These are the things I do to most all computers I service. These instructions are specific for Vista and Windows 7, mostly Windows 7, but they can be adapted to XP, the basics are the same, but the details will differ.|
You should read this entire article before proceeding.
It is usually necessary to have access to another computer to download programs or look up instructions, but if the infection isn't too severe, you can work on the infected computer. If you are working this way, don't disconnect from the Internet until you download or update Malwarebytes and MSE, info below.
If I think there is malware or a virus on the computer, I disconnect it from the Internet as soon as practical; you can always reconnect when you need to. For a desktop, if you can easily reach the network cable on the back, unplug it. But if it's hard to reach, you use a wireless connection, or you're just not sure about that, click on your network icon and open the Network and Sharing Center. On the left menu click 'Change adapter settings' then right click on the adapter you are using, Ethernet (a cable) or wireless. Choose Disable and left click it. (If you are not sure which way you connect, disable them both.) Now you are safely off the Internet. To undo this later, do the same things but click Enable. Some laptop's have a wireless switch, if you know how to use it, that's good too.
If it's really bogged down, I want to use SuperAntiSpyware's Portable Scanner first. You should download a fresh up to date copy. Do this on another computer if necessary.
Get this file to the desktop, either by downloading it there or copying with a flash drive from another computer. There are instructions on the web page, but your download dialog boxes will look different. In IE9, use Save As to make sure it winds up on the desktop. Find it on the desktop, double click it, click Yes to the admin prompt, say OK to English and follow the instructions to run a scan. Use the default 'complete scan' or take it up to Rescue Scan if a scan won't run. Wait.
Wait some more.
It will find a lot of tracking cookies, these can and should be removed, but they are not a real problem. If this is all it finds, you have other troubles. Call me. If it finds more, let it remove whatever it finds and agree to a reboot if asked. After Windows comes back up, drag the install file to the recycle bin. If all seems well, you can reconnect to the Internet.
If it's a lesser trouble, or in addition after running the above, I download and install Malwarebytes Anti-Malware. I install this and run it even if there are no spyware complaints. Get it HERE. Download this to the desktop and run it. Say Run to the first dialog box, Yes to the admin prompt and OK for English. Agree your way through the install, the defaults are OK, including the final run it and update it. And the OK for the update done. There will be a box asking if you want the trial of their paid version, Decline it. Run the default scan when it finally comes up. When it's done remove what it finds and agree to a reboot if asked. After Windows comes back up, drag the install file to the recycle bin.
Now that you have cleaned up your machine, let's keep it clean. Download and install Microsoft Security Essentials (MSE) from HERE. Download it to the desktop. Before running the install you should uninstall whatever antivirus you have. You should be disconnected from the Internet whenever you are not protected by a working antivirus program. So follow the directions above to disconnect and open the uninstall control panel applet. In Vista and Win7 - Start, Control Panel, Programs and Features. In WinXP - Start, Control Panel, Add Remove Programs. After the appropriate applet is open, find the AV program in the list and click Remove. Follow the prompts to completely remove it including settings and virus vault (if asked). Reboot, even if it doesn't ask.
When it comes back up you should still be off the Internet. And Windows Security will be complaining that you don't have an AV program installed, ignore it. Find where you downloaded MSE to the desktop and double click it to run it. Agree to the various prompts as above. Also agree to be part of the customer improvement program. After it installs, it will want to update, you will need to reconnect to the Internet for that to work. If it asks for a reboot, do that when prompted. After it updates and scans, go to the Settings tab. Change When to Daily. Set a time when the computer will be on, but maybe less used (Lunch time? Break time?) so it will update daily. Change the CPU usage to 30% or less. Save Settings and you are done.
I recommend MSE to all my customers and it works well as an antispyware and antivirus with a small footprint (doesn't bog things down like many AV programs do) and no annoying prompts to buy the full version as it is the full version and it is free.
If you have a specific malware that prevents you from doing any of the above, contact me. Or if you want to have a go at it yourself, research it. You will need the name of your infection, like XP Antivirus 2012 (sounds OK doesn't it? It's not.) Google this name and add the word 'removal' and find a forum where the instructions seen doable to you. Bleeping Computer is a good place, but there are many other places where help can be found. Most of the more well known infections will have detailed instructions on their removal. Find one and follow it. Good Luck, it can be tough. Removing a multi level infection in an XP computer can take all day. The computer should be disconnected from the Internet as soon as the infection is indentified as it will just download more stuff and reinforce its difficulty of removal. You could also try System Restore if you catch the infection early. I would still install and run Malwarebytes and MSE even if all seems well after System Restore.
AJ March 2012
Entire WebSite © Alan Jerig 2012