I feel very confident that this procedure has an excellent chance of ridding you of whatever pest or virus ails your pc. It will take some time, so be patient. Keep in mind that this is a reactive response to a situation that has already inflicted possibly serious damage to your pc. Sometimes we are not successful, but we can try. The programs listed here are some of the best on the market and you stand a very good chance of fixing your pc if you are patient and methodical. Your only other choice is to search out someone who knows how to search through your startups, registry and processes for atypical filenames and delete them. Not too many of us around and we can can't guarantee we can totally clean a system anyway. Sometimes you get your butt kicked by these bad boys. You always have to weigh the amount of time needed to clean a system as opposed to reinstalling Windows. Also how important the data on drive is to you and if it is backed up. Fist thing I would try is a new tool generously supplied by Sunbelt for free called Vipre Rescue. Note: VIPRE Rescue is updated very regularly with the latest definitions. When you need VIPRE Rescue, always first come to this site and download the latest version. You can check the version number (e.g. VIPRERescue5701.exe) which will be incrementing with each update.
Download VIPRE Rescue
Next, when possible, one of the best methods I've used in the field is the slave drive method. I purchased the following usb device just for this: 
| Obviously you need another PC or a trusted friend's PC. Remove the infected drive and attach it to another clean PC with the following docking unit. This makes your primary, infected drive look like a usb data drive on the clean PC. Make sure you can see the files on the newly attached infected drive, but don't run any programs from the infected drive. Note: You don't need this device to use your friend's PC. You can always just install it directly into the PC as a data drive. Most likely all you will need is a sata cable and power cable that is available in the 2nd PC. Go to "Control Panel" -> "Folder Options", and click on the "View" tab at the top of the "Folder Options" window. You are going to want to change the following options: Turn ON: Display the contents of System Folders Turn ON: Show hidden files and folders Turn OFF: Hide extensions for known file types. Turn OFF: Hide protected operating system files (Recommended)
Check the following folders and delete their contents, but not the directories themselves. Assuming the new PC assigned your new usb drive the letter F: - F:\TEMP
- F:\Windows\TEMP
- F:\Windows\Profiles\UserName\Local Settings\Temp
- F:\Windows\Profiles\UserName\Local Settings\Temporary Internet Files
- F:\Windows\Profiles\UserName\Local Settings\Application Data\Mozilla\Firefox\Profiles\SomeRandomName.default\Cache
- F:\Documents and Settings\UserName\Local Settings\Temp
- F:\Documents and Settings\UserName\Local Settings\Temporary Internet Files
- F:\Documents and Settings\UserName\Local Settings\Application Data\Mozilla\Firefox\Profiles\SomeRandomName.default\Cache
Now scan your drive on this new PC. Your chances are much better of detecting and removing the virus/spyware. This process has never failed me so far. |
If the above procedures were not successful then continue on ....... Note: When dealing with an infected machine it is best to try and remove the virus / spyware while Windows is in Safe Mode! Keep activating safe mode after every instructed reboot until directed otherwise or until you think your pc is clean. You activate safe mode by pressing F8 during the early stages of Windows startup. Just keeping hitting F8 every few seconds during the boot up cycle then select Safe Mode. How to Boot Into Safe Mode:
Generic - Any OS
Windows XP
How to perform a clean boot in Windows XP 1st Thing To Try: Did you first try and restore your registry settings ( XP & Later ) via Windows Restore? How To Use System Restore Try restoring your system first to a previous date when you knew your system was running fine. We might get lucky right off the bat. Note: Hopefully you are still able to download and run programs. If not, use your other pc or go to a friend's house and save all these programs to a CD or USB stick. It's worth having these programs around for the future anyway.
First Things First - Download the following programs, if possible, from the net. We will use these later. Don't run them now! We first need to prep our pc before we can run these programs. Note: Some viruses prevent the installation or execution of these programs. They recognize these programs and block the installation or execution by resetting their permissions. Try renaming the execution file or setup file and try it again. Sometimes this fools them. If not have your friend download them. First we download our Scanners - These are the best and we might need them all if You have More than 1 Virus/Spyware! 1> Download AVG Free - AVG Free free 2> Download MalwareBytes - Malwarebytes free 3> Download SpyBot Search and Destroy - Spybot S&D free 4> Download Ad-aware - Ad-Aware free 5> Download Privx - Prevx - 30 Day Trial 6> Download A-Squared - A-Squared free 7> Download HiJackThis - hijackthis free How to use HiJackThis 8> Download this Startup Program Lister - Startup free 9> Download Trojan Hunter - Trojan Hunter 30 Day Trial
1: Turn System Restore OFF and turn it back on when you are all done with this document. Viruses have been known to make themselves resident in the Windows System Restore section, which is a protected area, Read Only! Turning System Restore off deletes all these possibly infected files. Turn it back on when you know your system is clean. Reboot! How to use System Restore 2: Start the computer in safe mode by pressing F8 during start up. Stay in Safe Mode until the end and every time you reboot unless directed otherwise or until you are sure your system is clean 3: Launch IE and go to Internet Options and Cleanup the Garbage. On the General Tab - Middle Section - Temporary Internet Files: Delete Cookies, delete temp Internet files, and delete your History. Go Into Settings, View Objects and remove all items that are listed there by highlighting them all and by right clicking and selecting remove. These are Active X components that will get reinstalled when you go back to a web page that really needs it. Major source of viruses! A better and more automatic method for cleaning IE and all of Windows