Spyware and Virus Removal Guide
Part 1 – Preparation.
The following steps will guide you through the process of getting your computer’s environment ready so that spyware and virus scans can run at their full potential.
1.1) Boot your computer into safemode with networking. In most cases, doing this will prevent the viruses from loading into memory. This then allows for their removal. To boot into safemode with networking, continually press F8 on your keyboard as your system is booting up. You will then be presented with a list of options. Choose “Safemode with Networking”. For more detailed instructions on how to do this, please follow the instructions outlined in the link below.
1.2) Once you are in Safemode, it is recommended that you remove your systems temporary internet files. A lot of viruses reside in the same locations as these, so emptying these directories is a good idea. It may also drastically reduce the time needed to run virus scans on your computer. The easiest way to clean out these directories is by running a free program called Ccleaner. Follow the link below to download and run the program.
1.3) Once that is done, go into control panel and remove any software you think might be malicious. Key things to look for are any programs which claim to be search helpers or toolbars for your browser. To get to control panel in most situations, you can simply click Start > Control Panel. Add / Remove Programs will be listed there.
1.4) The following is an excerpt from http://www.bleepingcomputers.com which outlines how you can remove potential threats from your systems startup. This is an essential part of the process which should not be overlooked.
“Download and extract the Autoruns program by Sysinternals to C:\Autoruns
- Reboot into Safe Mode so that the malware is not started when you are doing these steps. Many malware monitor the keys that allow them to start and if they notice they have been removed, will automatically replace that startup key. For this reason booting into safe mode allows us to get past that defense in most cases.
- Navigate to the C:\Autoruns folder you created in Step 1 and double-click on autoruns.exe.
- When the program starts, click on the Options menu and enable the following options by clicking on them. This will place a checkmark next to each of these options.
- Then press the F5 key on your keyboard to refresh the startups list using these new settings.
- The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs, but you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries. It is important to note that many malware programs disguise themselves by using the same filenames as valid Microsoft files. it is therefore important to know exactly which file, and the folder they are in, that you want to remove. You can check our Startup Database for that information or ask for help in our computer help forums.
- Once you find the entry that is associated with the malware, you want to delete that entry so it will not start again on the next reboot. To do that right click on the entry and select delete. This startup entry will now be removed from the Registry.
- Now that we made it so it will not start on boot up, you should delete the file using My Computer or Windows Explorer. If you can not see the file, it may be hidden. To allow you to see hidden files you can follow the steps for your operating system found in this tutorial:How to see hidden files in Windows”
- Include empty locations
- Verify Code Signatures
- Hide Signed Microsoft Entries
Once these steps have been completed, your system should now be ready for you to run virus scans on it.
Part 2 – Virus Removal
Again, we are going to borrow the procedures outlined in http://www.bleepingcomputers.com ‘s Virus, Spyware, and Malware Removal guide.
“Use an anti-virus and anti-malware program to remove the infections
Make sure you are using an anti-virus program and that the anti-virus program is updated to use the latest definitions. If you do not currently have an anti-virus installed, you can select one from the following list and use it to scan and clean your computer. The list below includes both free and commercial anti-virus programs, but even the commercial ones typically have a trial period in which you can scan and clean your computer before you have to pay for it.
- Kaspersky Anti-virus
- ESET Nod32
- Microsoft Security Essentials
- Trend Micro
It is also advised that you install and scan your computer with MalwareBytes’ Anti-Malware and SUPERAntiSpyware. Both of these are excellent programs and have a good track record at finding newer infections that the more traditional anti-virus programs miss. Guides on how to install and use these programs can be found below.
Another useful program to note is called Combo Fix. You can download Combo Fix by going to http://www.combofix.org/
If you are still infected after following these steps, it is recommended you take your system to a professional to get it cleaned out. In some cases, once a virus has infected your computer – the damage is done and it is very difficult to repair the issues it has caused. Simply removing the virus might not be enough.