Home

Virus/Trojan Removal Instructions

"The only way to clean a compromised system is to flatten and rebuild. That's right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (re-install Windows and your applications)..."

After doing all of the following steps, get yourself some disk-imaging software and learn how to restore your system from a "known clean image" so you don't have to go through this again (that's what I do).

Update Windows!

1.Ensure the built-in firewall is enabled (remove/disable, 3rd party firewall).

2.Control Panel\Internet Options (I use CrapCleaner for this)
General tab
Under 'Browsing history' click the 'Delete...' button to delete temporary files, history, cookies etc..
Advanced tab
Under 'Security' [check] 'Empty Temporary Internet Files folder when browser is closed'.
Click the OK button.

3.Update Windows (did I say that already?)

4.On-demand AV applications.
David H. Lipman's Multi_AV Tool (4 scanners)
--Direct Download--
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
--and/or--
Kaspersky's AVPTool
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
-- direct download--
http://ftp.kaspersky.com/devbuilds/AVPTool/
There's no updating involved since the scanning engine is updated several times a day and you simply download the updated scanner whenever you want to do a scan.

--and--
Dr.Web's  CureIt! (Free)
http://www.freedrweb.com/cureit/
There's no updating involved since the scanning engine is updated several times a day and you simply download the updated scanner whenever you want to do a scan.

--then install, update the def files and scan your system with--
Malwarebytes Anti-Malware (Free)
If you can’t update the def. files, you can get them here:
http://www.malwarebytes.org/mbam.php

--and--
SuperAntispyware  (Free)
If you can’t update the def. files you can get them here:
http://www.superantispyware.com/definitions.html

If you operating system is considered clean by the above scanners and booting/running normally:
Flush your System Restore Cache
Right click "My Computer" icon and select Properties from the drop down list.
On the system Properties click on System Restore Tab and [check] 'Turn off System Restore on all drives'.  Click 'Apply' then click OK . Reboot.
Right click "My Computer" icon and select Properties from the drop down
list.
On the system Properties click on System Restore Tab and [uncheck] 'Turn
off System Restore on all drives'.
Note: ensure that under 'Available drives' the Status of Drive does show 'Monitoring'.
And then manually create a Restore point. Read more here:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore

If your current  Anti-Virus is expired  then remove it and download/install:
Avira AntiVir Personal (Free)
http://www.free-av.com/
(The free version won't scan your emails.)
Unless you are using Microsoft Outlook or Lotus Notes (MAPI or VIM), scanning email is worthless.
Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm
Ensure your e-mail program is configured to display e-mail messages in 'Plain Text' only.

Then, to make sure you got all the nasties out, download and execute HiJackThis! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is required in any of the forumsbefore posting a HJT log and please read the 'stickies' (instructions/guidelines) for the respective HJT forum.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http:www.theeldergeek.comforumindex.phps=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://forum.malwareremoval.com/viewforum.php?f=11
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://www.techmonkeys.co.uk/forums/viewforum.php?f=8
http://forum.networktechs.com/register.php
http://forums.maddoktor2.com/index.php?showforum=17
http://www.bluetack.co.uk/forums/index.php?showforum=172
http://forums.subratam.org/index.php?showforum=7
http://www.wilderssecurity.com/forumdisplay.php?f=26
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://www.lavasoftsupport.com/index.php?showforum=36
http://forum.piriform.com/index.php?showforum=12

More Links

Routinely practice Safe-Hex.
Opera@USB (no-install version-just unzip all files into its own folder)

Firefox with AdBlock/NoScript/WOT installed (free)
http://en-us.www.mozilla.com/en-US/firefox/

MVPS Hosts file (free)
http://www.mvps.org/winhelp2002/hosts.htm

Thunderbird for e-mail (free, don't forget "plain text")
http://www.mozilla.com/en-US/thunderbird/

Turn off un-needed Windows Services
http://www.jasonn.com/turning_off_unnecessary_services_on_windows_xp

Update Java (free), delete old versions before updating
http://www.java.com/en/download/index.jsp

Decrapify your PC (free)
http://pcdecrapifier.com/download

Remove Adobe Acrobat Reader and use PDF-XChange Viewer (free)
http://www.docu-track.com/home/prod_user/PDF-XChange_Tools/pdfx_viewer

CrapCleaner (free)
http://www.ccleaner.com/

JKDefrag (free)
http://www.kessels.com/Jkdefrag/

Buy a router with a built-in firewall. You can get one for under 50$US.

Check out what you download! Here is a list of on-line, single-file scanners.