General Cleaning Instructions

Discussion in 'malware problems & news' started by Blackspear, Oct 10, 2004.

Thread Status:
Not open for further replies.
  1. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    GENERAL Virus and Trojan removal Instructions.​




    Disclaimer: The following procedure is to be used at your own risk!

    Wilders Security Forums assumes no responsibility for any problems that may result from your use of the steps or tools described within this procedure. Once a system has been infected, attempts to clean the infection can result in further damage, data loss or additional problems.







    BEFORE you start, UNDERSTAND something very clearly;

    If the steps below do NOT fix your problem

    You will have to post a “HijackThis Log” at one of the security forums that provide spyware cleaning services.

    Wilders Security does NOT provide Spyware Cleaning Services!



    For the most part what I have suggested fixes the greater majority of problems out there...however, it does NOT fix everything.






    Please PRINT out the following Instructions and read them FULLY before proceeding.


    After this follow each step in order, and ONE step at a time.



    Do NOT go onto a further step until you have completed the one you are on.


    Also make sure you have the very latest version of each product mentioned and they are fully up-to-date.






    If you use Forum specific software, such as NOD32, you may want to place a new thread in one of these forums regarding your problem, as there are Moderators and experienced people involved in each. They will be able to help you further with these programs. You still may be directed back to this thread to follow the instructions below.





    Step 1. Update your Anti-virus program. If you do not have an Anti-virus software program, please download a free version from here and update it. Do NOT run this YET.

    NOTE: do NOT install an additional Anti-virus or Anti-Trojan software program if you currently have one, as this may cause further problems.



    Step 2. Download Winsock XP Fix available here. Do NOT run this YET.



    Step 3. If you don't have a firewall package, download and install a free one such as Zone Alarm – a firewall with visual outgoing alerts to see what is trying to access the internet, available here. A list of other free firewalls can be found here.



    Step 4. Download Stinger (free) – Offline Virus removal tool, available here. Do NOT run this YET.



    Step 5. Download one of these Anti-Trojan packages: TrojanHunter (eval) or Ewido (free/ 'plus' version eval). Install and update it. Do NOT run this YET.



    Step 6. Install and update Spybot Search and Destroy (free) – Spyware removal and protection, with registry monitor, available here or here. Install and update it. Do NOT run this YET.



    Step 7. Download “Ad-Aware” (free) – Spyware removal. What Spybot Search and Destroy doesn’t pick up, this will, and vice versa. Ad-Aware is available here or here. Install and update it. Do NOT run this YET.



    Step 8. Download “CWShredder” (free) – Specific Spyware removal tool, available here. Install and update it. Do NOT run this YET.



    Step 9. Download “VX2 Cleaner” (free) – Specific Spyware removal tool, available here. Do NOT run this YET.

    NOTE: Make sure you choose the correct version for your Windows operating system.



    Step 10. MAKE SURE YOUR ANTI-VIRUS IS FULLY UP TO DATE with the latest virus signatures, BEFORE continuing.



    Step 11. Turn OFFSystem Restore”, this applies only to Windows ME and Windows XP:



    WARNING: Turning OFF System Restore means you will NOT be able to ROLL BACK your computer to the current state it is in.


    Windows XP Instructions (reference with screen images)

    1. Right click on the “My Computer” icon on the Windows desktop.

    2. Click “Properties”.

    3. Click on the “System Restore”.

    4. Place a tick in “Turn off System Restore on all Drives”.

    5. Click OK.

    6. Close and RESTART your system.


    OR


    Windows ME Instructions (reference with screen images)

    1. Right click on the “My Computer” icon on the Windows desktop.

    2. Click “Properties”.

    3. Click on “Performance”.

    4. Click “File system”.

    5. Click “Troubleshooting”.

    6. Check “Disable system restore”.

    7. Click on OK.

    8. Close and RESTART your system.



    Step 12. Restart your system again in “SAFE MODE” by pressing/tapping F8 while booting up your computer.

    Further instructions of placing your system into “SAFE MODE” can be found here as pressing/tapping the F8 key does not always work with some computers.



    Step 13. Delete your TEMP files by doing the following:

    Open up Internet Explorer.

    Click on Tools.

    Internet Options.

    General TAB.

    Temporary Internet Files.

    Delete Files.

    Delete All Offline Content.



    While in “SAFE MODE” do ALL of the following and REMAIN in SAFE MODE until Step 21:



    Step 14. Run a scan with your “Anti-virus Program” or the program you downloaded above.

    NOTE: If your Anti-virus has a Quarantine feature – USE IT when asked/offered to do so.



    Step 15. Run a scan with “Stinger” the program you downloaded above.



    Step 16. Run a scan with the Anti-Trojan program you use or downloaded above.



    Step 17. Run a scan with “Spybot Search and Destroy” the program you downloaded above.



    Step 18. Run a scan with “AdAware” the program you downloaded above.



    Step 19. Run a scan with “CWShredder” the program you downloaded above.



    Step 20. Run a scan with “VX2 Cleaner” the program you downloaded above.



    Step 21. Reboot your system into NORMAL MODE.



    Step 22. Run the ONLINE virus scan found here, or run one from the list found here.



    Step 23. Make sure your Windows is FULLY up-to-date (NO EXCUSES) by doing the following:

    While on the Internet, Click on Internet Explorer (the Blue “e”)

    Click on Tools (on the bar at the top of your screen in Internet Explorer)

    Click on Windows Update.

    This will take you to the Microsoft Windows Update page where you need to follow the on screen prompts, starting with “EXPRESS INSTALL”. Install ALL “Critical Updates” and “Service Packs”.



    REPEAT STEPS 12 to 22, THREE TIMES, as some Viruses, Trojans and Spyware can be very elusive.



    If all the above steps do NOT fix your problem please download and run "HijackThis" found here and post your log at a security forum that provides spyware cleaning services.

    Keep in mind the following quote:

    If after or during the above cleaning process you find that your internet connection has been broken, please run the Winsock XP Fix application that you downloaded in Step 1 at the beginning of this post.


    OR


    Proceed with the following to delete the corrupted registry keys, and then reinstall the TCP/IP protocol.


    Step 1. Delete the corrupted registry keys

    1. Click Start, and then click Run.

    2. In the Open box, type regedit, and then click OK.

    3. In Registry Editor, locate the following keys, right-click each key, and then click Delete:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2

    4. When you are prompted to confirm the deletion, click Yes.

    NOTE: Restart the computer after you delete the Winsock keys. Doing so causes the Windows XP operating system to create new shell entries for those two keys. If you do not restart the computer after you delete the Winsock keys, the next step does not work correctly.



    Step 2. Install TCP/IP

    1. Right-click the network connection, and then click Properties.

    2. Click Install.

    3. Click Protocol, and then click Add.

    4. Click Have Disk.

    5. Type C:\Windows\inf, and then click OK.

    6. On the list of available protocols, click Internet Protocol (TCP/IP), and then click OK.

    7. Restart the computer.



    Securing your Computer when it is Clean​


    As you have been brought to this post because of an infected computer, when your system is clean you should take a look here: Why did I get infected in the first place? Also, for further discussions on security and how to make your system that much stronger, see here for what people use as well as here and here.


    After all of the above, please let us know how you go. Sharing your experience and the results you had can help us all to learn…

    Cheers :D

    Blackspear.



    Many thanks for the wisdom and knowledge of all of those that assisted in developing this thread - the members and moderators of Wilders Security...
     
    Last edited: Jun 8, 2006
Thread Status:
Not open for further replies.