the following are installed.
Microsoft Security Essentials (http://www.microsoft.com/security_essentials/)
If you DO NOT have a genuine copy of Windows, use the following.
Avira Antivirus (http://filehippo.com/download_antivir/)
If you still want to use AVG Free then Here it is. (http://filehippo.com/download_avg_antivirus/)
Just don't have two or more installed at the same time.
Spybot S&D (http://fileforum.betanews.com/detail/Spybot_Search_Destroy/1043809773/1)
MalwareBytes Anti-Malware (http://filehippo.com/download_malwarebytes_anti_malware/) (it shocked me how much shit this one finds)
and/or
Superantispyware (http://filehippo.com/download_superantispyware/)
CCleaner (http://www.filehippo.com/download_ccleaner/)
As Than suggested, Superantispyware is also a very good program. Unlike virus scanners, anti-malware programs will run fine together as long as they do NOT have real-time scanners.
First step
Disable System Restore (right click my computer > properties > System Restore >Turn Off)
(Viruses love to hide in there) And then delete everything under "c:\System Volume Information" that's left over if you can get in that folder. Often times it's locked out. Once it's all deleted you can turn on system restore again if you've used it in the past. That was just to clear out the viruses that could be hiding in there.
If you can't see "System Volume Information" do the following.
In the window you're using the browse go to
Tools > Folder Options > View
Click on "Show hidden files and folders"
Uncheck "Hide protected operating system files" > you will get a prompt > click OK.
Again, you may be locked out, but don't fret. AVG and the malware scanners will manage to get in there anyway.
//--------------------------------------------------------------------------------------
Once in the computer, go to Start > Run > type in "msconfig" and click OK.
(For vista users. Click Start > type in "msconfig" in the search area and press enter)
Select the startup tab.
Uncheck EVERYTHING that does NOT have to do with AVG as it is not necessary at this point and a few of them are likely viruses.
When windows starts it'll show a dialogue box. just click "Never show this to me on startup again" or something along those lines and close the window.
Run the first three (or four) at the same time, walk away and do something else for an hour or two(Or more if you've got a shitty computer).
Come back remove as much as you can and run CCleaner. Both the cleaner and the registry sweep.
Ccleaner's registry sweep will ask you if you want to do a registry backup. ALWAYS say yes. Doing anything with the registry can damage it. Though I have never damaged it with this program and it use it on a daily basis.
Since not all Operating systems give you the ability to change ownership of folders and files I will suggest using the Disk Cleanup utility in this case since doing it manually takes time.
To run this go to My Computer
Right click on your drive c:\ or whatever your main partition is.
Click on Properties and in that first tab there is Disk Cleanup under the pie chart.
Select everything in the list (except maybe the Hibernation file if you use that feature)
And click on OK.
This will clean out your Temp folder and your Temporary Internet Files. Viruses love to hide in there.
Go back to "msconfig"'s startup tab.
Put checks on anything you WANT to start up now. Things like
Windows Live Messenger, AIM, RocketDock, and most importantly, Steam.
Anything that has a fucked up name like "as7d6hgs0.exe" is without a doubt, a virus. Others are tricky.
That's why you want to be very picky about what starts up. Since most things aren't necessary anyway.
Repeat everything in the "//---------" area for each user on the computer because they all have their own set of temp folders and locations that virus scanners can't touch.
//------------------------------------------------------------------------------------------------------------
Restart the computer for the last time and it should be removed. I usually run the scan over and over again on customer computers to make sure it's all gone because often it isn't after one sweep.
This is a long process for sure, but it's very effective. With this method, the only thing that has evaded my grasp were rootkits. Even then, there are specific scanners for those.
If you still run into problems like Rootkits, then ComboFix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) is the way to handle them.
That's a direct link. It's a very powerful program that can cause problems, though I haven't run into those problems myself. Here is the Tutorial for Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Since not all of use know what we're doing with computers and surfing the internet, I suggest keeping a copy of this handy.