is by using a system cleaner. I prefer A1Cleaner. Keep this in mind for the future. It's really a necessary evil for Windows. I set it to run automatically on a weekly basis. Note: Sometimes viruses prevent or disable Internet Explorer from working. Try and get a copy of Opera or Firefox downloaded from your 2nd PC or from your friend and install that. 4: Go to Start, Run and type %temp% this will open a folder with all the temporary files on your computer. You should be able to safely delete all these files. Use Ctrl + A and press the del key. REBOOT 5: Go To Recycle Bin and Empty it! 6: Go to the Control Panel, System, Advanced, Performance, Settings, Virtual Memory Make note of the size of the page file listed under Virtual Memory first , you will be restoring this number and the paging file later. Change the page file swap size to zero (No Paging File) and reboot to safe mode again. Many viruses like to hide here as well. The only way to delete it is to set your size to zero. 7: We are now ready to start scanning with all the software we downloaded: We might get lucky right away. Select one of the scanners and allow it to scan your pc. Record the name and location of any suspected viruses or spyware the scanners may find. Note: You may or may not know the name of the infecting program ( malware ). Sometimes scanners will identify the virus but not be able to remove it. There are databases online where you can enter the virus name and get very specific help with the removal of said virus. Virus Encyclopedias So write down any info you can about the virus and return to these search engines once you think you know the name! Or go to the SpywareGuide Encyclopedia You can now run any of the other programs you downloaded at this point as well. I would start with these two. AVG Free and MalwareBytes 8: As an option, if you can connect to the net, you can try these online virus scanners as well. They are free! Record exactly the malware names, file names and locations, of any malware the previous scans turned up. Quarantine then cure (repair, rename or delete) any malware found. 10: If any viruses were found and not automatically cleaned, then go back to the Virus Encyclopedia and enter the name of the virus. There might be some specific Virus Removal instructions for the virus you just found. Here are additional sites with specific Virus Removal tools: Note: Why Some Infected Files Cannot be Deleted Through Windows Explorer When you delete the file through Windows Explorer (or My Computer) the file is first moved to Windows Recycle Bin (located in \Recycled folder or similar). So, from the anti-virus products point of view, you're trying to move the file to different location. This is prevented, and you might get some kind of Windows error message. Delete the infected file with SHIFT+DELETE command (that is, keep SHIFT pressed while pressing DELETE). That way the file will be deleted immediately, and it won't be moved first to Windows Recycle Bin. 11: Download HiJackThis and run the program on your machine, making sure to save the resultant log file as a text doc. Now take your log file contents and submit it to the following site: HiJackThis Log Analyzer (copy and paste the contents) The analyzer will further analyze your registry for any hidden⁄suspicious spyware⁄viruses. The output from the analyzer will suggest that certain entries be deleted. Go back and run the program again and this time select all the suspicious entries found by the analyzer so they can be deleted. Now let HiJackThis delete all the entries and then reboot. Scan your pc once more with HiJackThis and make sure everything is clean. NOTE: To end a process (program) that won't terminate any other way, 12: If still infected then install and run each of the spyware scanners you downloaded in turn. Keep in mind that each of these programs has specific strengths and we may need to run each program to fully ensure that your system is clean. NOTE: At this point your system might ⁄ should ⁄ could be clean if indeed you found some viruses ⁄ spyware and successfully cleaned them from your system. Try booting up normally and test the system once again. One final virus scan in normal mode with your favorite scanner couldn't hurt at this point. If the virus ⁄ spyware persists then it's time to drop back and punt. You might want to think about a reload or seeking professional help. http://www.silentrunners.org/sr_thescript.html You also need to start thinking about the time involved and wasted trying to rid yourself of this virus. Is it worth it? 13: If You've Lost Internet Access after Removing the Viruses) and Spyware, don't fret. This is typical. Download a copy of LSPFIX from the URL below - some malware can kill your internet connection when it is removed, and this software should get things going for you again: http:⁄⁄www.cexx.org⁄lspfix.htm You can also get a copy of WINSOCKFIX available at: http:⁄⁄www.spychecker.com⁄program⁄winsockxpfix.html Or go here and download this tool - XP Smoker TCP/IP - Winsock Repair Hopefully at this point your system is clean and working normally.
Restore Your Settings:
1: Turn System Restore back on.
2: Go reset you paging file back to what it was before.
3: Delete the directories and their assc. files you downloaded or the dir you created earlier if no longer needed.
4: Boot up normally and scan your system one more time in normal mode. Do some research into how you can make your system more protected, because obviously whatever you had before just wasn't enough. I personally run Trend Micro, SpySweeper, Spyware Blaster, Ad-Aware, & Spybot. Yes, that is correct. I run all these concurrently on my system. It does rob me of some performance, but my system has been virus / spyware free for 2 years now. All the more reason to buy a more powerful pc. It's unfortunate that we have to take such measures and spend so much money to protect ourselves, but such is the state of things. Something else I might suggest is having a disaster recovery backup on hand. I use Acronis True Image and Drive Clone Pro and I have to say that it works great. It runs in the background creating backups automatically on a daily or weekly basis if you prefer. Once infected you can initiate a restore and within 20-30 min you are back up and running. I also recommend a separate external usb hard drive to store the backups on. Hopefully next time you'll be prepared, because there will be a next time. Count on it. | 
